← Back to Baytek

Backlog Guard for Azure DevOps — Privacy Policy

Last updated: May 31, 2026

Overview

Backlog Guard (“the Extension”) is a free Azure DevOps extension published by Baytek Software (“Baytek”, “we”, “us”). The Extension runs entirely in the customer's browser and inside Azure DevOps. There is no Baytek backend in the request path. There is no account, no license key, and no telemetry.

1. Data the Extension reads from Azure DevOps

The Extension uses the following Azure DevOps scopes, declared in its manifest:

  • vso.work_write— read work items, and (only when the user clicks “Create remediation task”) create a single follow-up task
  • vso.dashboards — render the Backlog Guard health dashboard widget
  • vso.analytics — read Analytics data used for trend and readiness scoring

With those scopes the Extension reads, on demand: work item fields (title, state, description, acceptance criteria, repro steps, story points, tags, links, dates), the current iteration / sprint context, and project / team metadata required to scope a scan. This data stays in the customer's browser and is not sent to Baytek.

2. Data persisted in the customer's Azure DevOps tenant

Configuration is persisted via Microsoft's Azure DevOps Extension Data Service. That storage is hosted by Microsoft and scoped to the customer's organization. Baytek does not host or have access to it. This includes:

  • rule selection, severity thresholds, field mappings, and custom rule JSON
  • per-user UI preferences (tab order, theme, last-used filter)
  • optional AI provider settings, including any AI provider API key the user enters(see “AI integrations” below)

3. Data Baytek stores on its own systems

None. Backlog Guard does not operate a backend. Baytek does not receive work item content, telemetry, install events, heartbeats, error reports, or any other event from the Extension. There is no Baytek-side license database for this product.

4. AI integrations (optional, off by default)

Backlog Guard offers an optional AI-assist that suggests remediation actions for findings. AI is off by default. The button to invoke an AI suggestion does not render until an organization administrator saves an API key. When AI is enabled:

  • The API key is stored in the customer's own Azure DevOps Extension Data Service. Baytek does not receive it.
  • Prompts are sent from the customer's browser directly to the configured provider (for example api.openai.com or api.anthropic.com). Baytek's servers are not in the request path.
  • Prompt content includes the work item fields needed to describe the finding. The customer's relationship with the AI provider governs that data.

5. Network calls

With AI disabled, the Extension makes no outbound network calls other than to Azure DevOps' own APIs (under the user's existing session). With AI enabled, the only additional outbound calls are to the AI provider endpoint the user configured.

6. Sub-processors

Backlog Guard has no Baytek-managed sub-processors. Microsoft Azure DevOps hosts the customer's tenant and the Extension Data Service used for configuration storage — that relationship is between the customer and Microsoft.

7. Data retention

All configuration and per-user state lives in the customer's Azure DevOps tenant. Uninstalling the Extension causes Microsoft to remove that data per the Extension Data Service policy. Baytek retains nothing because Baytek collects nothing.

8. Security controls

  • HTTPS is required for all outbound traffic
  • API keys for AI providers are stored as password-type fields and never logged
  • The Extension only writes a work item when the user explicitly clicks “Create remediation task”; all other operations are read-only

9. Your rights and choices

  • Do not enable the optional AI integration if you do not want AI to see work item content
  • Uninstall the Extension at any time; configuration is removed by Microsoft per the Extension Data Service policy
  • Because Baytek does not store any customer data for this product, there is no Baytek-side data to export, rectify, or delete

10. Changes to this policy

We may update this Privacy Policy. Material changes will be reflected in the “Last updated” date above. Continued use of the Extension after changes constitutes acceptance.

11. Contact