Legal

Privacy Policy

Last updated: 24 May 2026 · Effective date: 24 May 2026

This Privacy Policy describes how Apqor Technologies Pvt Ltd (“APQOR”, “BridgeAD”, “we”, “us”) collects, uses, discloses, and safeguards information when you visit bridgead.in or use the BridgeAD migration platform (the “Service”).

1. Who we are

Apqor Technologies Pvt Ltd is a private limited company registered in Telangana, India. Registered office: Rajapushpa Summit, Nanakramguda Road, Financial District, Hyderabad - 500032, Telangana, India. Primary legal contact: legal@bridgead.in. For data protection enquiries, contact privacy@bridgead.in.

2. Roles under data protection law

For information submitted through this website (for example, sales and support enquiries), APQOR acts as the data controller.

For customer content processed by the BridgeAD platform during a migration engagement (mailbox items, files, messages, identities, audit records), APQOR acts as a data processor on behalf of the customer, who is the controller. Processing is governed by the BridgeAD Data Processing Addendum (DPA), available on request from legal@bridgead.in.

3. Information we collect

3.1 Information you provide

• Contact details (name, work email, company, role) submitted via support or sales forms.
• Account credentials and tenant identifiers required to administer the Service.
• Correspondence content when you email us or open a support ticket.

3.2 Information collected automatically

• Server logs containing IP address, timestamp, user-agent, and requested URL, retained for up to 90 days for security and abuse-prevention purposes.
• Operational telemetry from the Service (job status, error counts, performance metrics) that does not contain customer content bodies.

3.3 Customer migration content

During a migration, the Service reads content from the customer’s source systems and writes it to the customer’s destination systems. Migration content is streamed in transit and is not retained at rest in BridgeAD infrastructure beyond the duration of the in-flight migration job.

4. How we use information

• To provide, operate, monitor, and secure the Service.
• To respond to enquiries, support requests, and contractual obligations.
• To produce immutable audit records that the customer can inspect for compliance and eDiscovery.
• To meet legal, accounting, and regulatory obligations.

We do not sell personal data. We do not use customer migration content to train machine-learning models or for any purpose other than performing the requested migration.

5. Microsoft Graph permissions and protected APIs

The Service interacts with Microsoft 365 tenants using Microsoft Graph application permissions consented by a customer’s administrator. These permissions are scoped to the operations required for migration (read source, write destination, audit). For Teams channel-message and chat migration with original-authorship preservation, the Service uses Microsoft’s protected migration APIs (Teamwork.Migrate.All, ChannelMessage.Read.All, Chat.Create, Chat.ReadWrite.All) only after Microsoft has approved BridgeAD’s application registration and the customer’s administrator has explicitly granted consent in their tenant.

6. Sharing and sub-processors

We share information only with sub-processors required to deliver the Service (cloud hosting, monitoring, email delivery, payment processing). A current list of sub-processors is available on request from legal@bridgead.in. We do not transfer personal data to third parties for marketing purposes.

7. International transfers

SaaS customer data is hosted in the Azure region selected by the customer at provisioning. Operational telemetry may be processed in additional regions; where transfers leave a customer’s home jurisdiction, we rely on Standard Contractual Clauses or equivalent safeguards.

8. Security

• TLS 1.2+ for all external traffic; TLS 1.3 where supported.
• Secrets stored in Azure Key Vault (SaaS) or DPAPI-protected stores (self-hosted).
• Multi-factor authentication mandatory for all privileged roles.
• Per-tenant data isolation enforced at both application and database layers.
• Immutable audit logs retained per customer policy (default 7 years).

9. Retention

• Migration content: streamed in-transit; not retained at rest beyond the active job.
• Audit logs: per customer policy, default 7 years.
• Account and contact data: for the life of the contractual relationship plus 6 years.
• Server logs: up to 90 days.

10. Your rights

Subject to applicable law (GDPR, India DPDP Act, and equivalents), you may request access, correction, deletion, restriction, or portability of your personal data, and you may object to processing. Send requests to privacy@bridgead.in. Customer-content rights are exercised through the customer’s administrator.

11. Children

The Service is not directed to individuals under 16 and we do not knowingly collect data from children.

12. Changes

We may update this policy. Material changes will be announced on this page and, where appropriate, notified to customers in writing before they take effect. The “Last updated” date above reflects the current revision.

13. Contact

Privacy enquiries: privacy@bridgead.in
Legal: legal@bridgead.in
General support: support@bridgead.in