Privacy Policy

Last updated: May 10, 2026

Image Gallery (“the App”) is developed and provided by Dialtone Apps (“we”, “us”). The App runs inside Microsoft Teams, including Teams desktop, Teams mobile, and Teams on the web (together, the “Teams client”). Image Gallery is not intended to be opened directly as a standalone website and actively prevents this. This policy explains what data the App accesses, how it is processed, and your rights.

1. What Data the App Accesses

The App reads messages and images from the Microsoft Teams chat or channel where it is installed, using the Microsoft Graph API and local context provided by the Teams SDK on behalf of the signed-in user. When Teams stores an image in OneDrive or SharePoint, the App also reads the image and related metadata on behalf of the signed-in user from that service. The App also reads additional metadata such as chat members, team and channel names, when a chat or channel was created, and the point in time from which a user can access chat history. It also reads basic user profile information, such as display names and profile photos, to show who sent each image. The App only uses delegated permissions, which always require a signed-in user. The App does not require or request Microsoft Graph application permissions for reading customer data.

2. Where Data Is Stored

Images and message content stay in the Teams client. Images are cached locally in IndexedDB, a device-local web storage mechanism provided by the Teams host. Message text is read by the app to find and display images but is never sent to or stored on our servers.

The App also stores local preferences, view state, cache metadata, and optional image processing results, such as OCR text and generated tags, in the same Teams-local IndexedDB cache. This data remains on the user’s device.

Our backend stores customer and licensing records needed to operate the subscription. These records may include organization name, tenant ID, license plan, license status, license expiry, seat limits, monthly usage counters, admin contact email address, billing contact email address, and internal customer notes. For license enforcement, the backend may also store the signed-in user’s Microsoft Entra user identifier, the monthly usage period, whether the license check was allowed or blocked, and the last license check time. These license-metering records do not include user names, email addresses, messages, images, or any kind of PII (Personally Identifiable Information).

3. What The Backend Processes

Our backend is used for these operations:

• Authentication: Teams SSO tokens are exchanged for a Microsoft Graph access token via the OAuth 2.0 On-Behalf-Of flow. Tokens are used transiently during the request and are not stored.
• License verification and usage metering: Your tenant ID and Microsoft Entra user identifier are checked against our customer records to verify an active subscription and enforce purchased seat limits. The backend records license-check metadata is described above.
• Customer administration and billing: We store organization and contact details needed to manage subscriptions, billing, support, and renewals.

4. Image Processing Features

The App includes optional image processing features for image classification and text recognition. These run inside the Teams client on the user’s device using open-source models (HuggingFace CLIP and PaddleOCR). No image data is sent to any external service for processing.

Image processing results are stored locally in the Teams client’s IndexedDB cache and are not stored by our backend.

5. Third-Party Services

• Microsoft Graph API — to read Teams messages and images (governed by your organization’s Microsoft 365 agreement)
• Microsoft Azure — hosts our backend in West Europe
• Model hosting providers — to download open-source model files used for local image processing; no image data is sent to these providers by the App

We do not use advertising services or third-party analytics tracking in the App.

6. Cookies and Tracking

The App does not use cookies. Authentication is handled via Teams SSO tokens. We do not use advertising or third-party analytics tracking. License checks are recorded only for subscription enforcement, billing, support, and abuse prevention as described in this policy.

7. Data Retention

Cached images, local preferences, view state, cache metadata, and image processing results in IndexedDB remain until you clear the cache in the App’s settings or clear the Teams client’s local app data for Image Gallery.

Teams SSO tokens and Microsoft Graph access tokens are processed transiently and are not stored by our backend.

Customer, licensing, billing contact, admin contact, and license-metering records are retained while needed to provide the App, manage subscriptions, meet accounting or legal obligations, resolve support requests, and prevent abuse. We delete or anonymize these records when they are no longer needed for those purposes.

8. Your Rights (GDPR)

You control locally cached App data on your device through the App’s cache settings and the Teams client’s local app data controls. For messages, files, and profile information accessed through Microsoft Graph, refer to your organization’s Microsoft 365 data policies.

For customer, licensing, admin contact, billing contact, and license-metering records stored by us, you may contact us to request access, correction, deletion, or export, subject to applicable legal, accounting, security, and subscription-management requirements.