1. Who we are
AlertSentinel is published by Mohamed ElMehdi MESFAOUI, an independent developer based in Casablanca, Morocco, operating under the WickRoom brand (“we”, “us”, “our”). AlertSentinel is distributed through Microsoft AppSource as a SharePoint Framework (SPFx) solution.
For all privacy matters, contact: privacy@wickroom.com
2. What this policy covers
This policy explains what personal data AlertSentinel processes, where it is stored, and what rights you have over it. It applies to all use of AlertSentinel installed in your Microsoft 365 tenant.
3. Our core commitment: no data leaves your tenant
AlertSentinel does not transmit, collect, store, or process any personal data outside your own Microsoft 365 tenant.
There is no telemetry, no analytics, no error reporting, no usage tracking, no license validation server, and no third-party service involved at runtime. We do not have access to your data and could not retrieve it even if asked.
All AlertSentinel components — web parts, the bell notification customizer, the command set, and the Power Automate flows — execute entirely inside your tenant on Microsoft 365 infrastructure.
4. What personal data is processed inside your tenant
While AlertSentinel runs, the following categories of data are processed and stored within your tenant:
| Data | Where it is stored | Purpose |
|---|---|---|
| User identity (UPN — your work email) | SharePoint lists AlertSentinel_Subscriptions (per site) and AlertSentinel_ErrorLog (tenant root) | Associate alerts with the subscribing user |
| Alert configuration (list ID, change type, channels, schedule) | AlertSentinel_Subscriptions | Drive the Power Automate notification flow |
| List item titles and URLs (only for items that triggered an alert) | Your browser’s localStorage (bell cache) | Display the in-app bell notification panel |
| Error log entries (timestamps, error messages, no payload) | AlertSentinel_ErrorLog | Diagnostics for tenant admins |
All of this data remains in storage controlled by your organization. Your tenant administrator is the data controller for this data under GDPR and equivalent laws. We are not.
5. Browser storage (the bell notification cache)
AlertSentinel’s bell notification feature stores data in your browser’s localStorage to display recent notifications without re-fetching them on every page load. You should be aware of the following:
Keys used
alertsentinel.bell.notifications.v1::<your-upn>— your personal notification cache (the key contains your lowercased UPN)alertsentinel.bell.settings.v1— your preferences (poll interval, snooze state, sound on/off, max items, channel filter)
What the notification cache contains for each entry
- Item title (e.g., a document or task name)
- Full URL to the SharePoint item
- List/library name and ID
- Change type (created or modified) and timestamp
- Read/unread state
Retention
Up to 30 days, or the 50 most recent entries, whichever is reached first. Older entries are automatically pruned.
Important warning for shared devices: Because localStorage persists across browser sessions, anyone using the same browser profile after you may see the items you have cached. On shared, kiosk, or public devices, you should sign out of Microsoft 365 and clear browser data at the end of your session. Your IT administrator may also configure session-only browsing policies for such devices.
You can clear this cache yourself at any time via your browser’s “Clear browsing data” tool, or by signing out of Microsoft 365 on the device.
6. Power Automate flows
AlertSentinel uses Power Automate Standard connectors to send notifications via your tenant’s email and Teams services. These flows:
- Run inside your tenant under your Power Platform license
- Are configured by your tenant administrator at installation
- Use only Microsoft-first-party connectors (no third-party connectors)
- Do not transmit data outside your tenant boundary
The recipients, schedule, and content of notifications are entirely determined by configuration controlled by your administrator and end users.
7. Third parties
There are none. AlertSentinel has no third-party data processors, sub-processors, analytics vendors, or external services.
The only external relationship is with Microsoft Corporation, which:
- Hosts your tenant (SharePoint Online, Power Automate)
- Handles the subscription billing and licensing through Microsoft AppSource
Microsoft’s processing of your data is governed by your existing agreements with Microsoft (Microsoft Customer Agreement / Microsoft Online Services Terms), not by this policy.
8. Your rights under GDPR and equivalent laws
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, you have the following rights regarding personal data:
- Right of access — Ask your tenant administrator for a copy of data held about you in the
AlertSentinel_*lists. - Right to erasure (“right to be forgotten”) — Your tenant administrator can delete entries from the
AlertSentinel_*lists. You can clear your own browserlocalStorageat any time. - Right to rectification — Your tenant administrator can edit or delete inaccurate entries.
- Right to data portability — Standard SharePoint export tools can export the
AlertSentinel_*lists in CSV or Excel format. - Right to object / restrict processing — Your administrator can uninstall AlertSentinel from your tenant.
Important: Because we do not hold any of your data, these rights are exercised against your own tenant administrator, not against us. We cannot fulfill access or deletion requests because we have no access to the data in the first place.
If you believe your administrator is not honoring these rights, you may contact your local data protection authority.
9. International data transfers
Not applicable. Your data does not leave your tenant boundary, which is determined by your existing Microsoft 365 geographical configuration.
10. Cookies
AlertSentinel does not set browser cookies. It uses localStorage as described in section 5.
11. Children’s data
AlertSentinel is a business-to-business product, not directed at children under 16. We do not knowingly process data from children.
12. Security
AlertSentinel inherits the security of your Microsoft 365 tenant. We do not store or transmit any of your data outside it. The product is published through Microsoft AppSource, which performs security review prior to listing.
13. Changes to this policy
We will update this page if our data processing model changes (for example, if we ever introduce telemetry or third-party services — which would also require an explicit opt-in from your administrator).
The current version is always published at https://wickroom.com/privacy. Material changes will be announced via AppSource and via update notes shipped with the product.
14. Contact
For privacy questions, data requests we can answer (which is limited, given we hold no data), or to report a security concern:
privacy@wickroom.com
Mohamed ElMehdi MESFAOUI, Casablanca, Morocco