Privacy Policy

Last updated: May 2026

At Formu-Letter, we take your privacy seriously. This policy explains who we are, what data we process, the legal basis for that processing, and the rights you have. It applies to your use of the Formu-Letter Microsoft Excel Add-in.

1. Data Minimisation

Formu-Letter is built on the principle of data minimisation. The most secure way to protect your data is to never collect it in the first place.

2. Who We Are (Data Controller)

The data controller responsible for any personal data processed by Formu-Letter is:

• Bianca Wilkinson, sole trader, trading as Formu-Letter
• Australia
• Email: bianca@bianca.codes

3. Data Protection Officer

We have not appointed a Data Protection Officer. Our processing activities do not meet the thresholds set out in Article 37 of the GDPR — we are not a public authority, we do not carry out large-scale systematic monitoring, and we do not process special-category data on a large scale. For any privacy-related enquiry, contact us at bianca@bianca.codes.

4. What We Collect

• Authentication Data: When you sign in via Microsoft Single Sign-On (SSO), we receive your email address, display name, and a unique identifier from Microsoft. This data is used solely to authenticate your session and enable email sending.
• Service Metadata: Our backend (running on Azure Functions) is instrumented with Azure Application Insights for service-health monitoring. This automatically captures standard request telemetry — including timestamps, request paths, response codes, durations, and technical identifiers such as your IP address and browser user-agent string — together with any custom events we emit (e.g., whether a send was successful). This telemetry is used only to monitor and improve service reliability; it is not linked to your spreadsheet content, the bodies of emails you compose, or recipient lists.
• Issue Reports (optional): If you choose to submit an issue or feature request through the in-app feedback form, we collect the title and description you write. The report is sent to our backend (hosted on Microsoft Azure) and a corresponding issue is created in our public GitHub repository. If you tick the "include diagnostic information" consent box, we also include environment metadata (Office host, platform, version, browser user agent, operating-system platform, language, screen resolution). If you tick the "email me about updates" box and provide an email address, we use that address solely to contact you about your specific report.

5. What We Never Collect or Store

• Spreadsheet Data: We do not read, store, or transmit your spreadsheet data to our servers. All processing of your Excel data happens locally within your browser or Excel desktop client.
• Email Content: We do not store the subject lines or body text of the emails you compose. These are sent directly from your device to Microsoft's servers via the Microsoft Graph API.
• Recipient Lists: Your recipient email addresses are processed locally and are never stored on our infrastructure.

6. Lawful Basis for Processing

Under Article 6 of the GDPR we rely on the following lawful bases:

• Performance of a contract (Art 6(1)(b)) — for processing your authentication data so we can provide the Add-in service you have requested. The provision of this data is a contractual requirement; without it, we cannot authenticate your session or enable email sending.
• Legitimate interests (Art 6(1)(f)) — for service-health telemetry captured by Azure Application Insights (including the IP/user-agent identifiers it records by default), and for processing the title and description you provide in an issue report so we can investigate and respond. Our legitimate interest is keeping the service reliable, secure, and improving it based on user feedback. We have considered the impact on your rights and concluded that the limited, security-and-reliability-focused use of this data does not outweigh those interests.
• Consent (Art 6(1)(a)) — for the optional environment / diagnostic metadata you choose to include with an issue report by ticking the consent box, and for the optional email address you provide if you ask to be contacted about updates. You can withdraw this consent at any time (see §13); withdrawal does not affect the lawfulness of any processing already carried out.

7. How Emails Are Sent

All emails are dispatched using the Microsoft Graph API. The Add-in acts as a local client — when you click "Send," your device communicates directly with Microsoft's secure infrastructure using your own authenticated session. We do not proxy, relay, or intercept your emails at any point during delivery.

