Privacy Notice: Molaprise Business Card Application
Effective Date: December 3, 2025
This Privacy Notice explains how the Molaprise Business Card Application (the “Application”), deployed into your organization’s Azure subscription, handles and processes your users’ data.
1. Application Ownership and Data Controller
When this Application is deployed using the Solution Template from the Azure Marketplace, the following ownership applies:
- Application Host/Operator (Data Controller): Your organization (the Azure subscription owner) is the controller and operator of the deployed Application. Your organization is responsible for its configuration, access control, and compliance with data privacy laws.
- Application Publisher (Molaprise): Molaprise is the publisher of the software template but does not host, operate, or directly control the data processed by the deployed Application within your Azure environment.
2. Information Collected and Processed
The Application collects and processes the following information strictly to provide its digital business card functionality:
A. Authentication Data
When a user signs in using Easy Auth and Microsoft Entra ID, the Application processes identity claims to verify the user.
| Data Point | Source | Purpose |
|---|---|---|
| User Principal Name (UPN) | Microsoft Entra ID | Primary identifier for sign-in and session management. |
| Tenant ID | Microsoft Entra ID | Used to scope data storage (branding) and ensure multitenant isolation. |
| Authentication Roles | Microsoft Entra ID | Used to determine administrative access (e.g., to the /admin/branding page). |
B. Microsoft Graph Profile Data
The Application uses Microsoft Graph with Application Permissions (or Delegated Permissions) to enrich the business card profile. This data is retrieved on demand when a profile is viewed.
| Data Point | Source | Purpose |
|---|---|---|
| Display Name / Full Name | Microsoft Graph | To display the user’s name on the business card. |
| Job Title | Microsoft Graph | To display the user’s title on the business card. |
| Mail / Email Address | Microsoft Graph | To display the user’s contact email. |
| Mobile Phone | Microsoft Graph | To display the user’s mobile contact number. |
| Profile Photo | Microsoft Graph | To display the user’s profile image on the business card. |
C. Configuration Data (Stored in Cosmos DB)
The Application requires configuration data to be stored within your Azure subscription (Cosmos DB container, if configured, or in-memory fallback).
| Data Point | Source | Purpose |
|---|---|---|
| Tenant Branding | Organization Admin | Company logo URL, company name, primary contact details, and website URL. |
| UPN Domain Hint | Organization Admin | To assist public profile lookups. |
3. How Information is Used
The Application uses the processed data for the following purposes:
- To Display the Business Card: All data collected is used to render a user’s professional digital business card for viewing and sharing.
-
To Facilitate Admin Access: Authentication Roles and Admin UPNs are used to restrict access to the
/admin/brandingpage. -
To Generate QR Codes and vCards: Profile data is used to generate a shareable QR code URL and a downloadable vCard (
.vcffile).
4. Data Storage and Retention
- Storage Location: All session data and branding configuration data are stored entirely within your organization’s Azure subscription (in the Azure Web App session store and the Azure Cosmos DB resource deployed by the template).
- No Data Export to Publisher: Molaprise, the application publisher, does not access, receive, or store any of your organization’s user profile data, session data, or branding configuration.
- Retention: Data retention is governed by your organization’s policies, as your organization controls the Azure resources where the data resides.
5. Third-Party Integrations
The Application uses the following Microsoft services, which are governed by your existing Microsoft agreements:
- Microsoft Entra ID: Used for user authentication and authorization.
- Microsoft Graph: Used to retrieve up-to-date user profile information.
- Azure Dataverse (Dynamics 365): If the D365 upload feature is enabled, the Application sends user-scanned contact information (name, email, phone) to your organization’s Dataverse environment.
6. Your Organization’s Responsibility (Data Controller)
Since your organization is the Data Controller, you are responsible for:
- Maintaining the security of the deployed Azure resources (Web App, Cosmos DB, etc.).
- Handling Data Subject Access Requests (DSARs).
- Ensuring the necessary legal agreements and compliance are in place for the data stored in your Azure environment.
If you have questions about your organization’s data policies regarding this application, please contact your internal IT or Data Protection Officer.