Privacy policy

Summary

OpenAdminOS is a desktop app for Microsoft 365 administrators. It runs on your computer. Your Microsoft 365 tenant data, local model prompts, run history, and crash logs are not sent to OpenAdminOS.

When you choose a hosted language-model provider (Anthropic, OpenAI, or Azure OpenAI) instead of a local one, prompts that include tenant data are sent to that provider under their own privacy policy. The app states this explicitly in the UI before any prompt is sent.

Who is responsible

OpenAdminOS is an open-source project operated by UgurLabs UG (haftungsbeschränkt). The source is at github.com/OpenAdminOS/OpenAdminOS. You can reach support at support@openadminos.com.

The full provider disclosure is available in the legal notice.

What the desktop app does on your computer

• Microsoft 365 authentication. When you connect a tenant, the app signs you in to Microsoft using MSAL. Microsoft returns access and refresh tokens scoped to the Graph permissions you consented to. Those tokens are stored in your operating-system keychain (macOS Keychain, Windows Credential Manager) and used only by the local app to call Microsoft Graph. They are never transmitted to OpenAdminOS.
• Microsoft Graph data. Agents you run call Microsoft Graph on your behalf and process the returned data (devices, users, policies, etc.) in memory on your machine. Selected fields may be written to a local SQLite database for run history and audit purposes. This database is stored under your user profile and is never uploaded anywhere.
• Language-model prompts (local provider). When you select a local LLM provider such as Ollama or LM Studio, prompts and responses stay on your machine. OpenAdminOS does not see them.
• Language-model prompts (hosted provider). When you select Anthropic, OpenAI, or Azure OpenAI, prompts (which may contain tenant data) are sent over TLS to that provider, under their privacy policy and your account with them. The OpenAdminOS UI labels the selected provider and the region the API is hosted in. OpenAdminOS does not receive a copy of these prompts.
• No tenant telemetry. The desktop app does not collect tenant data, prompts, run results, analytics events, or error-reporting data. Crash logs stay on your machine.
• Registry install counts. In packaged production builds, the app can send a small registry install count event when you install a public registry agent. You can disable this in Settings. The event contains the agent slug, app version, operating-system platform, and a yearly per-agent SHA-256 hash derived from a random local install ID. It does not include tenant identifiers, user identifiers, prompts, run results, or Microsoft Graph data. The website endpoint also uses your IP address briefly for rate limiting and stores the deduplication hash for up to one year. These counts are used only to publish aggregate registry stats.
• Support issue reports. If you choose Report issue, review the form, and confirm public submission, the app sends the report to the OpenAdminOS website so the server can create a public GitHub issue. Optional diagnostics are bounded and sanitized before submission. They do not include tenant identifiers, prompts, Graph responses, run results, raw logs, screenshots, local databases, tokens, or provider credentials. The endpoint uses your IP address briefly for rate limiting and stores a short-lived deduplication hash.
• Auto-update. The app can check GitHub Releases for a new version and download the signed installer. These checks send a standard HTTPS request to GitHub; refer to GitHub’s privacy statement for what they log.

What this website does

• Hosting and logs. The site is deployed on Vercel. Vercel records standard server access logs (IP address, user-agent, timestamps) as a normal part of serving the site; see Vercel’s privacy policy.
• No third-party analytics. We do not use Google Analytics, advertising trackers, or third-party cookies.

Your rights

If you are in the EU, UK, or another jurisdiction with similar data-protection laws, you have the right to request a copy of the personal data we hold about you, to correct it, or to have it deleted. Because the desktop app does not transmit tenant content to us, this in practice applies to support correspondence and the limited registry install count data described above. Email support@openadminos.com and we will respond within 30 days.

Changes to this policy

Material changes will be noted by updating the “Last updated” date above and, where reasonable, by a notice in the desktop app or on this page. The full revision history is public in the project’s GitHub repository.