Privacy Policy

Zentra AI Assistant for Microsoft Teams
Last updated: July 8, 2026

This Privacy Policy explains how AurialAI ("we", "us", "our") collects, uses, and protects information in connection with the TarielAI ("the Bot"), a Microsoft Teams application that answers mortgage-operations questions for members of an installing organization ("your organization").

Scope. The Bot is provided to organizations for their internal team use. Your organization is the controller of the data processed through the Bot; we act as a processor on its behalf. If you are an end user, please also review your organization's own privacy policies.

1. Information we collect

The Bot collects and stores only what it needs to answer questions, learn from feedback, and maintain an administrative audit trail:

Category What it includes Why
Message content The text of messages in channels and chats where the Bot is installed — including messages in which the Bot is not directly mentioned — and the text of files (e.g. PDFs) attached to those messages. To answer questions, provide relevant thread context, and (for admin-approved files) add content to the Bot's knowledge base.
User identifiers Your Microsoft Entra (Azure AD) object ID, Teams user ID, and display name. To route replies, enforce administrator permissions, and record who took admin actions.
Feedback signals Reactions (e.g. like/heart, sad/angry) you add to the Bot's answers, stored as an approval/disapproval vote tied to a given answer. To surface previously well-rated answers to similar future questions.
Knowledge content Documents, URLs, and text that administrators approve and ingest (including optional Google Drive policy files), stored as text chunks with numeric embeddings. To retrieve relevant company knowledge when answering.
Operational records Conversation references, an administrative audit log, message-deduplication records, and configuration settings. To deliver replies reliably and maintain security/accountability.

The Bot does not intentionally collect payment details, government ID numbers, or other sensitive personal data. Please do not submit such information to the Bot.

2. How the Bot receives messages

With your organization's consent, Microsoft Teams grants the Bot resource-specific consent (RSC) permissions (ChannelMessage.Read.Group, TeamMember.Read.Group, TeamSettings.Read.Group). These allow the Bot to read messages in the teams where it is installed so it can provide conversation context and learn from feedback. An organization administrator controls installation and can remove the Bot at any time.

3. How we use information

We do not sell personal information, and we do not use your organization's message content to train our own foundational models.

4. Third-party service providers (subprocessors)

To operate, the Bot shares limited data with the following providers:

Provider Data shared Purpose
Microsoft (Azure Bot Service, Bot Framework, Azure App Service) Message activities and identifiers required to deliver messages; application hosting. Message transport and hosting.
OpenAI Question text, relevant context, and content to be embedded are sent to the OpenAI API to generate answers and embeddings. Answer generation and semantic search. OpenAI does not use API data to train its models by default.
U.S. government / public endpoints (HUD, FEMA, U.S. Census geocoder) Only the specific lookup input, such as a property address or condominium name, when a lookup tool is invoked. FHA approval, flood-zone, and official-source lookups.
Google (Google Drive), if enabled by your organization Access to configured Drive folders your organization designates as knowledge sources. Syncing policy documents into the knowledge base.

5. Public lookup tools

When a question warrants it, the Bot may query public government sources (HUD's FHA condo database, FEMA's flood layer, the U.S. Census geocoder) or perform a web search. Only the data needed for that lookup — typically an address or entity name — is transmitted. These are public services subject to their own terms and privacy practices.

6. Data storage and retention

Data is stored in a database controlled by your organization's deployment of the Bot. Feedback signals are stored at the response level and persist across knowledge re-ingestion. Retention is governed by your organization's policies; message and knowledge data are retained until deleted by an administrator or until the Bot is removed. Conversation logs are retained for 3 months.

7. Security

We use reasonable technical and organizational measures to protect data, including authenticated messaging endpoints and access controls limiting administrative commands to designated administrators. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. Because your organization controls the data processed by the Bot, please direct such requests to your organization's administrator, who can also contact us for assistance.

9. Children's privacy

, The Bot is a workplace tool not directed to children and is not intended for anyone under 16.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

11. Contact

Questions about this policy or our data practices:

AurialAI
it@aurialai.com