Which permissions does Allocatus request?
Allocatus uses the Microsoft Graph API to access your user data. The application will ask you for the following permissions:
Depending on your company's Microsoft 365 configuration, it can be required that an administrator has to approve the permissions. You can find more information
here.
Why are these permissions needed?
Allocatus is a background service that always synchronizes your project tasks with your Outlook calendar. So it accesses your calendar or user data in the background without needing users to log in every time. Therefore it needs the permission to maintain access to data you have given it access to.
Sign in and read user profile is needed because Allocatus reads your email address to match it with the email address of your resource in Microsoft Project. This permission allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
Have full access to your calendar is necessary to create, read, update, and delete events in user calendars which is the main functionality of Allocatus.
Allocatus will create a category with grey color in your Outlook Inbox called Allocatus. To set this up the application requires the read and write user mailbox settings permission.
Allocatus will support synchronizing tasks in future. Therefore we already ask for the permission to allow the app to create, read, update, and delete tasks a user has permissions to, including their own and shared tasks.
How can a user set these permissions?
Every user is prompted to accept the permissions before the calendar synchronization can start.
Allocatus will send an email to every resource in your project with a link to the approval dialog:
After sign in users have to accept the permissions in this dialog:
When the permissions have been successfully set, the user will see this website:
How can I revoke these permissions?
It is very easy to revoke the permissions of Allocatus:
- Go to the My Apps Portal and sign in with your user account.
- Select the three dots in the Allocatus application and click on Manage your application
- Click Revoke consent.
What personal data is collected by Allocatus?
Project Data
The Allocatus Add-in reads the following data from the project file and sends it to the cloud service (Azure SQL database):
Project-level information
- Project name
- Project owner’s name incl. their windows account
- Notes
- Custom fields (if configured)
- Date & time of last publish to Allocatus
- Technical GUID
Task-level information
- Task name
- Task start & finish date
- Technical GUID
- Task duration
- Deadline
- IsMilestone
- IsMarked
- IsManuallyScheduled
- Work, actual Work, remaining work
- Created date
- Notes
- Custom fields (if configured)
Assignment-level information (+assignment by day)
- Technical GUID
- Technical GUIDs of related task and resource
- Assignment start & finish date
- Work, actual work, remaining work
- Custom fields (if configured)
Resource information
- Resource & project technical GUID
- Resource name
- Resource email address
- Resources’ windows accounts
- Notes
- Custom fields (if configured)
If Allocatus has found changes on the Exchange side, it updates the task- and assignment-level fields in the project schedule (if configured).
Exchange
The Allocatus service writes the info it received from the project side into the users’ calendars. It reads the following information from appointments from their calendars which have been linked via Allocatus to keep both sides in sync:
- Appointment start & end dates
- Subject
- Body
- Busy state
- IsAllDayEvent
- Category
- Billing information
Information read from exchange is historized in the Azure SQL database.
How is personal data used or shared by Allocatus?
As Allocatus is running in Azure all personal data collected will be stored encrypted in Microsoft Azure.
We use personal data for our normal operation of service meaning collecting Project and Outlook data in order to sync between the applications.
Apart from that we collect basic user information from Microsoft for authentication purposes.
For e-mail delivery we use Postmark and therefore share e-mail adresses with them.
Communication with Microsoft Azure is logged.
When is my personal data deleted?
You can request an overview and the deletion of all your personal data at any time via e-mail to
support@holert.com
In any case we delete personal data after end of service. During the service time the following dates apply:
- In Azure the log data is deleted seven days after generation
- Local logs are deleted after 60 days
- Postmark deletes logs after 45 days