Privacy Policy

Last updated: April 2026

Overview

Pashdi ("we", "our", or "us") is an IT support automation platform that connects to your Microsoft 365 environment. This policy explains how we handle data when you use our service.

Data we collect

When you sign in with Microsoft, we receive your name, email address, and Azure Active Directory tenant ID. We use this to identify your organization and authenticate your session. We do not store your Microsoft password or any credentials beyond what is required for authentication.

Data we do not collect

Pashdi does not store, transmit, or process your company's directory data on external servers. All Microsoft Graph API calls are made directly from your deployed instance to Microsoft's servers. Your user data, organizational structure, and IT action results remain within your own infrastructure.

Audit logs

Pashdi records which IT actions were performed, by whom, and when. These logs are stored within your own database instance and are accessible only to your organization's administrators through the Pashdi dashboard.

Data retention

Session tokens are stored in secure, httpOnly cookies and are not accessible to JavaScript. Sessions expire automatically and are invalidated upon sign-out. Audit logs are retained for as long as your subscription is active. Upon cancellation, your data is deleted within 30 days.

Third-party services

Pashdi uses Microsoft Azure for authentication and the Microsoft Graph API for IT actions. Your use of these services is governed by Microsoft's privacy policy. We use Azure OpenAI for natural language processing — conversation content is processed in accordance with Microsoft's data processing terms.

Security

All data in transit is encrypted using TLS 1.2 or higher. Access to your organization's IT actions is controlled by your Azure AD group membership and the policy settings you configure in the dashboard.

Contact

For privacy-related questions, contact us at privacy@pashdi.com.