Agile Analytics for Azure DevOps — Privacy Policy
Last updated: May 3, 2026
Overview
Agile Analytics (“the Extension”) is an Azure DevOps extension published by Baytek Software (“Baytek”, “we”, “us”). It processes Azure DevOps data inside the customer's browser to render dashboards and reports. This policy explains what data the Extension touches, where it goes, and what Baytek stores on its own systems.
1. Data the Extension reads from Azure DevOps
The Extension uses read-only Azure DevOps scopes (vso.project, vso.work, vso.graph). With those scopes, the Extension reads, on demand:
- project, team, sprint, and iteration metadata
- work item fields and revision history needed for analytics
- pull request summary metrics (when enabled by scope and feature use)
- group and membership info needed for Access Control
This data stays in the customer's browser. It is not sent to Baytek.
2. Data persisted in the customer's Azure DevOps tenant
Configuration and per-user preferences are persisted via Microsoft's Azure DevOps Extension Data Service. This storage is hosted by Microsoft and scoped to the customer's organization. Baytek does not host or have access to it.
This includes:
- extension configuration (workflow mappings, WIP limits, sprint alerts, notifications, ACL)
- per-user UI preferences
- AI provider settings, including any AI provider API key the customer enters (org admins only — see “AI integrations” below)
- License activation token and license summary (cached locally so the Extension can revalidate)
3. Data Baytek stores on its own systems
Baytek operates a backend at https://ado-analytics.baytekdev.com that handles licensing and a small set of contact-form / telemetry events. The following data is stored on Baytek-controlled systems:
- License records: Azure DevOps organization name, ADO organization ID, plan, expiry, status, activation tokens issued by Baytek
- Org install / heartbeat events: organization name, ADO organization ID, extension version, event type (
INSTALLED/HEARTBEAT/UNINSTALLED), and timestamps. Used to count active installs and identify orgs whose extension stops loading - Trial-contact submissions (optional, opt-in): an admin email address submitted via the in-extension reminder prompt, plus the org name and ADO organization ID. Used only to send day-23 / day-28 trial-end reminders
- Payment metadata via Stripe (sub-processor): Stripe holds payment instrument data; Baytek never receives raw card numbers
Baytek does not receive Azure DevOps work item content, sprint data, AI prompts, AI responses, or AI provider API keys.
4. AI integrations (optional, off by default)
If an organization admin enables the AI assistant and enters an API key for OpenAI, Anthropic Claude, or GitHub Copilot:
- The API key is stored in the customer's own Azure DevOps Extension Data Service (org-scoped). Baytek does not receive it.
- AI requests are sent from the customer's browser directly to the chosen provider (
api.anthropic.com,api.openai.com, or the configured Copilot endpoint). Baytek's backend is not in the request path. - Prompt content includes aggregated sprint context. The customer's relationship with the AI provider governs that data.
5. Webhook integrations (optional)
If notifications are enabled, the Extension posts alert payloads from the customer's browser directly to the configured Microsoft Teams or Slack webhook URL. Hostnames are restricted to approved provider domains. Baytek's backend is not in the request path.
6. Sub-processors
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Microsoft Azure DevOps | Hosts the customer's tenant + Extension Data Service | Customer-controlled |
| Stripe (Stripe, Inc.) | Payment processing and payment-related receipts / subscription notifications | Billing details for purchasers only |
| Google Firebase / Cloud Firestore (Google LLC) | Hosts ado-analytics.baytekdev.com backend (database and serverless runtime) | License records, activation tokens, install/heartbeat telemetry, opt-in trial-contact emails |
| Zoho Mail (Zoho Corporation Pvt. Ltd.) | Custom-domain email — sends license-key delivery and trial-end reminders | Recipient email address and organization name |
7. Data retention
- License records: retained for the life of the customer's account plus 7 years for tax / contract reasons
- Activation tokens: rotated on each successful re-validation (every ~12 hours of active use). Revoked tokens are retained for 90 days for audit
- Org install / heartbeat events: aggregated; raw events retained 13 months
- Trial-contact email: retained until the trial ends or the recipient requests deletion (max 90 days post-trial)
8. Security controls
- HTTPS is required for all outbound traffic
- Read-only Azure DevOps scopes (
vso.project,vso.work,vso.graph) — the Extension cannot modify work items or repository content - API keys for AI providers are stored as
password-type fields and never logged - License activation tokens are bearer credentials and are not logged
- Content-Security-Policy on the Extension's iframe restricts outbound connections to known endpoints
9. Your rights and choices
You can:
- disable optional AI integrations and notifications
- request deletion of any trial-contact email or license-related contact data by emailing support
- uninstall the Extension; this removes it from the ADO tenant. License records are retained per the retention policy above
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the “Last updated” date above. Continued use of the Extension after changes constitutes acceptance.
11. Contact
For privacy-related questions, deletion requests, or data-protection rights:
- Support: https://ado-analytics.baytekdev.com/support/
- Email: support@baytekdev.com
- Company: Baytek Software
12. Data protection rights (GDPR / CCPA)
If you are in the EU / EEA, UK, or California, you have rights under GDPR, UK GDPR, and CCPA, including access, rectification, erasure, restriction, portability, and objection. Most of these rights can be exercised by:
- uninstalling the Extension (clears the customer-tenant data); or
- emailing
support@baytekdev.comfor deletion of any Baytek-held license or trial-contact records
Baytek responds to verified requests within 30 days as required by applicable law.