Wingman Privacy Policy

1. Introduction

This Privacy Policy describes how Excellence IT (UK) Limited ("we", "us", "our") collects, uses, and protects personal data when you use the Wingman Outlook Add-in ("Wingman" or the "Add-in").

We are registered in the United Kingdom as EXCELLENCE IT (UK) LIMITED, company number 06391372, with registered office at:

If you have questions about this policy or your data, contact us at info@excellence-it.co.uk.

2. What Wingman Is and What It Does

Wingman is an Outlook add-in that lets you interact with your Microsoft 365 SharePoint content directly from Outlook. Features include:

• Saving emails and attachments to SharePoint.
• Browsing SharePoint structures from within Outlook.
• Uploading, renaming, deleting, and organising files in SharePoint.
• Attaching files from SharePoint to outgoing emails without downloading them.

All Microsoft 365 data operations (email, attachments, SharePoint files) occur via Microsoft Graph API calls directly from the user's device.

3. What Data We Access and Why

4. OneDrive Configuration Data

To improve cross-device usability, Wingman may store minimal configuration data (such as last accessed SharePoint folder, UI preferences) in your own Microsoft OneDrive storage. This data belongs to you and remains under your control.

Users can view or delete this data directly from OneDrive if they wish.

5. Server Interaction (Licensing Check)

Wingman makes one backend call to our Azure-hosted Node.js API to:

• Verify that the authenticated user has a valid Wingman licence.

This call uses the user's Microsoft identity token; we do not store user email, name, or Graph tokens on our servers.

No personal data is logged or retained on our backend. There is no storage of emails, attachments, or SharePoint content on our servers.

Our backend and all API endpoints use HTTPS/TLS encryption, as required for Office Add-ins.

6. Legal Basis for Processing (UK/EU GDPR)

When processing personal data (e.g., authentication and delegated Graph access), we rely on:

• Performance of a contract: to provide Wingman's functionality to you.
• Legitimate interests: where needed to verify licences and ensure application integrity.

Users have rights under GDPR/UK GDPR (see below).

7. Retention and Deletion

• We do not retain any email, file, or SharePoint content on our systems.
• Licence verification data is used only at runtime and is not stored.
• Configuration data stored in OneDrive is controlled and removable by the user.

8. Security

We use industry-standard practices to protect data:

• OAuth 2.0 + MSAL/NAA for authentication.
• All network traffic to Azure/backend uses TLS encryption.
• We never store user passwords or Graph tokens on our servers.

9. Third Parties

Wingman uses:

• Microsoft Identity Platform for authentication.
• Microsoft Graph API for accessing Microsoft 365 data.
• Azure App Services to host our backend.

We do not share personal data with advertisers or unrelated third parties.

10. Your Rights

Users may exercise the following rights where applicable:

• Access personal data processed by Wingman.
• Rectify inaccuracies.
• Any configuration data stored by Wingman is saved within the user's own Microsoft 365 tenant (e.g., OneDrive). Excellence IT does not access, control, or manage this data. Users may delete such data directly through their Microsoft 365 environment.
• Lodge a complaint with the UK ICO or relevant data protection authority.

Our ICO registration: ZA752320.

11. Updates to This Policy

We may update this policy occasionally. The effective date at the top will change when we do.

12. Contact Us