This policy describes what information Crossover Central ("the Service", "we") collects when you use the platform — including the Outlook Web Add-in, the admin console, and the standalone management board — and how we handle it.
What we collect
Identity from Microsoft Entra ID
When you sign in, we receive your Object ID (OID), display name, email, user principal name, tenant ID, and your group memberships from Microsoft Entra ID via Microsoft Graph. We use these to authenticate you, determine your role (operator, supervisor, manager, admin), and route your reports to the correct department and shift. We do not store passwords; sign-in is delegated to Microsoft.
Shift report content
The data you enter into shift report templates is stored in your facility's database — a SQL Server or SQLite instance configured during setup. Self-hosted customers run this database on their own infrastructure; Brantner-hosted customers run it on infrastructure operated by Brantner Solutions LLC. Reports include the field values you submit, attached files, the audit trail of edits and reviews, and metadata such as the shift date, template used, and who submitted/reviewed/approved.
Operational telemetry
The application logs request paths, status codes, and error messages to local files on the server for the operator's debugging use. We do not transmit these logs to Brantner Solutions unless you explicitly send them to us for support.
What we do not collect
- Email content from your mailbox. The Outlook Add-in declares the
ReadItempermission, which lets it know which item the task pane was opened from but does not allow it to read the message body, send mail on your behalf, or modify your mailbox. - Personal Microsoft account data. The add-in is restricted to work and school accounts.
- Behavioral or marketing tracking. There are no third-party analytics, advertising trackers, or session recordings.
How we use it
- To run the product. Identity to authenticate you; report content to render summaries, dashboards, and the trends board.
- To send shift summary emails. When an admin approves and sends a summary, the recipient list configured for that template receives a branded email with the report content. Email is sent through the SMTP server you configure during setup.
- To support you. If you contact support, we may ask you to share log excerpts or screenshots. We never read these without your action.
Where data is stored
Self-hosted: entirely on your infrastructure. The Crossover Central installer runs as a Windows service on a server you control; the database is on your SQL Server or local SQLite file; attachments are written to a directory you configure. Brantner Solutions has no access to this data.
Brantner-hosted: on infrastructure operated by Brantner Solutions LLC, located in the United States. The hosted service is accessed at crossover.brantnersolutions.com and is fronted by Cloudflare. The data layer is logically separated per customer.
Who can see your data
- Authenticated users in your tenant, scoped to the role assigned to them by your Entra group configuration. Operators see their own department's templates and reports; supervisors and admins see broader.
- Recipients of summary emails you explicitly send.
- Brantner Solutions personnel only if you are on the hosted plan and explicitly grant access for support.
Data retention
Reports, history rows, and email summaries persist for the lifetime of your installation. There is no automatic purging. Self-hosted customers control retention via their own database administration. Brantner-hosted customers can request deletion of their tenant's data by contacting us; we will delete within 30 days.
Sub-processors
The Brantner-hosted plan uses the following sub-processors. Self-hosted customers do not use any of these unless they configure them themselves.
- Microsoft Entra ID + Microsoft Graph — identity and group lookups.
- Cloudflare — TLS termination and CDN.
- Google Fonts — the admin console and Outlook add-in load the Inter typeface from
fonts.googleapis.com/fonts.gstatic.com. Google logs IP addresses of font requests for abuse prevention; no user identifiers or page content are sent. - The SMTP provider you configure — for sending summary emails. Self-hosted customers commonly use their own Exchange or Microsoft 365 mailbox.
Your rights
If you are an end user in a customer's tenant, your rights are governed by your employer's data policies. If you are a customer (the entity that purchased the license), you may request a copy of your data, correction of inaccurate data, or deletion at any time. Self-hosted customers can do this directly via their own database. Brantner-hosted customers can email [email protected].
Security
All connections are HTTPS-only. Authentication is delegated to Microsoft Entra ID; we never see or store passwords. Tokens are short-lived (one hour) and validated server-side on every request. The API requires a valid bearer token for all data endpoints; the only anonymous endpoints are the standalone management board's read-only feeds (board configuration and KPI summaries).
Changes to this policy
We may update this policy as the product evolves. Material changes will be reflected in the "Last updated" date and posted on this page. Continued use of the Service constitutes acceptance.
Contact
Brantner Solutions LLC
[email protected]