Privacy & Cookie Policy

Last updated: April 30, 2026.

This policy applies to the NowCloud website, demo requests, customer portal and NowCloud Reports service. For privacy questions, data protection requests or sub-processor questions, contact info@nowcloud.nl.

Who is responsible

For website visitors, prospects, billing contacts and support contacts, NowCloud is the controller of the personal data it collects and uses.

For Microsoft 365 tenant data and customer portal user records processed to deliver NowCloud Reports, the customer is normally the controller and NowCloud acts as processor under the applicable agreement and Data Processing Agreement. If a signed agreement, order form or DPA says something different, that document takes precedence.

Personal data we process

For website, sales and demo interactions, we may process your name, business email address, phone number, organisation, job role, message content, demo booking details and communication history.

For customer account administration, we may process billing contacts, contract contacts, authorised admin contacts, support requests, subscription details, invoice information and operational correspondence.

For the customer portal, we may process invited user email addresses, names, roles, authentication identifiers, sign-in and session metadata, support requests and audit information needed to provide and secure portal access.

For NowCloud Reports, we process Microsoft 365 tenant data that the customer authorises through read-only Microsoft Graph admin consent. Depending on the subscribed reporting scope, this can include identity, group, device, application, compliance, security, sign-in, audit, licence and Microsoft 365 workload metadata. We do not intentionally process the content of email, files or Teams messages unless this is expressly agreed for a specific service.

Why we process data

We use personal data to respond to enquiries, schedule demos, onboard customers, obtain and validate admin consent, provide reports and consultancy, operate the customer portal, manage support requests, send service notifications, maintain security, manage contracts and invoices, and comply with legal obligations.

Where NowCloud is controller, our legal bases are performance of a contract, steps before entering into a contract, legitimate business interests, legal obligations and, where required, consent. Where NowCloud is processor, we process customer data on the customer's documented instructions.

Cookies and similar technologies

The marketing website does not use advertising cookies, tracking cookies or website analytics in the current release.

The website or hosting platform may use strictly necessary technical data to deliver pages securely, prevent abuse and keep the service available. These cookies or similar technical mechanisms are not used to build advertising profiles.

If you book a demo through Cal.com, sign in through Microsoft Entra, or open the NowCloud portal, those third-party or product surfaces may use necessary cookies to provide scheduling, authentication, security and session management. Their use is limited to the function you request unless the provider gives you additional choices.

If NowCloud later adds analytics, embedded scheduling widgets, advertising pixels or other non-essential cookies to the marketing website, we will update this policy and request consent where required.

Service providers and sub-processors

NowCloud uses Microsoft Azure, Microsoft Fabric, Power BI Embedded and Microsoft Entra to host, process, secure and deliver the reporting service. Customer reporting data is stored in isolated customer workspaces and Lakehouses in EU Microsoft cloud regions.

Demo booking is handled through Cal.com. Cal.com receives the booking details you submit, but not Microsoft 365 reporting data. Email and service notifications may be sent through Microsoft 365 or another configured transactional email service. Payment and invoicing providers may process payment, subscription and invoice details where a paid subscription is purchased.

We do not sell personal data. We share personal data only where needed to provide the service, comply with law, protect security, or with the customer's instruction or consent.

International transfers

Customer reporting data is designed to stay in EU Microsoft cloud regions. Some service providers may process limited business, support, telemetry or booking data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as EU Standard Contractual Clauses or equivalent lawful transfer mechanisms.

Security

NowCloud Reports uses read-only Microsoft Graph permissions, tenant-isolated Microsoft Fabric workspaces, encryption in transit, encryption at rest, role-based access, managed secrets and operational logging. Access to customer data is limited to personnel and systems that need it to provide, support or secure the service.

Retention and deletion

Customer reporting data is retained for the duration of the subscription and then deleted from active systems within the contractual or DPA retention period, unless the customer requests earlier deletion or law requires longer retention.

Demo, sales and support records are kept only as long as needed for the interaction, follow-up, business administration and legal obligations. Billing and tax records are retained for the legally required period. Security logs, backups and audit records may be retained for a limited period to protect the service and prove compliance.

Your rights

Depending on your location and the role under which data is processed, you may have the right to access, correct, delete, restrict or object to processing of your personal data, ask for portability, and withdraw consent where processing is based on consent.

If your data appears in customer Microsoft 365 reporting data, please contact your employer or the customer organisation first because they control that data. We will support the customer in responding to valid requests. You can also contact NowCloud at info@nowcloud.nl.

You may lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

Changes to this policy

We may update this policy when the service, legal requirements or our providers change. The latest version is published on this page with the update date above.

Contact

Privacy, cookie and DPA questions: info@nowcloud.nl.