Privacy Policy
Last updated: April 19, 2026 · Effective: April 19, 2026
MigrationFox (the "Service") is operated by MigrationFox Inc. ("we", "us", "MigrationFox"), an Ontario, Canada corporation. This Privacy Policy explains what personal information we collect, why we collect it, how long we keep it, who we share it with, and what your rights are as a user.
We take privacy seriously because we're in the data migration business. Our entire product depends on customers trusting us with access to their Microsoft 365 tenants, cloud storage accounts, and file content. We treat that trust as our operating license.
Jurisdiction: This policy is governed by the laws of the Province of Ontario and the federal laws of Canada (including the Personal Information Protection and Electronic Documents Act, "PIPEDA"). Where applicable, we also comply with the California Consumer Privacy Act ("CCPA") and the EU General Data Protection Regulation ("GDPR").
1. What data we collect
Account data
When you register for MigrationFox, we collect your name, email address, and password hash. If you join an existing tenant via an invitation link, we collect your name and email only.
Billing data
Payment processing is handled entirely by Stripe. We do not see, store, or have access to your full credit card number or CVV. We store the Stripe Customer ID, Subscription ID, and the last 4 digits of the card for receipts. Billing address and tax information are stored in Stripe and synced to us for invoice display.
Tenant configuration data
When you connect a source or destination to MigrationFox (e.g. a Microsoft 365 tenant, a Google Workspace, a Dropbox account), we store the credentials you provide — OAuth refresh tokens, service account keys, or API tokens — encrypted at rest with AES-256-GCM. You choose what we connect to; we never discover or enumerate credentials on our own.
Migration + assessment data
When you run a migration job or a Copilot Readiness assessment, MigrationFox calls your connected platform's API (e.g. Microsoft Graph, Google Drive API) and reads the data you authorized the scan over. For migrations this includes file content + metadata + permissions. For assessments this is read-only metadata only (site properties, group memberships, policy states) — we never read or store your actual document content during an assessment scan.
Operational logs
We store audit logs of actions taken in MigrationFox (job created, finding remediated, share link minted, etc.), error telemetry, and performance metrics. Audit logs retain the actor email and IP address for 90 days by default.
2. Why we collect it
- Deliver the service you paid for — migration jobs, governance assessments, monitoring alerts, file archiving
- Bill you correctly — usage-based credits, one-time assessment purchases, subscription management
- Authenticate you securely — password login, magic links, optional MFA
- Send service emails — job completion notifications, monthly assessment runs, password resets, billing receipts
- Protect the platform — detect abuse, prevent fraud, investigate security incidents
- Improve the product — aggregated, anonymized usage patterns inform engineering priorities
3. How long we keep it
- Account data — for the lifetime of your account, plus 30 days after cancellation for dispute resolution, then deleted.
- Billing records — 7 years per Canada Revenue Agency tax retention rules.
- Migration job metadata — 90 days after job completion, then purged. Raw scan items and file records are purged along with the job.
- Assessment findings — stored encrypted for 90 days from purchase (the access window you paid for). After that, findings are deleted but the aggregate score + module-level summary is retained indefinitely for trend charts.
- Credentials you provided — deleted immediately when you delete the credential in MigrationFox, or within 30 days of account deletion, whichever comes first.
- Audit logs — 90 days.
- Error telemetry — 30 days.
4. Who we share it with
We use the following sub-processors to deliver the Service. We pick each one because its security posture matches or exceeds our own, and we review them annually.
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Payment method, billing address | USA / Canada |
| Railway Corp. | Application + database hosting (API, PostgreSQL, Redis) | All user + tenant data | USA |
| Oracle Cloud Infrastructure | Worker hosting (job execution, assessment scans) | Transient job + scan data | Canada (Toronto region) |
| Vercel Inc. | Frontend + marketing site hosting | Static assets, request logs | Global CDN |
| Resend | Transactional email delivery | Email address, email subject + body | USA |
| Microsoft Corporation | Graph API, SharePoint Migration API (called on your behalf when you connect a Microsoft tenant) | Your choice of scopes — you control what we read | Per your Microsoft tenant's region |
| Google LLC | Google Drive API (called on your behalf when you connect a Google Workspace) | Your choice of scopes | Per your Google Workspace region |
We do not sell personal data to anyone. We do not share data with advertisers. We do not use your data to train AI models.
5. Your rights
Under PIPEDA, CCPA, and GDPR you have the right to:
- Access the personal information we hold about you. Request via support@migrationfox.com; we respond within 30 days.
- Correct any inaccurate personal information. You can edit name and email directly in Account settings.
- Delete your account and personal information. Use the "Delete account" action in Account settings, or email us. Deletion removes account data + credentials within 30 days. Billing records are retained per tax law (see Section 3).
- Export your data in a machine-readable format (JSON). Available on request.
- Withdraw consent for specific processing (e.g. marketing emails) without affecting the Service.
- Lodge a complaint with the Office of the Privacy Commissioner of Canada (for PIPEDA) or your local data protection authority (for GDPR).
6. Cookies and tracking
The marketing site (migrationfox.com) uses essential cookies for navigation only. No advertising trackers, no third-party analytics by default. We may add privacy-respecting analytics (such as Plausible) in the future; if we do, we will update this policy before activating them.
The app (app.migrationfox.com) uses a session cookie for authentication and a local storage entry for your JWT. These are essential to the Service and cannot be disabled.
7. Security
- All data in transit is TLS 1.2+ encrypted.
- All credentials and sensitive findings are encrypted at rest with AES-256-GCM. Encryption keys are versioned (per-row keyVersion) so they can be rotated without re-encrypting historic data; rotations are scheduled in response to operational or compliance events.
- Database backups are encrypted and retained for 30 days.
- Access to production data is restricted to authorized engineers under two-factor authentication.
- We are SOC 2 Type I audit scoped for Q3 2026.
Read more on our Security page.
8. Children under 16
MigrationFox is a business-to-business service and is not intended for individuals under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have, contact us and we will delete it immediately.
9. International transfers
Your data may be processed in Canada, the United States, or any country where a sub-processor operates. Where the destination country is not deemed to provide an adequate level of protection under Canadian or EU law, we rely on Standard Contractual Clauses or equivalent safeguards with the sub-processor.
10. Changes to this policy
We may update this Privacy Policy to reflect new features, new sub-processors, or legal changes. Material changes are announced by email to the account owner at least 30 days before taking effect. Non-material changes (clarifications, reformatting) are updated in place and reflected in the "Last updated" date at the top.
11. Contact
For any privacy question, request, or complaint:
- Email: support@migrationfox.com
- Mail: MigrationFox Inc., Ontario, Canada (full address provided on request for legal notices)
We respond to all privacy requests within 30 days as required by PIPEDA.