1. Who We Are
VitalBlocs LLC ("VitalBloc," "we," "us," or "our") operates the website vitalbloc.com and provides SharePoint Framework (SPFx) web part components and Microsoft 365 solution packages (collectively, the "Services"). This Privacy Policy describes how we collect, use, and protect information when you visit our website, purchase our products, or use our deployed components.
2. Data We Collect
2.1 Information You Provide
| Data | When Collected | Purpose |
|---|---|---|
| Email address | Account registration, lead magnet downloads, newsletter signup | Account management, product delivery, communications |
| Name, company name | Account registration, checkout | Account identification, invoicing |
| Billing information | Checkout (via Stripe) | Payment processing — we do not store card numbers |
| Microsoft 365 tenant ID | Deployment wizard | License binding, product deployment |
| Password (hashed) | Account registration | Authentication |
2.2 Information Collected Automatically
| Data | Source | Purpose |
|---|---|---|
| Tenant ID, product ID | License validation requests from deployed web parts | License verification |
| IP address, browser type, device info | Web server logs | Security, diagnostics, abuse prevention |
| Pages visited, referral source | Analytics (if enabled) | Site improvement |
3. How We Use Your Data
We use collected data for the following purposes:
- Providing, maintaining, and improving the Services
- Processing purchases and managing your subscription
- Validating deployed licenses (see Section 4)
- Delivering lead magnets and product downloads you request
- Sending transactional emails (receipts, license notifications, expiration reminders)
- Responding to support inquiries
- Preventing fraud, abuse, and unauthorized access
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
4. License Validation (Phone-Home)
Our SPFx web parts perform a license validation check when they render on a SharePoint page. This is how it works:
- The web part sends a request to /api/license/validate containing three pieces of data: a license key (GUID), your Microsoft 365 tenant ID (GUID), and the product identifier (e.g., "facebloc").
- Our server responds with the license status (valid/invalid, expiration date, tier) and nothing else.
- No SharePoint content, user data, document library data, or any other tenant information is transmitted.
- Successful validation results are cached locally in the browser for up to 72 hours to minimize network requests.
- Validation requests are rate-limited to 100 per tenant per hour.
5. Payment Processing
All payment processing is handled by Stripe, Inc. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. Stripe's collection and use of your payment data is governed by their privacy policy.
We receive from Stripe: your name, email address, subscription status, and transaction identifiers necessary to manage your license.
6. Third-Party Services
| Service | Provider | Data Shared | Purpose |
|---|---|---|---|
| Payment processing | Stripe, Inc. | Billing info, email | Subscription management |
| Transactional email | SMTP provider (TBD) | Email address, name | Receipts, notifications |
| Hosting | IIS / Windows Server | Server logs | Website delivery |
| AppSource (if applicable) | Microsoft Corporation | Tenant ID, subscription data | Marketplace licensing |
We do not integrate with third-party advertising networks or data brokers.
7. Cookies & Local Storage
7.1 Website (vitalbloc.com)
- Authentication cookies: Maintain your logged-in session in the customer portal. Essential for site functionality.
- Anti-forgery tokens: Protect forms against cross-site request forgery. Essential for security.
7.2 Deployed Web Parts
- License cache (localStorage): Stores the last successful license validation result with a 72-hour time-to-live. Contains only: validation status, expiration date, and tier. No personal data.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Data Retention
- Account data: Retained for the duration of your account plus 30 days after deletion request.
- License records: Retained for the duration of your subscription plus 12 months for billing dispute resolution.
- Lead capture data: Retained until you unsubscribe or request deletion.
- Server logs: Automatically purged after 90 days.
- Validation request logs: Retained for 30 days for rate-limiting and diagnostics, then purged.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data ("right to be forgotten")
- Export your data in a portable format
- Opt out of non-essential communications at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
10. Children's Privacy
The Services are intended for business use and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective" date at the top of this page and, where appropriate, notify you by email. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.
12. Contact
If you have questions about this Privacy Policy or our data practices:
- Email: [email protected]
- Website: vitalbloc.com
VitalBlocs LLC