Token Watch logo Token Watch  Sign In  Sign Up
Legal

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy describes how Token Watch (“Token Watch,” “we,” “us”) collects, uses, and protects information when you use the Token Watch service available at app.aztokenwatch.com (the “Service”).

Token Watch is built to help engineering teams monitor the expiration of Azure App Registration credentials. Protecting your tenant’s data is a core part of how the Service is designed.

1. Information we collect

1.1 Account information

When you sign in, we receive identity information from Microsoft Entra ID (formerly Azure AD), including your name, email address, user object ID, and tenant ID. We do not receive or store your Microsoft password.

1.2 Azure metadata

With your consent, the Service reads metadata about App Registrations in your Azure tenant using Microsoft Graph. This includes application display names, application (client) IDs, key IDs, credential descriptions, and credential start/end dates.

We do not collect or store the secret values themselves — client secret values are not exposed by Microsoft Graph after creation and are never transmitted to Token Watch. We do not request or use any write permissions on your tenant.

1.3 Configuration data

We store your configuration choices: which credentials you want monitored, alert recipients, webhook URLs, notification schedules, and similar settings.

1.4 Operational data

We collect standard server and application logs (timestamps, IP addresses, user agents, request paths, error traces) for security, debugging, and abuse prevention. We may use basic, privacy-respecting analytics to understand aggregate Service usage.

2. How we use information

We use the information described above to:

  • provide and operate the Service;
  • send you the expiration notifications and reports you have configured;
  • authenticate you and protect your account;
  • debug, troubleshoot, and improve the Service;
  • communicate with you about your account, billing, or material changes to the Service; and
  • comply with legal obligations.

We do not sell your personal data, and we do not use it for advertising.

3. Sharing with third parties

We share data only with service providers that we need to run the Service. Today this includes:

  • Microsoft — identity (Microsoft Entra ID) and Azure infrastructure that hosts the Service;
  • Our email provider — to deliver notification emails;
  • Our payments processor (for paid plans) — to handle subscription billing. Token Watch does not store full payment card numbers.

We do not share your data with third parties for their own marketing. We may disclose information if required by law, legal process, or to protect the rights, safety, or property of Token Watch or its users.

4. Data storage and security

Data is stored in Microsoft Azure. We apply administrative and technical safeguards including encryption in transit (TLS) and at rest, least-privilege access controls, and audit logging. No system is perfectly secure, but we aim to minimize the data we hold so that the impact of any incident stays small.

5. Data retention

We keep account and configuration data for as long as your account is active. App Registration metadata is refreshed continuously and is removed shortly after you disconnect Token Watch from your tenant or delete your account. Operational logs are retained for a limited period (typically up to 90 days) for security and debugging.

6. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise these rights, or ask any privacy question, by emailing contact@aztokenwatch.com.

You can also disconnect Token Watch from your tenant at any time by revoking the application’s consent in the Azure Portal, which immediately stops further data collection.

7. International transfers

Token Watch is operated from infrastructure that may be located outside your country of residence. When we transfer personal data internationally, we rely on appropriate safeguards (such as the standard contractual clauses used by our cloud providers).

8. Cookies

The marketing site at aztokenwatch.com uses only the cookies needed for the site to function. The Service at app.aztokenwatch.com uses session cookies required for authentication. We do not use third-party advertising or cross-site tracking cookies.

9. Children’s privacy

Token Watch is intended for use by businesses and is not directed to children under 16. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you by email or in the Service.

11. Contact

Questions about this policy or about how we handle your data? Email contact@aztokenwatch.com and we’ll get back to you.

Top