Privacy Policy & Data Practices — Integrationhub Consulting CY LTD
This Privacy Policy describes how Staviox ("we", "us", or "our"), a brand operated by Integrationhub Consulting CY LTD (a company registered in Nicosia, Cyprus), handles information in connection with the Email Contact Analyzer browser extension ("the Extension").
This policy applies to all users of the Extension worldwide. By installing or using the Extension you acknowledge that you have read and understood this policy.
The Extension reads the following data from your Microsoft Outlook account solely to operate its features on your device. None of this data is transmitted to Staviox or any server we operate.
| Category | Examples | Purpose |
|---|---|---|
| Email Metadata | Sender address, recipient(s), subject line, date & time | Rank contacts by email volume; display communication analytics |
| Email Body Preview | First 255 characters of the email body | Enable full-text search across your mailbox within the Extension |
| Contact Information | Display names and email addresses extracted from emails | Build and display a ranked contact list |
| User Preferences | Theme choice, window position, sort order | Remember your personalisation settings between sessions |
| OAuth Access Tokens | Microsoft Graph API access token | Authenticate with Microsoft to fetch your emails on your behalf |
All data is used exclusively to provide the features of the Extension. Specifically:
All data associated with the Extension is stored locally in your browser using standard browser storage APIs:
| Storage Mechanism | Data Stored | Persistence |
|---|---|---|
| localStorage | Cached email metadata, contact data, user preferences | Persists until the Extension is uninstalled or browser data is cleared |
| sessionStorage | OAuth access tokens | Cleared automatically when the browser session ends (tab/window closed) |
We do not use any of the following:
We do not share, sell, rent, license, or otherwise transfer your data to any third parties. Specifically:
The only external communication the Extension makes is with Microsoft's services (Microsoft Graph API and Microsoft Azure AD) to fetch your own email data using an OAuth token you explicitly grant. This communication flows directly between your browser and Microsoft — Staviox is not an intermediary in this data flow.
We may disclose information only if required to do so by applicable law, court order, or governmental authority, and only to the minimum extent legally required.
You have full control over your data at all times. The following controls are available to you:
Choose which emails are scanned using the date range selection feature within the Extension.
Uninstall the Extension at any time to permanently delete all locally stored data from your device.
Revoke the Extension's access to your Outlook account at any time via your Microsoft account settings.
Clear all Extension data by clearing your browser's stored data for the Extension's origin via browser settings.
All data held by the Extension is visible directly within the Extension's interface at all times.
No registration, email address, or personal information needs to be provided to Staviox to use the Extension.
We have implemented the following technical safeguards to protect your data within the Extension:
sessionStorage, scoped to the current session and never persisted across sessions.<iframe> to prevent cross-site scripting (XSS) attacks originating from email content.The Extension interacts exclusively with the following Microsoft services, each of which has its own privacy policy and terms of service:
Used to retrieve your Outlook email data (metadata, subject lines, body previews, and contact information) using the OAuth access token you grant. Data is fetched directly from Microsoft to your browser — Staviox does not receive or store this data.
Used solely to facilitate the OAuth 2.0 PKCE authentication flow that grants the Extension permission to access your Outlook data on your behalf. Your credentials are handled entirely by Microsoft.
The Extension does not use any other third-party services, including but not limited to advertising networks, analytics platforms, crash-reporting services, or social media SDKs.
We encourage you to review Microsoft's Privacy Statement at privacy.microsoft.com to understand how Microsoft processes your data.
The Extension uses the Microsoft Graph API exclusively to read your Outlook email and contact data on your behalf. The following OAuth permission scopes are requested at the time of authentication:
| Permission Scope | What It Allows | Why We Need It |
|---|---|---|
| Mail.Read | Read emails in your mailbox (metadata and body) | Fetch email metadata, body previews, and sender/recipient information for contact ranking and search |
| Contacts.Read | Read your saved Outlook contacts | Supplement email-extracted contacts with data from your Outlook contact list |
| User.Read | Read your basic profile information (name, email address) | Identify the signed-in user and personalise the Extension interface |
Key principles governing our use of the Microsoft Graph API:
The Email Contact Analyzer is a professional productivity tool designed for adult users and is not intended for use by individuals under the age of 13.
We do not knowingly collect or process any personal information from children under the age of 13. Because all processing happens locally in the browser and no data is transmitted to Staviox, we do not maintain records about our users. However, if a parent or guardian believes that a child under 13 has used the Extension, they are encouraged to:
We will respond to all parental data deletion requests promptly and take all appropriate steps within our technical capabilities.
Integrationhub Consulting CY LTD is headquartered in Nicosia, Cyprus, a member state of the European Union. We are committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
Because all data is processed and stored locally on your device and no personal data is transmitted to or processed by Staviox, the primary data controller relationship under the GDPR for your email data is between you and Microsoft. Nonetheless, the Extension is designed in full accordance with GDPR principles:
For any GDPR-related enquiries, please contact us at support@staviox.com.
Because the Extension operates entirely on your device, data retention is fully under your control. There is no server-side retention of any kind.
Email metadata, contact data, and preferences are retained in your browser's local storage for as long as the Extension remains installed.
OAuth access tokens are held only in session storage and are automatically deleted when you close your browser tab or window.
All locally stored Extension data is permanently and immediately deleted from your device when you uninstall the Extension.
Staviox holds no copies of your data. There is no server-side database, backup, or log that retains your information.
The Email Contact Analyzer is available to users worldwide. Because all data is processed locally in your browser, there are no cross-border data transfers initiated by the Extension.
We may update this Privacy Policy from time to time to reflect changes in the Extension's features, applicable law, or our data practices. When we make significant changes, we will notify users through the Extension's update release notes published on the Chrome Web Store or relevant browser extension marketplace.
The Last Updated date at the bottom of this page reflects the date of the most recent revision. We encourage you to review this policy periodically.
Your continued use of the Extension following the posting of changes constitutes your acceptance of the updated Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or the Extension's data practices, please reach out to us using the details below. We aim to respond to all enquiries within 5 business days.