Data Protection and Security

At ReceiptRoller Inc., we take the protection of customer data seriously. AB is designed and operated with enterprise-grade security principles, leveraging Microsoft Azure infrastructure and Microsoft Entra ID authentication to protect organizational data.

1. Hosting and Infrastructure

• All application and database services are hosted on Microsoft Azure, which maintains certifications such as ISO 27001, SOC 2, and GDPR compliance.
• Data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
• Access to production systems is tightly controlled through Azure Role-Based Access Control (RBAC) and network security policies.

2. Authentication and Access Control

• ActionBridge uses Microsoft Entra ID (Azure AD) for identity and access management via OAuth 2.0 and OpenID Connect protocols.
• Supports Single Sign-On (SSO) for Teams, Outlook, and Microsoft 365 environments.
• No user credentials are stored by ActionBridge; all authentication is delegated through Microsoft identity services.

3. Data Handling and Retention

• Task, comment, and project data are securely stored within managed Azure databases and storage accounts.
• Data is retained only as long as necessary to provide the service or as required by applicable laws and regulations.
• Organizations and users can request complete data deletion by contacting support@actionbridge.io.

4. Data Encryption

• All communications between clients and servers use HTTPS (TLS 1.2+) for encryption in transit.
• Sensitive data such as tokens, organization identifiers, and configuration secrets are encrypted at rest.
• Encryption keys are managed using Azure Key Vault with periodic key rotation and access auditing.

5. AI and Automation Privacy

• AI-driven features (e.g., task summarization and recommendations) process data only within the organization’s Microsoft 365 tenant.
• No data is shared with third-party AI providers without explicit organizational consent.
• System logs are anonymized and used solely for performance analysis and reliability improvement.

6. Compliance and Monitoring

• Operations align with GDPR principles and Microsoft 365 compliance frameworks.
• Security logs and access activity are continuously monitored for anomalies.
• Incident response and notification procedures ensure rapid containment and transparent communication if needed.

7. Security Contacts

For security or privacy inquiries, responsible disclosure, or data protection requests, please contact:

• Email: support@actionbridge.io
• Security Team: ReceiptRoller Inc., Nagano, Japan

8. Microsoft Ecosystem and Compliance

AB operates fully within the Microsoft ecosystem, using Entra ID for identity and Microsoft Graph for collaboration data access. All information is processed on Microsoft Azure, ensuring data residency, compliance, and trust aligned with Microsoft’s secure cloud standards.