Privacy, Personal Data & Data-Subject Requests
This document describes the personal data that Boxcurve Unity holds, where that data resides, how responsibility is divided between your organisation and Boxcurve, and how the application supports you in responding to data-subject requests. It is written for your data protection officer, privacy reviewer, and procurement assessor.
The descriptions below reflect how Boxcurve Unity is built and behaves. Determinations that are legal or contractual in nature, your lawful basis for processing, Boxcurve's formal role for any data that leaves your tenant, your privacy notice, and the terms of any data protection agreement, are identified plainly as such, for your organisation to determine.
Where Boxcurve Unity holds personal data
Boxcurve Unity runs inside your own Microsoft 365 tenant and stores its data in your organisation's Microsoft Dataverse environment. With one specific exception described later (the licensing check), all of the personal data the application handles is created, stored, and processed inside your tenant, under your administrative control.
Because the application's data lives in your tenant's Dataverse environment, your organisation governs who can access it, how long it is retained, and when it is deleted. Boxcurve does not hold a copy of this data.
Personal-data inventory
The application holds the following categories of personal data, all within your tenant's Dataverse environment.
Stakeholder and people records
The stakeholder register records the people involved in your accountability maps. For each person this can include their name, email address, job title, organisation, and a directory identity reference from Microsoft Entra ID, together with free-text fields such as comments and role descriptions.
Comment author identity
When a user adds a comment to a task, the application stores a snapshot of the comment author's identity alongside the comment text. This snapshot can include the author's name, email address, and Entra ID directory reference, in addition to the free-text content of the comment itself.
Signed-in user settings
The application records the signed-in user's email address as part of that user's settings.
Error log
When the application encounters an error, it can record a diagnostic entry that includes the email address of the user who was signed in at the time, together with free-text context describing the error.
Change-history records
The application maintains an attributed change history for tasks, accountability-matrix entries, and assignments. Each change-history record holds an identity snapshot of the person who made the change. For assignment changes, the record also holds an identity snapshot of the person affected by the assignment.
People references on projects and assignments
Project ownership, approval, and escalation are recorded as references to people. These references identify individuals through your tenant's directory.
Project, group, Teams, Planner, and Azure DevOps identifiers held by the application identify tenant-level objects and groups rather than individual people, and are not treated as personal data in this inventory.
Controller and processor split
| Data | Where it resides | Who controls access |
|---|---|---|
| All stakeholder, task, comment, user-settings, error-log, and change-history data | Your tenant's Dataverse environment | Your organisation |
| Tenant identifier plus licence and notification metadata sent during the licensing check | Sent from your tenant to a Boxcurve-operated endpoint | See "The licensing check" below |
For all personal data held inside your tenant, your organisation is the controller. You determine the purposes and means of processing, and you configure, through your tenant's administration, who may view and edit that data.
The licensing check
The only identifying data that leaves your tenant is the licensing check. When the application verifies your licence, it sends your tenant identifier together with licence and notification metadata to a Boxcurve-operated licensing endpoint. The licensing check is designed to fail open: if it cannot be completed, the application continues to operate.
This call identifies your tenant; it does not transmit individual end-user identities such as stakeholder names, comment content, or user email addresses.
Business and legal determination
Boxcurve's formal role for the licensing data that leaves your tenant, whether Boxcurve acts as a controller or a processor for that data, is a business and legal designation that is set out in your agreement or data protection agreement (DPA) with Boxcurve.
Supporting data-subject requests
Because the application's personal data resides in your own Dataverse environment, your organisation services data-subject requests, including access, rectification, and erasure, using your own Microsoft platform tooling, with your existing administrative access and controls.
The application provides the means to act on the records it holds:
- View and edit stakeholder records, allowing you to locate, correct, or remove a person's details in the stakeholder register.
- Edit tasks and comments, allowing you to correct or remove content that identifies a person.
- Export task data, supporting the assembly of information for an access request.
For the platform mechanics of locating and acting on personal data across Dataverse, the underlying capabilities your administrators use to fulfil a data-subject request, refer to Microsoft's guidance on data-subject requests: https://learn.microsoft.com/power-platform/admin/powerapps-privacy-dsr-guide
Boxcurve Unity does not define or operate a separate data-subject-request process on your behalf. The request workflow, its timelines, and its record-keeping are your organisation's to operate, using the application's editing and export capabilities and your tenant's platform tooling.
Retention and deletion
Retention and deletion of the personal data held by Boxcurve Unity are governed by your own Dataverse environment configuration. The application does not impose a retention period, does not automatically delete personal data after a set time, and does not guarantee any specific retention or deletion schedule.
Setting and enforcing retention and deletion rules for the data in your environment is your organisation's responsibility, configured through your tenant's platform tooling. If you require a defined retention period, you must establish it yourself.
Lawful basis and privacy notice
Your lawful basis for processing the personal data held in Boxcurve Unity, and the content of any privacy notice you provide to the individuals concerned, are determinations for your organisation as controller; the application does not set them. Any terms governing Boxcurve's handling of data, including the licensing data described above, are addressed in your agreement or data protection agreement (DPA) with Boxcurve, which is a separate contractual artefact.
Cookies and tracking on this documentation site
This documentation site does not have any analytics or tracking configured. It sets no analytics or tracking cookies beyond what is strictly necessary to serve and search the documentation. The site includes a search feature that runs entirely in the reader's browser and does not transmit search activity to a third party.
This statement concerns the documentation site only. Cookies and tracking within the Boxcurve Unity application itself are governed by the Microsoft Power Platform on which it runs; see Microsoft's documentation: https://learn.microsoft.com/power-platform/
Summary: what the application provides versus what you operate
| Area | Boxcurve Unity provides | Your organisation operates |
|---|---|---|
| Personal-data storage | Storage within your tenant's Dataverse environment | Access governance, backup, and environment administration |
| Data-subject requests | View/edit of stakeholders, edit of tasks and comments, task export | The request process, timelines, record-keeping, and platform tooling |
| Retention and deletion | No imposed retention; data held until you remove it | Defining and enforcing retention and deletion rules |
| Lawful basis and privacy notice | None | Determining lawful basis; issuing the privacy notice |
| Licensing data leaving the tenant | Tenant-keyed licence check (fail-open) | Reviewing the licensing data flow as part of your assessment |
| Boxcurve's role for licensing data | Set out in your agreement / DPA with Boxcurve | Confirming the designation in your agreement / DPA |