Skip to main content

Privacy & FAQs

Security and privacy are our top priority.

The data privacy of a tenant is of utmost importance to our team.

Trust

SOC 2 Type II Compliant

CloudCapsule is committed to your privacy and security. As part of that commitment, we’ve completed our SOC 2 Type II examination in accordance with the AICPA.

Frequently asked questions

How can I get started?

Sign up at https://app.cloudcapsule.io/. Enter your Tenant ID. Click here to find your tenant ID via your domain name. Consent to the permissions with a Global Admin in the tenant. Click on Start Assessment. Check out our Video Tutorial for more details.

What Microsoft licensing is required?

CloudCapsule is optimized for use with Microsoft’s premium licensing to elevate security to the proper standard. For most SMB clients, Microsoft Business Premium is going to be the most optimal licensing choice given it has these key features: Entra ID P1, Intune, Defender. Microsoft M365 E3 and E5 licenses also provide optimal results but will also reflect additional complexity due to the expanded feature set found in these licenses. Please note that if you try to add a tenant with licensing with reduced features such as Business Standard, the assessment will fail given the lack of a Defender service principal.

How do I obtain pricing for a tenant with over 1000 seats?

Simply reach out to our team at support@cloudcapsule.io or use our Book a Demo link to schedule an appointment to discuss your specific needs. We offer volume pricing discounts and can scale to meet business with 10,000 seats or more with ease.

What’s your cancellation policy?

Our Essentials plan is available on a monthly or annual basis. Monthly plans can be cancelled at any time, annual plans can be cancelled upon completion of the 12-month subscription term.

What access does the application need to a tenant and why?

The data privacy of a tenant is of utmost importance to our team, so please contact us if you have any questions or concerns about using CloudCapsule. In general, we primarily request read permissions to the tenant with a few read/write permissions to properly enable and disable access of our platform.

The full set of Microsoft Graph permissions CloudCapsule requests during consent is listed below. Each permission is requested for a specific assessment, remediation, or reporting capability.

Read-only permissions (used for assessment and reporting)

  • Application.Read.All — Read all Enterprise Applications in the account.
  • AuditLog.Read.All — Read all audit log data for sign-in information and suspicious user activity.
  • DelegatedAdminRelationship.Read.All — Read Delegated Admin relationships with customers.
  • DeviceManagementApps.Read.All — Read Microsoft Intune apps.
  • DeviceManagementConfiguration.Read.All — Read Microsoft Intune device configuration and policies.
  • DeviceManagementManagedDevices.Read.All — Read Microsoft Intune devices.
  • DeviceManagementServiceConfig.Read.All — Read Microsoft Intune configuration.
  • Directory.Read.All — Read directory data (specifically users and groups).
  • GroupMember.Read.All — Read all group memberships.
  • IdentityRiskEvent.Read.All — Read all identity risk event information.

Additional read-only permissions cover mailbox settings, organization branding, policies, sign-in reports, security alerts, security events, SharePoint and tenant settings, Teams and users, plus Defender data (alerts, machines, vulnerabilities, recommended actions):

  • MailboxSettings.Read
  • Organization.Read.All
  • OrganizationalBranding.Read.All
  • Policy.Read.All
  • Reports.Read.All
  • SecurityAlert.Read.All
  • SecurityEvents.Read.All
  • SharePointTenantSettings.Read.All
  • Sites.Read.All
  • Team.ReadBasic.All
  • TeamSettings.Read.All
  • User.Read.All
  • UserAuthenticationMethod.Read.All
  • Alert.Read.All
  • Machine.Read.All
  • Score.Read.All
  • SecurityRecommendation.Read.All
  • Software.Read.All
  • Vulnerability.Read.All

Read/write permissions (used for remediation and managed app deployment)

  • Application.ReadWrite.OwnedBy
  • Policy.ReadWrite.AuthenticationMethod
  • ReportSettings.ReadWrite.All
  • RoleManagement.ReadWrite.Directory
  • Exchange.ManageAsApp

OpenID Connect scopes (used to sign you in)

  • email
  • offline_access
  • openid
  • profile
  • User.Read

If your team requires a detailed permissions audit, contact support@cloudcapsule.io and we can walk through each scope and the data it accesses.

What data security practices does CloudCapsule follow and where is the data stored?

The data privacy of a tenant is of utmost importance to our team, so please contact us if you have any questions or concerns about using CloudCapsule. All data is stored in cloud instance within a region that you selected upon sign up (US or EU). The data for each tenant is isolated in its own instance in the database. EU datacenter: The data is hosted in GCP: europe-west1 (Belgium). The data is not being stored in any other location but it is also being processed with an Azure function in a West Europe datacenter on the Microsoft side (Amsterdam/Netherlands). US datacenter: The data is hosted in GCP: East US. AU Regions (Sydney): The data is hosted in GCP austrailia-southeast1 (Sydney). All tenant data is encrypted at rest and in transit. The data is only retained for one year and can be deleted on demand by revoking access in CloudCapsule. Role based access control is enforced on database with row-level access control. All access is gated by MFA at restricted locations. Periodic Vulnerability scanning is performed on the database. The data is not aggregated or used to train a larger model.

Privacy Policy

Effective August 1, 2024

1. Introduction

At CloudCapsule ("we," "our," or "us"), your privacy is important to us. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website (https://www.cloudcapsule.io/ (opens in new tab)) or use our services.

By using our website or services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

2.1 Personal Data

We may collect personally identifiable information, such as:

  • Name
  • Email Address
  • Phone Number
  • Company Name

This information is collected when you voluntarily provide it, for example, by filling out a form on our website, signing up for our service, or contacting us for support.

2.2 Usage Data

We may collect non-personal information about how our services are accessed and used, such as:

  • Your IP address
  • Browser type and version
  • Pages you visit on our site
  • Time spent on those pages
  • Device information

This data is used to improve our website and services, and is collected using cookies, web beacons, and similar tracking technologies.

3. How We Use Your Information

We use the data we collect for various purposes, including:

  • To provide and maintain our service: This includes using your information to register your account, provide customer support, and communicate important updates.
  • To improve our services: We analyze usage data to enhance the performance and functionality of our platform.
  • To communicate with you: We may send you important updates, newsletters, or marketing materials if you have opted in to receive them. You may opt out of marketing communications at any time.
  • To comply with legal obligations: We may need to process your data to comply with applicable laws and regulations.

4. Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. We may share your information in the following situations:

  • With Service Providers: We may share data with trusted third-party service providers who help us operate our website or provide services on our behalf (e.g., payment processors, hosting providers).
  • For Legal Reasons: We may disclose your information if required to do so by law, or in response to valid requests by public authorities.

5. Data Security

We use appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee the absolute security of your data.

6. Your Data Rights

You have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can request correction of any incorrect or incomplete information.
  • Deletion: You may request that we delete your personal data, subject to certain legal limitations.
  • Opt-Out: You may opt out of receiving marketing communications from us at any time.

To exercise any of these rights, please contact us at support@cloudcapsule.io

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our site and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page, and we will notify you of significant changes via email or a prominent notice on our website.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@cloudcapsule.io