Optimo for Teams – Privacy Notice

 

Last Update: April 2026

This Privacy Notice explains how the Optimo Microsoft Teams app (“App”) by Optimo processes information when it operates inside Microsoft Teams. The App delivers survey assignments, reminders, kudos features, a personal app experience (including team health insights for managers, notifications, and product feedback), and secure links to the Optimo web application. It applies to the App as installed in your tenant. For broader use of the Optimo platform (web application, analytics), see your organization’s master agreement and privacy documentation.

Summary

Purpose: deliver survey assignments, reminders, kudos workflows, a personal app experience with team health insights and notifications, and secure links to the Optimo web application.

Scope: only processes data necessary to operate the App, send messages, receive your actions, save survey responses, and display relevant information within the personal app tabs.

Security: encryption in transit and at rest, field-level encryption for PII with blind indexing, strict tenant isolation.

Control: tenant admins can uninstall the app at any time; users can opt out of Teams messages where enabled.

Data We Collect and Why

We process the minimum data needed to operate the App and link Teams users to survey assignments in Optimo.

Tenant and installation details

• Tenant identifiers and metadata (tenant identifier, display name, domain)
• Bot and application identifiers used to authenticate the App with Microsoft services
• OAuth scopes granted (including Microsoft Graph resource permissions)
• OAuth tokens (access/refresh) and expiry metadata required to call Microsoft Graph on your behalf
• Installer identity (user identifier and, if provided, installer email)

Why: authenticate to Teams and Microsoft Graph, post messages, and respect the permissions your admin approved.

User linkage and authentication (tenant members who receive surveys or use features)

• Teams user identifiers (Azure AD object ID, Bot Framework user ID)
• Display name and, if provided, work email for employee matching
• Single sign-on (SSO) tokens issued by Azure AD when users open the personal app tabs, used to authenticate the user without a separate login
• 1:1 chat/conversation identifiers for proactive messaging
• Active/opt-out and bot activation status
• Manager eligibility status (whether the user has a manager role in Optimo) for role-based content gating

Why: match Teams users to their employee record in Optimo, authenticate tab sessions via SSO, and deliver survey assignments, team health insights, or kudos flows according to the user’s role.

Survey delivery, sessions, and responses

• Survey assignment metadata (secure assignment token, expiry, delivery channel recorded as Teams)
• Session state for in-progress surveys (current question index, ephemeral answers, message/conversation IDs, reminder counters, expiration time)
• For custom surveys, pre-rendered survey content stored as encrypted session metadata; this content may include personalized references (e.g., the employee’s first name or department) and is encrypted at rest
• Surveys may be completed via bot conversation or via an in-app survey form presented within Teams; in both cases the same session and response data is collected
• Final survey response upon submission (associated to the assignment and employee) including timestamps, calculated scores, and submission metadata (IP and user agent from the submission event when applicable)

Why: allow users to start, continue, and submit a survey in Teams — whether through bot messages or the in-app form — and persist the final response to Optimo.

Interaction and command events

• App-related events (e.g., card actions, message extensions, commands)
• Minimal request metadata required to complete the action (conversation, channel, message IDs)

Why: render adaptive cards, advance survey questions, and provide user feedback.

Kudos (if enabled by your workspace)

• Kudos message text, recipients, team/channel/thread identifiers, reaction/reply counts, and posting user

Why: provide a lightweight recognition workflow and related analytics to your organization.

Personal app tabs — team health and notifications

• For managers: aggregated team health summaries (risk category counts, alert details, and recommended actions for direct reports) displayed within the personal app tab
• For all users: notifications (title, description, type, and timestamp) displayed within the personal app tab, which users may dismiss individually or in bulk
• Manager UI preferences (such as selected direct report and risk category focus) persisted between sessions to maintain continuity

Why: provide managers with actionable team health insights and all users with timely platform notifications, without leaving Teams.

