Status Portal for Azure DevOps — Privacy Policy
Last updated: May 31, 2026
Overview
Status Portal (“the Extension”) is an Azure DevOps extension and companion public status page published by Baytek Software (“Baytek”, “we”, “us”). It lets an Azure DevOps organization declare incidents and maintenance windows from inside Azure DevOps and publish a branded public status page with optional subscriber email notifications. This policy explains what data the Extension touches, what Baytek hosts on the customer's behalf, and what is shared with sub-processors.
1. Azure DevOps data the Extension reads
The Extension declares the following Azure DevOps scopes:
vso.profile— the signed-in user's display name and email, used to attribute incident updates and audit log entriesvso.graph— read group/membership info used by Status Portal's role-based access control (Admin / User)
Status Portal does not read Azure DevOps work items, code, pipelines, or pull requests.
2. Data Baytek stores on its own systems
Status Portal operates a Baytek-hosted backend that powers the public status page and subscriber notifications. The following data is stored:
- Incident records: title, body, severity, component, timestamps, status updates, and audit log of who changed what
- Maintenance window records: title, body, scheduled start/end, affected components
- Component & component-group configuration: names, descriptions, ordering, current state
- Branding configuration: organization name, logo URL, custom domain, notification “from” email address, optional public API key
- Subscriber records: email address, subscription scope (organization-wide or per-component), confirmation/unsubscribe tokens, opt-in timestamp
- Admin / user records: Azure DevOps display name + email of users granted Admin or User role in Status Portal's access control
- Activity log: who changed which incident, maintenance window, or setting and when
3. Public status page
The public status page at https://status.baytekdev.com/(or the customer's configured custom domain) displays current component health, active incidents, scheduled maintenance windows, and recent history. The public page does not require sign-in, does not set personalisation cookies, and does not expose subscriber email addresses.
4. Subscriber email notifications
End users can subscribe to incident and maintenance notifications. When they do:
- Their email address is stored against the configured organization, with a confirmation/unsubscribe token
- Notification emails are sent through Baytek's email sub-processor (see §6) when a subscribed-to event changes state
- Each email includes a one-click unsubscribe link that removes the address from the subscriber list
- Subscriber addresses are not used for marketing, are not sold, and are not shared with third parties beyond what is required to deliver the email
5. Cookies and local storage
The in-Azure-DevOps admin hub uses local storage for UI preferences (theme, last-used tab). The public status page may set a short-lived cookie to remember the visitor's theme preference. No third-party analytics or advertising cookies are set.
6. Sub-processors
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Microsoft Azure DevOps | Hosts the customer's tenant and the admin hub | Customer-controlled (display name, email of in-product users) |
| Google Firebase / Cloud Firestore (Google LLC) | Hosts the Status Portal backend (database and serverless runtime) | Incident / maintenance / component records, subscriber list, activity log, branding config |
| Email sub-processor | Delivers subscriber notification emails | Recipient email address, organisation name, incident/maintenance content |
7. Data retention
- Resolved incidents and completed maintenance windows are retained indefinitely for transparency, unless the organisation admin deletes the record
- Activity log is retained for 13 months
- Subscriber addresses are retained until the subscriber unsubscribes or the organisation admin removes them
- On uninstall, Baytek retains the organisation's data for 30 days to allow recovery, then deletes it
8. Security controls
- HTTPS is required for all backend traffic
- Admin actions are authorised against the organisation's Azure DevOps identity
- Subscriber unsubscribe links are signed, single-purpose tokens
- The public API key (if enabled) is stored hashed; raw values are never logged
9. Your rights and choices
- Subscribers can unsubscribe at any time via the one-click link in every notification email
- Organisation admins can delete any incident, maintenance window, subscriber, or activity log entry from inside the admin hub
- You can request deletion of your organisation's Status Portal data by emailing support
10. Changes to this policy
We may update this Privacy Policy. Material changes will be reflected in the “Last updated” date above. Continued use of the Extension after changes constitutes acceptance.
11. Contact
- Email: support@baytekdev.com
- Status page: https://status.baytekdev.com/
- Company: Baytek Software
12. Data protection rights (GDPR / CCPA)
If you are in the EU / EEA, UK, or California, you have rights under GDPR, UK GDPR, and CCPA, including access, rectification, erasure, restriction, portability, and objection. Email support@baytekdev.com to exercise them. Baytek responds to verified requests within 30 days as required by applicable law.