Privacy Policy

Entra ID Group Membership Manager Extension

Effective Date: July 8, 2025

1. Introduction

This privacy policy explains how the Group Membership Copier browser extension ("the Extension") accesses and uses your data. By using the Extension, you agree to the terms described in this policy.

2. What Data We Access

• Microsoft Account Information: The Extension uses OAuth 2.0 authorization code flow with PKCE (Proof Key for Code Exchange) to securely authenticate with Microsoft Entra ID (Azure AD) and access Microsoft Graph API on your behalf.
• User and Group Data: The Extension can read user profiles, group memberships, and add users to groups in your Microsoft Entra (Azure AD) directory, as permitted by your organization's policies and your own account permissions.
• Authentication Tokens: The Extension temporarily stores access tokens and refresh tokens in your browser's secure storage to maintain your authenticated session.

3. How We Use Your Data

• All data access is performed locally in your browser and only with your explicit consent.
• The Extension does not store, transmit, or share your data with any third-party servers or services.
• All operations (user search, group fetch, group copy) are performed using the Microsoft Graph API and are subject to Microsoft’s security and privacy controls.

4. Data Storage

• The Extension stores your Azure AD App Registration Client ID and Redirect URI in your browser’s local storage for authentication purposes only.
• No personal or sensitive data is stored or transmitted outside your device.

5. User Consent and Control

• You must explicitly sign in with your Microsoft account to use the Extension’s features.
• You can sign out at any time to revoke the Extension’s access to your data.
• All actions are performed with your current account’s permissions; the Extension cannot elevate your privileges or access data you are not authorized to access.

6. Third-Party Services

• Microsoft Graph API: The Extension communicates directly with Microsoft Graph API using your authenticated session. No intermediary services are used.
• Microsoft Entra ID: Authentication is handled directly by Microsoft's OAuth 2.0 servers. The Extension does not store or handle your login credentials.
• No Analytics or Tracking: The Extension does not use any analytics, tracking, or telemetry services.

7. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated effective date.

8. Contact

If you have any questions or concerns about this privacy policy or the Extension, please contact us at [email protected].