Privacy Policy

UgurLabs UG (haftungsbeschränkt)
[Street and number], [Postal code, City], Germany
Managing Director: Ugur Koc
Email: support@licensemeter.com

When you open this website, our hosting provider (Vercel Inc.) processes technically necessary data (IP address, time, page requested, user agent) in server logs in order to provide and secure the service (Art. 6(1)(f) GDPR). The application runs in EU data centers; a data processing agreement including the EU Standard Contractual Clauses is in place with Vercel.

This website uses only technically necessary session cookies for sign-in. No tracking or marketing cookies are set. See our Cookie Policy for details.

For reach measurement we use Vercel Web Analytics, a cookieless method that records only aggregated, anonymized page views (Art. 6(1)(f) GDPR). No cross-device profiles are built and no IP addresses are stored.

Sign-in is handled through Microsoft Entra ID (OpenID Connect). We process the profile data Microsoft transmits: display name, email address / UPN, object ID and tenant ID. This data is required to provide the account (Art. 6(1)(b) GDPR).

When an organization connects its Microsoft 365 tenant, LicenseMeter processes the following data of the tenant’s users on that organization’s behalf (Art. 28 GDPR): display name, UPN, account status, user type, creation date, license assignments, last sign-in timestamp and the last activity date per service. Mailbox, file or message content is never read; access is technically limited to read-only permissions.

If the organization additionally connects optional connectors, LicenseMeter processes, under the same engagement, the following data as well: member email addresses and product assignments from Adobe, Zoom, Atlassian and Salesforce; console member lists and daily API cost totals from OpenAI and Anthropic; and member lists pasted via CSV from ChatGPT and Claude.

The data is stored in a Postgres database in the EU (Frankfurt region) and is deleted immediately and in full when the workspace is disconnected. A data processing agreement (DPA) is provided to each organization before production use.

If you leave your email address on the home page, we store it in order to send you the requested materials (security overview) and a one-time notice about the start of billing (Art. 6(1)(b) GDPR). There is no automated newsletter. The address is deleted on request at any time.

Vercel Inc. (hosting, EU function region), Supabase Inc. (database, AWS eu-central-1 Frankfurt), Microsoft (identity platform and Graph API), Resend Inc. (email delivery, EU region eu-west-1; workspace notifications to administrators as well as the emails described in section 4a to people who leave their address on the home page). The current list is part of the DPA.

To be distinguished from these are the source systems named in section 4 (Adobe, Zoom, Atlassian, Salesforce, OpenAI, Anthropic, and the lists pasted via CSV from ChatGPT and Claude): LicenseMeter reads data from them, on the organization’s behalf, on a read-only basis. They are data sources, not subprocessors of LicenseMeter; no personal data is shared with them beyond the authenticated read request.

Account and product data is stored for as long as the workspace is connected. On disconnect, all synchronized data is deleted. The hosting provider’s server logs are subject to that provider’s deletion periods.

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR), as well as the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). For data we process on behalf of your organization, please contact your organization as the controller in the first instance.

Privacy questions: support@licensemeter.com