Privacy Policy

Last updated: May 11, 2026

What we collect

When you visit 365securityassessment.com, we collect:

Analytics data — pages viewed, time on site, referrer, device type, approximate location (city-level)
Session replay — anonymized recordings of mouse movement, clicks, and scrolling via Microsoft Clarity (no form-field content or passwords)
IP address — anonymized after geo-detection; never stored long-term
Consent state — your accept/reject decision, stored in a first-party cookie for 365 days

When you start a free trial or book a demo, we collect business email, name, company, and tenant ID (Microsoft 365). This is product/CRM data covered by our DPA.

Why we collect it

Improve site quality (heatmaps, conversion funnel analysis)
Attribute ad-campaign performance (Google Ads, LinkedIn Ads, Microsoft Ads)
Debug user-reported issues
Honor your privacy preferences across sessions

Third parties we share with

Google Analytics 4 + Google Tag Manager — page-view analytics
Microsoft Clarity — session replay + heatmaps
Microsoft Advertising (Bing) — ad attribution (if you arrived from a Bing/Microsoft ad)
LinkedIn Insight Tag — ad attribution (if applicable)
Meta (Facebook) Pixel — ad attribution (if applicable)
TikTok Pixel — ad attribution (if applicable)
Go High Level (link.bonellisystems.com) — booking modal + form processing
Netlify — site hosting + edge geo detection

We do not sell your personal data to anyone, ever.

Your rights

Under GDPR (EU/EEA/UK) and CCPA (California):

Access — request a copy of data we hold about you
Deletion — request we delete your data
Opt-out — withdraw consent at any time by clicking "Reject" in the banner or emailing us
Portability — get your data in a machine-readable format

Reach us at privacy@bonellisystems.com. We respond within 30 days.

How long we keep data

Analytics data: 26 months (Google's default)
Session replay: 90 days (Clarity's default)
Consent state: 365 days from your last interaction
Product/CRM data: until you request deletion or close your account

Security

Our audit platform is read-only by design — we never write to your Microsoft 365 or Azure tenant. We're a 4× Microsoft Solutions Partner with SOC 2 Type II in progress. Read more on our Trust & Security page.

Contact

Questions about privacy? Email privacy@bonellisystems.com.

For legal/contract questions: legal@bonellisystems.com.

Changes to this policy

We'll update the "Last updated" date at the top and notify active customers via email for material changes.

Terms of Service

Last updated: 2026-05-12 · High-level summary. A formal master agreement governs paid engagements and supersedes anything below for paid customers.

Acceptable use

You agree to use 365 Security Assessment only on Microsoft 365 and Azure tenants you own or are authorized to assess. You will not use the service to access tenants without permission, redistribute the service, reverse-engineer the scanner, or interfere with other customers' use.

Read-only by design

Our audit platform is read-only against your tenant. We collect configuration and audit-log signals from Microsoft 365 and Azure using the consents you grant. We never write to, modify, or delete data in your tenant.

Free trial

The 14-day free trial gives full access to scoped assessment outputs with no credit card. After 14 days, the trial converts to a read-only locked view unless you upgrade. We do not delete your assessment data, scanner application registration, or certificates at trial expiry — upgrade at any time to resume full access.

No warranty for findings

Our findings reflect tenant configuration at the time of scan. We make no warranty that addressing every finding will pass an audit or prevent a breach. Use the findings as one input alongside qualified security and compliance advice.

Service availability

We target 99.5% availability for the dashboard and scan pipeline. Scheduled maintenance is announced in advance where possible. Trial and free-tier users receive best-effort support; paid customers receive support tier per their order form.

Termination

You may close your account at any time by emailing legal@bonellisystems.com. We may suspend or terminate access for breach of these terms or abuse of the service, with notice where reasonable.

Liability

To the maximum extent permitted by law, our aggregate liability is limited to fees paid in the 12 months preceding the claim. We are not liable for indirect, incidental, or consequential damages.

Governing law & contact

These terms are governed by the laws of the State of Illinois, United States. Disputes will be resolved in the state or federal courts located in Cook County, Illinois. For legal questions: legal@bonellisystems.com.

Bonelli Systems reserves the right to update these terms; material changes will be communicated to active customers by email.

← Back to homepage