Skerply — Privacy Policy

Effective: 21 May 2026. Last updated: 21 May 2026. Version 1.0.

This Privacy Policy describes how GreyStack (Pty) Ltd, a private company incorporated in the Republic of South Africa (registration number 2026/016718/07) ("we", "us", "Skerply"), handles data in connection with the Skerply Azure Managed Application and related services (the "Service"). This Policy is incorporated by reference into the Terms of Service. Capitalised terms not defined here have the meanings given in the Terms of Service.

1. Summary — the data-sovereignty posture

Skerply is architected so that Customer data never leaves the Customer's Azure subscription. The Service is deployed inside the Customer's tenant as an Azure Managed Application; all reads, all analysis, all AI processing, all storage and all dashboard rendering happen within Azure resources owned by the Customer. The only datum that ever crosses the boundary back to us is the monthly savings-share figure plus the Marketplace metering metadata required to bill the Customer through Microsoft.

This posture is mandated by ADR-002 (no customer data leaves the tenant) and ADR-006 (Azure OpenAI deployed inside the Customer's subscription).

2. What data the Service processes inside the Customer's subscription

Inside the Customer's tenant, the Service reads, processes and stores:

(a) Azure billing and usage data from Azure Cost Management for the Customer's subscription; (b) Azure resource inventory from Azure Resource Graph (resource type, location, SKU, tags); (c) Resource metrics from Azure Monitor (CPU, memory, IOPS, network — used to identify under-utilised resources); (d) Azure Advisor recommendations for the Customer's subscription; (e) Microsoft Graph data required to address notifications: user display names, group memberships, and primary email addresses for the recipients configured in the dashboard. Permissions granted are read-only (User.Read.All, Group.Read.All, GroupMember.Read.All); (f) Public Azure retail prices fetched from the public Azure Retail Prices API (no Customer data is sent in those calls); (g) Recommendations and debate transcripts produced by the Service's multi-agent pipeline; and (h) Audit logs of scan runs, recommendation state changes and dashboard user actions.

All of the above is stored in Azure SQL Serverless, Azure Storage and Application Insights instances inside the Customer's subscription.

3. What data leaves the Customer's subscription

Only the following data ever leaves the Customer's tenant:

(a) the monthly savings-share figure (a single decimal amount per customer per month) submitted to Microsoft for Marketplace metering as described in clause 4 of the Terms of Service; (b) Marketplace metering metadata that Microsoft requires to attribute the meter event to the Customer's subscription; and (c) support data the Customer voluntarily shares with us (for example, screenshots or log excerpts that the Customer attaches to a support request). We never extract such data automatically.

We do not transmit recommendation text, resource names, tags, billing line items, inventory, telemetry, debate transcripts or AI prompts/responses out of the Customer's subscription.

4. AI processing (Azure OpenAI)

4.1 Recommendation reasoning is produced by large language models hosted in Azure OpenAI inside the Customer's subscription. Prompts and completions do not leave the Customer's tenant. Microsoft's Azure OpenAI service is configured so that prompts and completions are not used to train shared models.

4.2 Before any resource name or tag is included in a prompt, the Service sanitises it to neutralise potential prompt-injection content (see ADR-014). The Service rejects any model output that fails strict schema validation.

4.3 Customers who do not wish to use AI-generated reasoning may disable the debate pipeline in the dashboard; in that mode, only the deterministic analysers run.

5. Our role under data-protection law

5.1 Because the Service processes Customer data inside the Customer's own Azure tenant and we do not receive or store that data, our role is closest to that of a software supplier, not a data processor. Microsoft is the cloud provider and acts as data processor for the underlying Azure services under the Microsoft Online Services DPA, which the Customer accepts directly with Microsoft.

5.2 The architecture in clause 1 means we do not receive Customer Personal Data on our infrastructure. Accordingly, the parties agree that the Microsoft Online Services DPA (which the Customer accepts directly with Microsoft) combined with this Policy is sufficient for the Service, and no separate data-processing agreement between the Customer and us is required for the Service itself. Where a Customer's regulator nonetheless requires a bespoke addendum (for example certain public-sector frameworks), we will execute a reasonable supplementary DPA on request.

5.3 To the limited extent that we process personal data outside the Customer's tenant (for example, the email address of a Customer's authorised commercial contact for invoicing or support correspondence), we act as controller of that data and process it for the purposes described in clause 6.

