Privacy Policy

Last updated: May 17, 2026

Overview

Teamsly is designed with privacy at its core. Your Microsoft Teams messages, files, and contacts are fetched live from the official Microsoft Graph API and displayed directly in your browser. Teamsly does not store, log, or transmit your Teams data to any server we control.

1. Data We Do Not Collect

Teamsly never collects or stores:

  • Your Teams messages, chats, or channel content.
  • Your contacts, presence status, or profile information.
  • Your files or attachments accessed via Microsoft Graph.
  • Your Microsoft 365 credentials or access tokens (beyond the session cookie described below).

2. Authentication & Session Data

Teamsly uses Auth.js (NextAuth) with Microsoft Entra ID (Azure AD) as the identity provider. When you sign in:

  • An encrypted session cookie is stored in your browser to keep you signed in.
  • Your Microsoft OAuth access token is held server-side in memory for the duration of your session only.
  • No session data is written to a database — sessions exist only in memory and the browser cookie.
  • Signing out clears the session cookie immediately.

3. Microsoft Graph API

All Teams data flows directly between your browser and Microsoft's servers via the official Graph API. Teamsly's API routes act as a thin proxy — they forward your request to Microsoft, receive the response, and return it to your browser. Nothing is cached or persisted. Microsoft's own privacy policy governs how they handle your data: microsoft.com/privacy.

4. Analytics & Tracking

Teamsly does not use any third-party analytics, tracking pixels, or advertising scripts. There are no cookies beyond the authentication session cookie described above.

5. AI Features

If AI message summaries are enabled (via NEXT_PUBLIC_AI_ENABLED), the last 30 messages from the active chat are sent to the Anthropic API to generate a summary. This data is subject to Anthropic's privacy policy. Anthropic does not use API inputs to train models by default. AI summaries are opt-in and disabled by default.

6. GIF Search

GIF search is powered by the Tenor API (Google). Search queries are sent to Tenor's servers and are subject to Google's privacy policy. No personally identifiable information is sent with GIF search requests.

7. Self-Hosted Deployments

If you self-host Teamsly, you control all infrastructure and are solely responsible for data handling within your deployment. The privacy commitments in this policy apply to the hosted service at teamsly.app only.

8. Data Retention

For the hosted service: session cookies expire after sign-out or browser close. We do not retain any Teams data after your session ends. Subscription billing records (name, email, payment reference) are retained by our payment processor (Stripe/Polar) per their own retention policies.

9. Your Rights

Since we store virtually no personal data, most data rights (access, deletion, portability) are exercised directly with Microsoft via your Microsoft account settings. For any data we do hold (billing email for the hosted service):

  • You may request deletion by emailing mayur@shipthis.co.
  • We will respond within 30 days.

10. Changes to This Policy

We may update this policy as the product evolves. Changes will be announced via the GitHub repository. Continued use of Teamsly after changes are posted constitutes acceptance.

11. Contact

Privacy questions or concerns? Email mayur@shipthis.co or open an issue on GitHub.