IntuneBrew | Homebrew ❤️ Intune

1. Data Protection at a Glance

General Notes

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for the data collection on this website?

Data processing on this website is carried out by the website operator. His contact details can be found in the section "Note about the responsible entity" in this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form or when you sign in with your Microsoft account.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g., Internet browser, operating system, or time of the page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data is used to provide the IntuneBrew service, including authenticating you, deploying applications to your Microsoft Intune tenant, and sending you notifications about application updates.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have a right to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to demand the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Contract Performance (Art. 6(1)(b) GDPR)

Processing necessary to provide the IntuneBrew service, including authentication, app deployment, and account management.

Consent (Art. 6(1)(a) GDPR)

For optional features like analytics cookies and marketing communications. You can withdraw consent at any time.

Legitimate Interests (Art. 6(1)(f) GDPR)

For security measures, fraud prevention, service improvement, and protecting our rights. We balance these interests against your privacy rights.

Legal Obligation (Art. 6(1)(c) GDPR)

When we are required to process data by law, such as for tax records or responding to legal requests.

3. Data We Collect

Identity and Authentication Data

When you sign in with Microsoft Entra ID, we receive:

User Object ID (oid) - Your unique Microsoft identifier
User Principal Name (upn) - Your Microsoft account username
Email address
Display name
Tenant ID - Your organization's Microsoft identifier

Usage Data

We collect data about how you use the service:

Applications you deploy to Intune
Deployment history and status
User settings and preferences
Notification preferences
Profile image (if uploaded)

Technical Data

Automatically collected for security and service operation:

IP address
Browser type and version
Operating system
Referring website
Pages visited and time spent
Date and time of access

Feedback and Communications

When you submit feedback or contact us, we collect your name, email address, and the content of your message.

4. Hosting

Vercel

This website is hosted on Vercel. When you visit our website, Vercel may collect various log files including your IP addresses for security and performance purposes.

For more information, please refer to Vercel's privacy policy: vercel.com/legal/privacy-policy

5. Subprocessors

We use the following third-party services to process your data:

Service	Purpose	Location
Supabase	Database and backend services	United States
Vercel	Website hosting	United States
Microsoft Azure	Authentication, queue storage	EU / United States
Resend	Email delivery	United States
Plausible Analytics	Privacy-focused website analytics	European Union

For enterprise customers, our Data Processing Agreement provides additional details about our subprocessor arrangements and commitments.

6. International Data Transfers

Transfers Outside the EEA

Some of our subprocessors are located in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

EU-U.S. Data Privacy Framework - For transfers to certified U.S. organizations
Standard Contractual Clauses (SCCs) - EU-approved contract terms that provide adequate protection
Technical Measures - Encryption and access controls to protect data in transit and at rest

7. Data Retention

We retain your data for different periods depending on the type and purpose:

Data Type	Retention Period
Account data	Until account deletion or 2 years of inactivity
Deployment history	12 months
Server logs	90 days
Analytics data	24 months (aggregated)
Support communications	3 years
Access tokens	Session only (not stored permanently)

After the retention period, data is securely deleted or anonymized. We may retain data longer if required by law or for legitimate legal purposes (e.g., tax records, legal disputes).

8. Cookies and Tracking

What Are Cookies?

Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies to provide and improve our service.

Types of Cookies We Use

Essential Cookies

Required for the website to function. Cannot be disabled.

cookie-consent - Stores your cookie preferences

Analytics Cookies (Optional)

Help us understand how visitors use our website. Only set with your consent.

Plausible Analytics - Privacy-focused, no personal data collected

Managing Cookies

You can manage your cookie preferences:

Through our cookie consent banner when you first visit
By clearing cookies in your browser settings
By using browser extensions that block tracking

Note: Disabling essential cookies may prevent parts of the website from functioning correctly.

Session Storage

We use browser sessionStorage (not cookies) to store your Microsoft authentication tokens. This data is automatically cleared when you close your browser tab.

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15)

Request a copy of your personal data we hold.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17)

Request deletion of your data ("right to be forgotten").

Right to Restrict Processing (Art. 18)

Request limitation of how we process your data.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@ugurlabs.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

10. Data Breach Notification

Our Commitment

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours
Notify affected individuals without undue delay if there is a high risk
Document the breach and our response measures
Take immediate steps to contain and mitigate the breach

For enterprise customers, our Data Processing Agreement provides additional details about breach notification procedures.

11. Automated Decision-Making

No Automated Decision-Making

IntuneBrew does not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. All significant decisions involving your data are made by humans.

Automated Processing

We do use automated processing for operational purposes such as rate limiting (based on IP address and user ID), fraud detection, and service optimization. These do not make decisions that legally affect you.

12. General Notes and Mandatory Information

Privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this privacy policy.

Note on the Responsible Entity

The responsible party for data processing on this website is:

Ugur KocVon-Sauer-Str. 33b
22761 Hamburg
Germany

Email: support@ugurlabs.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last updated" date at the top of this page. For material changes, we may also notify you by email or through the Service.

Privacy Policy