Privacy Policy

Last updated: March 14, 2026

MSP Onboarding ("the Service") is operated by Europa IT, LLC ("we", "us", "our"). This Privacy Policy explains how we collect, use, and protect your information when you use our platform at msponboarding.app.

1. Information We Collect

We collect the following categories of information:

• Account information: Name, email address, and profile picture provided through your identity provider (Microsoft 365 or Google) during sign-in.
• Usage data: Actions taken within the platform such as task updates, time entries, notes, and scheduling activities.
• Integration data: Data exchanged with connected services (Autotask, TimeZest, Microsoft Calendar, Slack) as configured by your organization's administrator.
• Technical data: Browser type, IP address, and device information collected automatically for security and performance purposes.

2. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Authenticate your identity via single sign-on (SSO)
• Synchronize data with integrated third-party services as configured by your administrator
• Send transactional emails (invitations, notifications) via SendGrid
• Improve the Service and troubleshoot issues

3. Google OAuth Scopes

If your organization connects Google Calendar, we request the following OAuth scope:

• Google Calendar (read/write): Used to create, view, and manage calendar events for onboarding task scheduling. We only access calendar data when you explicitly schedule an event from within the platform.

We do not access, store, or share your Google data for advertising purposes. We do not sell Google user data to third parties. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Sharing

We do not sell your personal information. We share data only with:

• Your organization: Data you create within the Service is visible to other members of your organization based on permissions set by your administrator.
• Connected integrations: Data is pushed to or pulled from Autotask, TimeZest, Microsoft Calendar, Google Calendar, and Slack as configured by your administrator.
• Service providers: Auth0 (authentication), SendGrid (email delivery), DigitalOcean (hosting and database).

5. Data Security

We protect your data using:

• TLS/SSL encryption for all data in transit
• Encrypted database connections
• Tenant-isolated data architecture (each organization's data is logically separated)
• Auth0-managed authentication with support for multi-factor authentication
• OAuth 2.0 tokens for calendar and identity provider connections (we never store your SSO password)

6. Data Retention

Your data is retained as long as your organization maintains an active account. Deleted onboardings are recoverable for 30 days, then permanently removed. Deactivated user accounts retain historical data (time entries, notes) but remove personal access. You may request full data deletion by contacting us.

7. Your Rights

You may:

• Access and update your profile information at any time
• Request a copy of your data
• Request deletion of your account and associated data
• Disconnect calendar and integration connections from your profile

8. Cookies

We use only essential cookies and local storage required for authentication and session management. We do not use tracking cookies or third-party analytics.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via the platform or email.

10. Contact Us

For privacy-related questions or requests:

Europa IT, LLC
Email: support@europait.net
Website: europait.net