VaultPDF LogoVaultPDF.io
Legal

Privacy Policy

VaultPDF Privacy Policy covering how data is processed, stored, and protected within your Microsoft 365 / Azure tenant.

Effective date: March 21, 2026
Last updated: March 21, 2026

This Privacy Policy describes how Refract Logic LLC ("Refract Logic", "we", "our", or "us"), the developer and operator of Vault Platform and VaultPDF, handles data in connection with your use of the VaultPDF application. Because VaultPDF is a tenant-hosted solution, the vast majority of data processing happens exclusively inside your own Microsoft 365 / Azure environment, not on our servers.

Please read this policy carefully. By installing and using VaultPDF you acknowledge the practices described below.

1. Tenant-Hosted Architecture

VaultPDF is deployed and operates entirely within your organisation's Microsoft Azure tenant. All document generation and data processing occur inside your secure Azure environment.

No Data Egress by Design

We do not transfer, store, or have access to the contents of your documents or raw JSON data on our own servers. Your business data never leaves your tenant.

This means:

  • Document templates are stored in a SharePoint document library that you own and administer.
  • Generated PDF outputs are written back to SharePoint folders designated by your administrator.
  • All orchestration and rendering logic runs in compute resources inside your Azure subscription.

Because you control the underlying infrastructure, your organisation's own data-governance policies, retention rules, and access controls apply to all document content.

2. Information We Do Not Collect

We do not collect, process, or have access to:

  • The content of any documents you generate.
  • The JSON data payloads you submit for rendering.
  • Employee, customer, or any other personally identifiable information (PII) contained in your documents.
  • Files or metadata stored in your SharePoint environment.

3. License Validation and Metadata Transmission

To maintain a valid licence, VaultPDF performs a single lightweight check with our secure licensing server once every 24 hours.

What Is Transmitted

For the sole purpose of licence validation, the application transmits minimal metadata to our secure licensing server once every 24 hours. This metadata is limited to:

  • License Key: your unique VaultPDF licence identifier.
  • Microsoft Entra (Azure AD) Tenant ID: used to confirm the licence is being used by the authorised tenant.

No personally identifiable information (PII), document content, or business data is included in this transmission.

This metadata is used exclusively to:

  1. Confirm your licence is active and has not been revoked.
  2. Enforce any seat, volume, or feature entitlements associated with your licence tier.

We retain this metadata for the duration of your licence agreement and for a reasonable period thereafter for audit purposes. It is never sold, rented, or shared with third parties.

4. SharePoint Integration

VaultPDF uses a Managed Identity (a credential-free Azure authentication mechanism) to interact with your SharePoint environment on behalf of your tenant.

The scope of this access is limited to:

  • Reading template files from SharePoint folders configured by your administrator.
  • Writing generated PDF outputs to SharePoint output folders configured by your administrator.

No SharePoint content is transmitted outside your tenant. Access is governed by the least-privilege permissions granted during the installation and setup process, which your administrator controls.

5. Security Standards

5.1 Licensing API Communication

Communication between VaultPDF and our licensing API is secured using JWT (JSON Web Token) signing and encryption. This ensures:

  • The integrity of the licence status response, ensuring the payload cannot be tampered with in transit.
  • The confidentiality of the transmitted metadata, as encrypted tokens prevent interception.
  • Non-repudiation, as each token is signed with a key that can be independently verified.

5.2 Azure Infrastructure Security

Because VaultPDF runs inside your Azure tenant, it inherits the security controls you have already configured, including:

  • Azure Role-Based Access Control (RBAC).
  • Virtual Network (VNet) integration and private endpoints (if configured).
  • Microsoft Defender for Cloud recommendations applicable to your subscription.
  • Your organisation's existing conditional access and identity protection policies.

6. Data Retention

Data TypeStored byRetention
Document templatesCustomer's SharePointControlled by Customer
Generated PDF outputsCustomer's SharePointControlled by Customer
Licence Key & Tenant IDRefract Logic LLC licensing serverDuration of licence + audit period
Application logsCustomer's Azure subscriptionControlled by Customer

We do not impose a retention schedule on data held in your tenant. Retention of licence metadata on our servers follows our internal data-management policy, which is available upon request.

7. Third-Party Services

VaultPDF does not share your data with third-party advertising, analytics, or marketing services. The only external call the application makes is the licence validation request described in Section 3.

8. Your Rights

Depending on your jurisdiction, you may have rights in relation to personal data we hold. Because VaultPDF holds only the minimal metadata described in Section 3 (Licence Key and Tenant ID — neither of which is personal data in most jurisdictions), most data-subject rights requests will not apply.

If you believe we hold personal data about you, or if you have any privacy-related questions, please contact us at the address below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify licence administrators via email or in-app notice. Continued use of VaultPDF after changes are published constitutes acceptance of the revised policy.

10. Contact

If you have questions or concerns about this Privacy Policy, please contact:

VaultPDF
https://www.vaultpdf.io/contact

Questions About Data & Security?

Our team is happy to answer compliance and privacy questions for enterprise evaluations, security reviews, or DPA enquiries.

Contact UsView Security FAQ

FAQ

Frequently asked questions about VaultPDF - covering general usage, security and compliance, architecture, licensing, template management, and how VaultPDF compares to traditional PDF tools.

Terms of Service

Legal terms governing the installation, deployment, and use of VaultPDF within your Microsoft 365 / Azure environment.

On this page

1. Tenant-Hosted Architecture2. Information We Do Not Collect3. License Validation and Metadata Transmission4. SharePoint Integration5. Security Standards5.1 Licensing API Communication5.2 Azure Infrastructure Security6. Data Retention7. Third-Party Services8. Your Rights9. Changes to This Policy10. Contact