Permafrost EPM
Skip to content

Privacy Policy

Last updated: 2026-05-17

Permafrost EPM ("Permafrost," "we," "us") is a Cloud Infrastructure Entitlement Management (CIEM) product for Microsoft cloud surfaces. This policy explains what data we collect, how we use it, and your rights as a data subject. Permafrost is operated by Dune Software Studios.

1. Data we collect

When you connect an Azure tenant, Permafrost reads the following from Microsoft Graph and Azure ARM via read-only OAuth scopes you grant:

  • Identities (users, groups, service principals, managed identities)
  • Directory and ARM role assignments
  • Audit logs and sign-in activity (Entra ID)
  • Activity logs (Azure ARM)
  • Permission grants and consent state
  • Inventory metadata for connected Microsoft cloud surfaces (Exchange, SharePoint, Purview, Defender, Power BI, Power Platform, Azure DevOps, Intune, Teams, Viva Engage)

We do not read mailbox content, document content, chat messages, or any user-generated content. The product is read-only and never modifies your tenant.

We additionally store:

  • Your Azure Entra ID profile (name, email, tenant id) for sign-in
  • Sign-in metadata (IP, user agent, timestamp)
  • Billing email and Stripe customer/subscription identifiers when on a paid tier

2. How we use your data

We use the data only to:

  • Compute CIEM analysis (UPRS scores, findings, role recommendations)
  • Display your tenant's state in the dashboard
  • Send transactional email (welcome, finding alerts, billing)
  • Authenticate you and meter your subscription

We do not:

  • Sell, rent, or share your data with third parties for marketing
  • Train AI/ML models on your data
  • Aggregate your data with other customers' data for any product

3. Data retention

Historical retention of activity logs and findings is set per tier. The current retention windows are published at permafrostepm.com/pricing and are incorporated into this policy by reference. Inventory state (current identities, role assignments) is replaced on each sync. Audit logs (admin actions, sync history) are retained for the lifetime of your account. On account deletion, all customer-scoped data is purged within 30 days.

4. Sub-processors

We rely on the following sub-processors:

  • Vercel — application hosting and edge runtime (US)
  • Neon — managed PostgreSQL database (US)
  • Stripe — billing and payment processing (US)
  • Resend — transactional email delivery (US)
  • Microsoft — authentication via Entra ID and the Microsoft Graph / ARM APIs you have authorized
  • Sentry — error monitoring (when enabled). We strip obvious PII fields before sending.

5. Cookies and tracking

We use only essential cookies (Auth.js session + CSRF, and an operator impersonation cookie used by support staff) and a small set of preference cookies (your theme choice and an acknowledgement that you have seen our cookie notice). We do not use third-party advertising or cross-site tracking cookies. The full per-cookie table, including retention windows, lives in our Cookie Policy.

6. Data subject rights

We honor the data-subject rights summarized below; full GDPR program documentation is in progress. You may request:

  • Access to the personal data we hold about you
  • Rectification of inaccurate or incomplete data
  • Erasure ("right to be forgotten")
  • Portability of your data in a machine-readable format
  • Objection to processing
  • Restriction of processing

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

7. Security

OAuth tokens are encrypted at rest. Database connections use TLS. Tenant data is logically isolated by customer ID at every query boundary. The application is read-only against your tenant — we cannot modify your Azure environment.

8. Changes to this policy

We will notify you by email and via an in-app banner before any material change takes effect.

9. Contact

Questions or data-subject requests: support@permafrostepm.com.