Log in Start Setup
Log in Start Setup

Privacy Policy

Privacy Policy

How LicenMark handles personal data across the public site, billing, and authenticated workspace experience.

Who this policy applies to

This Privacy Policy explains how LicenMark handles personal data for:

  • visitors to the public website
  • people who contact us
  • account holders
  • workspace users
  • billing contacts

Who we are

LicenMark is a Microsoft 365 / Entra ID access and licence review product operated by Clearpoint Systems.

If you have questions about this policy or how personal data is handled, contact info@licenmark.com.

What personal data we collect

Public website and contact

  • name
  • work email address
  • company name
  • role
  • information submitted through the contact form

Account and workspace

  • account email address
  • full name
  • workspace name
  • workspace membership and access records
  • authentication and account-security data needed to support sign-in and password management

Microsoft connection and review data

  • Microsoft tenant ID
  • Microsoft application client ID
  • encrypted Microsoft client secret
  • Microsoft 365 / Entra ID review data pulled in read-only mode for the workspace, such as:
  • directory users
  • account status
  • assigned licences
  • sign-in activity evidence
  • subscribed SKU information
  • review results, interpreted issues, snapshots, and generated reports

Billing

  • Stripe customer, checkout, payment, invoice, and subscription reference data
  • billing status and plan information
  • we do not store full card details in LicenMark

Operational records

  • service email delivery records
  • contact submission records
  • limited operational and support records needed to run, secure, and support the service

Cookies and usage

  • strictly necessary cookie preferences
  • optional analytics data only where analytics consent has been given

How we use personal data

We use personal data to:

  • operate the public website
  • respond to enquiries
  • create and manage accounts and workspaces
  • authenticate users and protect account access
  • connect a workspace to Microsoft in read-only mode
  • run Microsoft 365 access and licence reviews
  • generate, store, and display review output and review history
  • process billing and subscription status through Stripe
  • send operational service emails
  • maintain security, reliability, and supportability
  • improve the product where optional analytics consent has been given

Lawful bases

We use personal data where needed to:

  • perform a contract or take steps requested before entering into one
  • comply with legal obligations
  • pursue legitimate interests in operating, securing, and improving LicenMark
  • rely on consent where required, such as optional analytics cookies

If special categories of personal data were ever unexpectedly surfaced through customer directory content, LicenMark does not seek to use that data for any broader purpose. The product is designed to stay narrow and read-only.

Microsoft workspace data

LicenMark uses Microsoft Graph application credentials supplied for a workspace to read the evidence needed for the review.

  • LicenMark is read-only
  • it does not write back into Microsoft 365 or Entra ID
  • it does not remediate, disable accounts, remove licences, or make tenant changes
  • Microsoft client secrets are stored encrypted
  • workspace review data is used to produce the review output, support review history, and maintain the service for that workspace
  • workspace review data is handled in a narrow, workspace-scoped way rather than as a general-purpose customer data platform

Billing and payments

Payments and subscription billing are handled through Stripe.

LicenMark stores the Stripe reference data needed to:

  • confirm checkout completion
  • track billing state
  • activate the correct review access
  • respond to subscription changes such as renewal, cancellation, or payment failure

LicenMark does not store full payment card details.

Cookies

LicenMark uses:

  • strictly necessary cookies required for site and workspace functionality
  • optional analytics cookies only where the user has consented

Cookie choices can be changed later through the Cookie settings link in the footer.

The Cookie settings controls explain the categories LicenMark uses and whether they are required or optional.

Sharing and processors

LicenMark uses selected service providers to operate the product. Current providers include:

  • Supabase
  • Fly.io
  • Stripe
  • Microsoft, where needed for Microsoft Graph access and app-owned service email delivery

Personal data is shared only to the extent needed to operate the service, provide billing, support workspace review activity, or comply with legal obligations.

Data retention

LicenMark keeps personal data only for as long as it is needed for the service, billing and account administration, security and operational records, and legal, tax, or compliance obligations.

Active workspaces

While a workspace is active, LicenMark retains the account, billing, and workspace review data needed to run the review service, display current results, and maintain review history.

Archived workspaces

If a workspace is archived or closed, LicenMark may retain workspace-linked Microsoft review data for a limited post-service retention period so the archive can still be handled in a controlled way. After that period, workspace-linked review data may be deleted or purged.

Billing and accounting records

Billing, payment, subscription, and accounting-related records may be retained for longer where needed for finance, tax, dispute, or compliance purposes.

Operational records

Operational records such as email delivery logs, contact submissions, and related support records may be retained for a shorter period appropriate to service operation and support.

If you request deletion, LicenMark may delete or anonymise data where appropriate, subject to legal obligations and the need to retain limited records for billing, accounting, security, or dispute handling.

Security

LicenMark uses measures appropriate to the service to protect personal data, including:

  • authenticated account access
  • workspace-scoped access controls
  • restricted handling of tenant-derived review data
  • encrypted storage of Microsoft client secrets
  • controlled billing and webhook handling
  • restricted access to service infrastructure

No internet-based service can promise absolute security, but LicenMark is designed to keep access narrow, explicit, and controlled.

Your rights

Depending on applicable law, you may have rights to:

  • access personal data
  • correct inaccurate personal data
  • request deletion
  • object to or restrict some processing
  • withdraw consent where consent is relied on
  • complain to a supervisory authority

In the UK, you can complain to the Information Commissioner's Office.

Changes to this policy

LicenMark may update this Privacy Policy from time to time to reflect product, operational, or legal changes.

The latest version will always be published on this page.

Contact

For privacy questions or requests, contact info@licenmark.com.