Product feedback (if enabled)

• When users submit feedback through the personal app tab, the App collects the request type (e.g., bug report, feature request), a free-text description, and whether the user would like follow-up contact
• Feedback is associated with the submitting user’s employee record and stored in Optimo

Why: allow users to share product feedback directly from the App.

Dashboard links and authentication tokens

• The App generates secure, time-limited authentication tokens embedded in links (such as “Go to Dashboard”) that allow users to access the Optimo web application without a separate login
• These links may include metadata that identifies the originating feature within the App

Why: provide a seamless transition from the Teams App to the Optimo web application for features that are not available within Teams.

Data We Do Not Collect

• We do not store general channel/chat history beyond app-addressed interactions (commands, adaptive cards, or messages the App posts).
• We do not access files or audio/video content.
• We do not sell or rent personal data, nor use it for advertising.

Permissions (Teams/Graph)

The App requests only the permissions needed for its features. Your admin approves these during installation. Representative permissions include:

• Bot scopes: personal, team, and group chat
• Single sign-on (SSO): the App requests a token scoped to its Application ID URI so that users opening the personal app tabs are authenticated automatically via Azure AD without a separate login prompt
• Resource-specific permissions declared in the app package (e.g., ChatMessage.Send.User, ChannelMessage.Send.Group)
• Microsoft Graph permissions for sending messages, where required by your tenant’s configuration

Your admin may disable optional features to reduce permissions.

How We Use the Data

• Deliver and manage survey assignments in Teams (send, remind, resume, submit) via bot conversation or the in-app survey form
• Display team health insights, notifications, and survey status within the personal app tabs
• Record final survey responses in Optimo for your organization’s analytics
• Provide kudos recognition features if enabled
• Collect and store product feedback when submitted by users
• Generate secure authentication tokens for seamless access to the Optimo web application
• Track feature usage and survey completion metrics (such as completion time, response channel, and navigation source) using analytics services to improve the App and report engagement to your organization
• Operate and secure the App (logging for reliability and abuse prevention)

Security Measures

• Transport security: all communications occur over TLS.
• Encryption at rest: PII fields (e.g., emails, names) use field-level encryption; encryption keys are managed per-tenant and integrated with a dedicated key management service in production.
• Tenant isolation: data is logically isolated per organization, with role-based access controls and audit trails.
• Session safety: survey sessions have explicit expiration (typically 24 hours) and store only the temporary data required to resume a survey.

Data Retention

• Survey sessions expire automatically and are used only to resume in-progress surveys; final responses are saved to Optimo once submitted.
• Interaction metadata is kept only as long as needed to deliver features, troubleshoot issues, and protect the service.
• Your organization’s data retention settings in Optimo govern how long survey responses are retained for analytics.

Data Sharing

• Microsoft Teams and Microsoft Graph are the communications platform and API used to deliver messages you receive from the App.
• We may use sub-processors (e.g., cloud hosting, monitoring, and analytics providers) to operate and improve the service; they are bound by confidentiality and security obligations.
• Feature usage and engagement metrics may be processed by third-party analytics services on our behalf; these services receive only pseudonymized identifiers and aggregated event data, not personal data that directly identifies individuals.
• We do not share personal data with third parties for advertising.

International Transfers and Residency: Data may be hosted in the region configured for your organization (e.g., US or EU environments). Cross-border transfers, where applicable, rely on appropriate safeguards.

Your Choices and Rights

• Opt out: where enabled by your admin, you may opt out of Teams survey messages; you can also mute the App in Teams.
• Uninstall: tenant admins can uninstall the App at any time; the App will stop sending Teams messages.
• Access/Deletion: as a processor to your employer, we handle data-subject requests routed through your organization’s administrator. Admins may contact us to facilitate access, correction, or deletion consistent with law and contractual terms.

Children’s Data: The App is intended for workplace use and not directed to children.

Changes to this Notice: We may update this notice to reflect operational or legal changes. We will post the updated date above and, where appropriate, notify tenant admins.

Contact: For privacy inquiries or data-subject requests, please contact your organization’s administrator or email hello@optimoteams.com.