Privacy Policy

Last updated: 05.03.2026

Effective date: January 1, 2025

This Privacy Policy describes what data the StaffTransfer application collects and processes, and how it is used and protected.

1. Data We Collect

When the application is installed and used, we receive and store the following data:

• Portal technical data: Bitrix24 domain (e.g. company.bitrix24.com), portal identifier (member_id), license parameters.
• OAuth tokens: access_token, refresh_token, expiration time (expires_at). Received exclusively from Bitrix24 servers during app installation via OAuth 2.0 and used solely for authorized requests to the Bitrix24 REST API. During normal app usage, tokens are never transmitted from the user's browser to our server.
• Installer data: name, email, and job title of the user who installed the app — provided by Bitrix24 during OAuth authorization at install time.
• Reassignment operation log: internal Bitrix24 user identifiers of the operation participants (from_user_id, to_user_id), object types, and reassigned record counts. Employee names are not stored. Does not include the content of tasks, messages, or documents.

2. Data We Do NOT Collect

• Content of tasks, chats, files, or documents.
• Personal data of portal employees beyond those listed in section 1.
• Financial, payment, or banking data.

3. How Data Is Used

Collected data is used solely for:

• Maintaining an OAuth session with Bitrix24 (automatic token refresh).
• Storing reassignment operation history within your portal.
• Diagnosing and resolving technical issues.

Data is not shared with third parties, sold, or used for marketing purposes.

4. Where Data Is Stored

Data is stored in a database on the server used to run the application. The server is located in the EU or Russia (depending on deployment configuration). Data is not transferred outside the country of storage.

5. Retention Period

• Tokens and portal data are retained as long as the app is connected to the portal.
• Operation logs are retained for 12 months and may then be deleted.
• Upon app removal from the portal, all associated data is deleted upon request within 30 days.

6. Security

We apply technical and organizational measures to protect data: HTTPS encryption, restricted database access, regular component updates.

7. Your Rights

The portal administrator may:

• Request deletion of all data associated with the portal.
• Request information about stored data.

To exercise these rights, contact us at the email address on the app's support page. Requests are processed within 10 business days.

8. Policy Changes

We reserve the right to update this Policy. For significant changes, users will be notified through Bitrix24 Marketplace. Continued use of the App constitutes acceptance of the updated Policy.

9. Contact

For privacy-related inquiries, contact the email address provided on the app's support page.