2cnot2

Legal / Privacy Policy

Privacy Policy

Lens Ecosystem Platform — Version 1.1

Company Details

Company Name: 2cnot2 PTY LTD

ABN: 49 695 372 000

Email: hello@2cnot2.com

Website: www.2cnot2.com

1. Introduction

2cnot2 Pty Ltd (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use the Lens Ecosystem platform, which provides discovery and security intelligence services for Microsoft 365 (M365) and Microsoft Azure environments.

We are committed to compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For users located in the European Economic Area, we also commit to compliance with applicable GDPR obligations where relevant.

2. What We Collect

We collect the following categories of information:

Account Information:

  • Name, email address, and contact details provided during registration
  • Organisation name and billing information (if applicable)
  • Authentication is handled entirely by Microsoft Entra ID. 2cnot2 does not store, handle, or have access to your login credentials

M365 and Azure Configuration Metadata:

  • Tenant configuration settings and policy metadata from M365 and Azure environments (read-only)
  • Mailbox names, SharePoint library names, and permission groups are collected and shown within reports
  • Security posture data, role assignments, and service configurations
  • This metadata is encrypted and visible only to users within the tenant that generated it. 2cnot2 cannot access, view, or use this metadata without explicit consent from the tenant
  • Each user's session and associated metadata is private to that user, or to others within their organisation that they choose to share it with

Platform Usage Telemetry:

  • Feature usage statistics and interaction logs
  • Error logs and performance diagnostics
  • Browser type, IP address, and session information

This telemetry data is the only data 2cnot2 has visibility of. It does not include any M365 or Azure configuration metadata or user content.

3. What We Do NOT Collect

2cnot2 does not collect, and has no technical ability to access, view, or store any of the following:

  • Email content or attachments from M365
  • SharePoint, OneDrive, or Teams file content
  • Teams messages or chat history
  • Personal data of your end users within your M365 or Azure tenant
  • Any user-generated content within your M365 or Azure environment

2cnot2 has no visibility into the content of your organisation's Microsoft 365 or Azure environment. The Platform connects using read-only permissions and snapshots configuration metadata only. That metadata is encrypted and inaccessible to 2cnot2.

4. How We Use Your Information

We use collected information to:

  • Deliver and operate the Lens Ecosystem platform
  • Generate security scores, reports, and AI-powered insights within your tenant session
  • Improve and develop Platform features based on anonymised telemetry
  • Comply with legal obligations
  • Detect and prevent fraud or misuse of the Platform

5. Data Storage and Residency

All data collected by the Platform is processed and stored exclusively in Australian data centres. No data is transferred to or processed in any overseas jurisdiction.

This applies to:

  • Configuration metadata collected from your M365 and Azure tenants
  • Account and user information
  • Platform usage telemetry and analytics

The Platform is hosted on Microsoft Azure, utilising Australian Azure regions (Australia East and/or Australia Southeast). Microsoft Azure is bound by strict data residency and security obligations under their enterprise agreements.

6. Data Sharing

We do not sell, rent, or share your personal information or configuration metadata with third parties, except:

  • Where required by law or valid legal process (e.g. court order, regulatory requirement)
  • With trusted hosting and infrastructure providers, specifically Microsoft Azure (Australian regions), who process data strictly for the purpose of hosting and delivering the Platform under confidentiality obligations
  • In the event of a merger, acquisition, or sale of 2cnot2, where data may be transferred as part of that transaction (with prior notice to users)

We will never sell your data to advertisers or data brokers.

7. Data Retention

We retain your data for as long as your tenant account is active. Retention and deletion are managed at the tenant level:

  • Upon termination of a tenant, all stored M365 and Azure configuration metadata associated with that tenant will be permanently deleted within 30 days
  • Deletion is triggered when all users of a tenant have left the Platform or the tenant account is otherwise terminated
  • Contact and account information from prior use may be retained in our customer management records (CMDB) unless you specifically request deletion of this information
  • Usage telemetry may be retained in anonymised, aggregated form for platform improvement purposes
  • Account information may be retained for up to 7 years where required by applicable law

8. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS) and at rest (AES-256)
  • All M365 and Azure configuration metadata is encrypted and accessible only to the tenant that generated it
  • Access controls and role-based permissions via Microsoft Entra ID
  • Regular security reviews and vulnerability assessments
  • Audit logging of all Platform access

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal retention requirements)
  • Complain about a breach of your privacy

To exercise these rights, contact us at: hello@2cnot2.com

If you are located in the European Economic Area, you may have additional rights under GDPR including the right to data portability and the right to object to processing. Contact us to exercise these rights.

10. Cookies and Tracking

The Platform uses cookies and similar technologies for authentication, session management, and usage analytics. You can control cookie settings through your browser, however disabling certain cookies may affect Platform functionality.

We do not use third-party advertising cookies or tracking pixels.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-Platform notification. Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Complaints

If you believe we have breached your privacy, please contact us first at hello@2cnot2.com. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13. Contact

All enquiries: hello@2cnot2.com

© 2026 2cnot2 PTY LTD. All rights reserved.