6. Personal data we hold outside the Customer's tenant

6.1 In our own systems (the publisher infrastructure described in ARCHITECTURE.md), we hold:

(a) the Marketplace subscription identifier and plan; (b) the monthly savings-share figure submitted to Microsoft; (c) the name, business email address and role of the Customer's authorised commercial and technical contacts (collected during onboarding for the purpose of invoicing, support and material change notifications); and (d) records of support correspondence the Customer initiates with us.

6.2 We use this data only to (i) operate the Marketplace billing relationship, (ii) provide support to the Customer, (iii) notify the Customer of material changes to the Service or these Terms, and (iv) meet our own legal, accounting and audit obligations.

6.3 We do not sell, rent or share Customer contact data with third parties for marketing purposes.

7. Retention

7.1 Inside the Customer's tenant. All Customer billing, inventory, telemetry, recommendation and debate data is retained inside the Customer's tenant for the period configured by the Customer in the dashboard. On uninstallation of the Managed Application, the resources containing this data are deleted as part of the standard Azure Managed Application uninstall flow.

7.2 Outside the Customer's tenant (in our systems). We retain the monthly savings-share figures, Marketplace metering metadata and Customer contact data for as long as the Marketplace subscription is active, and thereafter for seven (7) years to meet our tax, accounting and audit obligations under South African law. Records held under shorter statutory retention regimes are deleted at the end of the shorter applicable period.

8. Security

8.1 Our publisher infrastructure uses Microsoft Entra ID for authentication, Azure Key Vault for all secrets, Managed Identities in place of stored credentials, TLS 1.2 as a minimum, and Application Insights for monitoring.

8.2 The Service deployed inside the Customer's tenant inherits the Customer's own Azure security controls and the security non-negotiables documented in SECURITY.md.

8.3 We do not have administrative access to the Service instance running inside the Customer's tenant. We cannot read Customer data even on request.

9. International transfers

9.1 Because Customer data does not leave the Customer's tenant, no cross-border transfer of Customer data takes place as a result of using the Service. The Customer alone chooses the Azure region into which the Service is deployed.

9.2 For the limited personal data we hold outside the Customer's tenant (clause 6.1), our default region is South Africa North. Where transfer of that limited data to another jurisdiction is necessary (for example, for support handled by a sub-processor in another region), we will rely on the relevant transfer mechanism (standard contractual clauses, adequacy decision or equivalent) as appropriate.

10. The Customer's and data-subject rights

10.1 The Customer may at any time access, export or delete the data the Service has stored inside the Customer's tenant using the standard Azure tooling (the dashboard's export functions, Azure SQL queries, or the Managed Application uninstall flow).

10.2 In respect of the limited personal data we hold outside the Customer's tenant (clause 6.1), the relevant data subjects may exercise rights of access, rectification, erasure, restriction, portability and objection where applicable law confers them. Requests should be sent to privacy@skerply.com (see clause 13).

11. Sub-processors

11.1 We do not engage sub-processors that process Customer data on our behalf, because Customer data does not leave the Customer's tenant.

11.2 In respect of the limited personal data we hold ourselves (clause 6.1), we rely on:

(a) Microsoft Corporation — Azure (publisher infrastructure hosting), Microsoft Commercial Marketplace (billing), Microsoft Entra ID (authentication), Azure Communication Services Email (notifications); (b) any future sub-processor will be added to this list, and notified to active Customers, with at least 30 days' notice before processing begins. The Customer may object during that notice period; if a reasonable objection cannot be addressed, the Customer may terminate its subscription without penalty.

12. Cookies and the marketing website

12.1 The Service itself (the dashboard deployed inside the Customer's tenant) uses only the cookies strictly necessary to operate the authenticated session.

12.2 The marketing and onboarding website at skerply.com uses cookies and similar technologies. Detail is set out in a separate cookie notice published on that website. Where the Customer's region requires a consent banner (for example under EU/UK ePrivacy rules), one is presented before non-essential cookies are set.

13. Contact

Questions about this Policy or about the data we hold may be sent to privacy@skerply.com or by post to:

GreyStack (Pty) Ltd Sandton, Johannesburg 2196, Republic of South Africa DUNS: 366868478

14. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified to Customers in the same way as material changes to the Terms of Service (clause 13 of the Terms of Service). The "Last updated" date at the top of this Policy reflects the most recent revision.