This Privacy Policy describes how Microclaw ("we," "our," or "us") handles information in connection with the Microclaw Microsoft 365 AI assistant ("the Service"). Microclaw is available in two deployment plans with different data handling properties. Please read the section that applies to your deployment.
Standard plan: You installed Microclaw from AppSource without setting up an Azure subscription. Microclaw runs on our infrastructure. This is the standard option for most customers.
Self-Hosted plan: You deployed Microclaw into your own Azure subscription using the "Deploy to Azure" button. Microclaw runs entirely within your Microsoft environment.
What happens when you use Microclaw: Your messages to the Microclaw bot and the Microsoft 365 data we retrieve on your behalf (emails, calendar events, files, etc.) transit our servers in order to process your request. This is the same data flow as any Microsoft Teams bot — your message goes to our service, we call the Microsoft Graph API on your behalf, and we return the result to you.
What we never do:
What we do retain:
Data security: All data in transit between your Teams client, our servers, Azure OpenAI, and the Microsoft Graph API is encrypted using TLS. Strict per-tenant isolation is enforced at the database layer — no cross-tenant access is architecturally possible.
In the Self-Hosted plan, Microclaw runs as a containerized application inside your own Microsoft Azure subscription. We supply the software; you control the infrastructure.
What we never see: Your Microsoft 365 data — emails, calendar events, files, contacts, Teams messages, and all other M365 content — never leaves your Azure environment. Your messages go to your container (in your Azure subscription), which calls the Microsoft Graph API and Azure OpenAI using your own Azure account credentials. No data transits our servers.
What we do collect for Self-Hosted plan:
Your data governance: Because the service runs in your Azure subscription, your organization's existing Microsoft data governance policies apply automatically — Microsoft Purview, DLP, eDiscovery, Conditional Access, and Compliance Center all work as they do for the rest of your M365 environment. AI calls go to Azure OpenAI within your Azure subscription, under your tenant's terms.
Microclaw uses delegated Microsoft Graph API permissions. It authenticates as you, using your Microsoft account, and inherits your existing permissions exactly. It can only access resources your account can access. You control which capabilities Microclaw is allowed to use through the in-app /settings page — read permissions are on by default, write permissions are off by default and must be explicitly enabled by you.
Standard plan uses Azure OpenAI (operated by Microsoft) to process your messages and generate responses. Your messages are transmitted to Azure OpenAI subject to Microsoft's Azure terms. We do not use any other third-party AI providers.
Standard plan: Conversation content is not stored persistently. If you cancel your AppSource subscription, we retain nothing beyond AppSource billing records (required by Microsoft publisher terms). Your Microsoft 365 data is unaffected — it lives in Microsoft 365, not in Microclaw.
Self-Hosted plan: Your data lives in your Azure container. Removing the container from your Azure account removes all conversation history and preferences stored within it. We retain only AppSource billing records.
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
We may update this Privacy Policy from time to time. We will notify AppSource subscribers of material changes. The date at the top of this page reflects when it was last updated.
Questions about this policy or how we handle data: privacy@microclaw.app