baref00t.io

// privacy policy

Privacy Policy

Last updated: March 2026

Becloudsmart Pty Ltd (ABN 13 611 079 219) operates the baref00t.io automated security assessment platform. This policy explains what data we collect, how we use it, and how we protect it.

1. What we collect

We collect the minimum data required to run your assessment and deliver your report:

  • Email address -- provided at purchase to deliver your report link.
  • Microsoft Entra tenant ID -- used only to run the assessment against your tenant via Microsoft Graph API. We do not store your tenant ID after the assessment completes.
  • Free Health Check data -- if you use our free health check wizard, we collect your responses (organisation size, industry, compliance frameworks, and security posture information) to generate your risk score. This data is not linked to your identity unless you voluntarily provide your email address.

2. How we use your data

Your data is used solely to:

  • Run the security assessment against your Microsoft 365 tenant.
  • Generate a report based on the assessment results.
  • Deliver the report to you via email using a secure, time-limited link.

We do not sell, share, or use your data for marketing purposes.

3. Data retention

We do not store your tenant configuration data. The assessment reads configuration via the Microsoft Graph API in real time, evaluates it, and discards the raw data. Only the generated report output is retained and made available via a secure link. Report links expire after 30 days. Assessment metadata (tenant ID, assessment ID, scores) is retained for 90 days for support purposes, after which it is automatically deleted.

4. Third-party services

We use the following third-party services to operate the platform:

  • Microsoft Azure -- cloud infrastructure hosting all platform components.
  • SendGrid -- transactional email delivery for report links.
  • Stripe -- payment processing. We do not store your payment card details.
  • Google Analytics (GA4) -- anonymous website usage analytics to improve our platform. See the Cookies section below for details.

5. Data location

Data processing and storage occurs in the Azure region closest to you — Australia East (Sydney), US East (Virginia), West Europe (Netherlands), or Southeast Asia (Singapore). Your data does not leave the region where it is processed.

6. Cookies

We use the following cookies:

  • Essential cookies -- session cookies required for the purchase and consent flow to function.
  • Analytics cookies -- Google Analytics (GA4) sets cookies (_ga, _ga_*) to understand how visitors use our public pages. These cookies collect anonymous usage data such as pages visited and time on site. No personally identifiable information is collected. You can opt out by using your browser's cookie settings or a Google Analytics opt-out extension.

We do not use advertising cookies or share cookie data with third parties for marketing purposes.

7. Your rights

You can request deletion of your data at any time by contacting us. Since we retain minimal data (email and report output only), deletion is straightforward and completed within 7 days.

8. Contact

For any privacy-related questions or data deletion requests:

Email: assessments@baref00t.io
Entity: Becloudsmart Pty Ltd
ABN: 13 611 079 219