8. Categories of Recipients (Infrastructure & Third Parties)

To provide a reliable service, we share limited data with the following categories of recipients:

• Cloud infrastructure providers — Microsoft Azure hosts the Add-in's frontend assets and backend token-exchange service. Data processed during authentication is encrypted in transit and never persisted.
• Identity providers — Microsoft Azure AD provides identity and authentication services through the OAuth 2.0 On-Behalf-Of flow.
• Email delivery — Microsoft Graph API delivers your messages on your behalf.
• Issue tracking — when you submit an issue report through the in-app form, the content is posted to our backend (Microsoft Azure) and a corresponding issue is created on GitHub (github.com, operated by GitHub, Inc., a Microsoft subsidiary) in our public repository. The backend may also forward the report to Google's Jules code-assistance service for triage. Anything you write in an issue title or description, and any diagnostic data you consent to include, will be visible to anyone who can view that GitHub issue.

We do not sell your data and we do not share it with advertising networks or data brokers.

9. International Data Transfers

The Microsoft services we rely on (Azure, Azure AD, Microsoft Graph) operate globally and may process data outside your country of residence, including in the United States. Microsoft provides appropriate safeguards for these transfers, with the specific mechanism depending on the jurisdiction:

• EEA — EU-US Data Privacy Framework and/or Standard Contractual Clauses.
• United Kingdom — UK Extension to the EU-US Data Privacy Framework and/or the UK International Data Transfer Agreement / Addendum to the SCCs.
• Switzerland — Swiss-US Data Privacy Framework and/or Standard Contractual Clauses with Swiss-specific addenda.

These safeguards are supplemented by Microsoft's EU Data Boundary commitments. You can review Microsoft's transfer terms in their Data Protection Addendum.

10. Data Retention

• Authentication tokens — short-lived, handled in memory during your session, never written to persistent storage. Discarded when the session ends.
• Application Insights telemetry — retained for the default Azure Application Insights period of 90 days, after which it is automatically purged.
• Issue reports — once submitted, the title, description, and (if you consented) diagnostic metadata are stored as a public issue in our GitHub repository (github.com/bianca-git/formu-letter/issues) and are retained for as long as the issue or its history remains on GitHub. Closed issues remain visible in the GitHub history. If you ask us to delete or redact your report, we will do so where lawful and technically possible. Any optional update-email address you provide is retained only for as long as we may need to contact you about that specific report. GitHub's own retention controls apply in addition — see GitHub's privacy statement.
• Other identifiable personal data — we do not maintain a user database, so no identifiable personal data is retained between sessions outside the cases listed above.

11. Source of Data

The authentication data described in "What We Collect" is obtained from Microsoft via the Microsoft identity platform when you choose to sign in. All other personal data we process is provided directly by you (for example, in an issue report). We do not obtain your personal data from any other source.

12. Automated Decision-Making and Profiling

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you (Art 22 GDPR). The Add-in is a tool you operate directly; no decisions about you are made automatically by Formu-Letter.

13. Your Rights

Where the GDPR or comparable legislation applies to your data, you have the following rights:

• Access — request a copy of any personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure ("right to be forgotten") — ask us to delete your personal data.
• Restriction — ask us to limit how we use your data.
• Portability — receive your data in a structured, commonly used, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where we rely on your consent (the optional diagnostic metadata and the optional email-update address attached to issue reports), you may withdraw it at any time. Withdrawal does not affect the lawfulness of any processing already carried out before withdrawal.

Because most of our processing does not persist your personal data in a database, the scope of several of these rights is limited to your active session. For data we do retain — issue reports posted to GitHub and any optional email address you supplied — contact us at the address below and we will action your request, including by closing or deleting the relevant GitHub issue where lawful and technically possible.

To exercise any right, withdraw consent, or ask a question, email bianca@bianca.codes and we will respond within 30 days.

You can revoke the Add-in's access to your Microsoft account at any time from your Microsoft account permissions.

Right to lodge a complaint: if you believe we have mishandled your personal data, you have the right to complain to a supervisory authority. In Australia, this is the Office of the Australian Information Commissioner (OAIC). In the EEA or UK, you may complain to your local data protection authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this page periodically.

15. Contact

If you have questions about our privacy practices, contact us at bianca@bianca.codes.