To support Terminus Relationships' analysis of your company's email activity and to build a relationship graph, we ask for the following permissions when we connect your O365 account to our Terminus Relationships processing pipeline:
Sign-in and read user profile - User.Read
This represents basic oAuth permissions for any Office365 application.
Access user's data anytime - OpenID Delegated Permission - offline_access
Allows the app to read and update user data, even when they are not currently using the app.
Read mail in all mailboxes - Mail.Read
In order to analyze your company's email activity, we first need permission to read your employee emails.
This permission does give us access to read all fields of your email, however, we do not download attachments and we do not store email subject lines or email bodies. We only store the senders, recipients, and timestamps of emails.
We have access to email subject lines and email bodies in-memory only to filter transactional emails. This information is never stored on the Terminus servers.
Read directory data - Directory.Read.All
We ask for permission to read your user directory so that we can find the mailboxes and email addresses we need to process.
Read all users’ full profiles - User.Read.All
Terminus Relationships uses this permission to properly match mailboxes to users in Email Experiences.
Read calendars in all mailboxes - Calendars.Read
Terminus Relationships also analyzes calendar events to help gather relationship and location intelligence. Similar to emails, while we do have access to all calendar fields, we only store the sender, recipient, timestamp and location of a calendar event.