.svg){kind=small}
1. Who we are
Ramen Inc. (“we”, “us”, “Provider”) provides Workflow-Bot, a Microsoft Teams application (“App”) that helps organizations run workflows and notifications in Teams.
- Website: https://www.rameninc.com
- Privacy contact: privacy@rameninc.com
- Data protection inquiries (including DPA requests): privacy@rameninc.com
For questions about this Privacy Policy, contact us at the privacy address above.
2. Scope
This policy describes how we process information when:
- Your organization (“Customer”) installs or uses the App in Microsoft Teams; or
- Users interact with the App (for example, commands, adaptive cards, or workflow actions) within Customer’s Teams environment.
Microsoft operates Teams and may process data under its own terms and privacy statements. This policy covers our practices as the publisher of Workflow-Bot, not Microsoft’s platform practices.
3. Roles (controller and processor)
- Customer (your employer or organization) typically decides why and how Teams is used and what integrations are enabled. In many cases, Customer is the data controller for end-user information in Teams.
- We act as a processor or service provider on behalf of Customer when we process Customer’s data solely to provide the App, and as a controller for certain of our own business data (for example, account and billing data, or aggregated analytics as described below).
If you need a Data Processing Agreement (DPA), contact privacy@rameninc.com or use the contact options at https://www.rameninc.com.
4. Categories of information we may process
Depending on how you configure and use the App, we may process:
4.1 Teams and conversation technical data
To deliver messages, proactive notifications, and workflow status in Teams, we may process:
- Conversation references and related metadata (for example, identifiers needed to address a chat or channel, team or channel identifiers where applicable, and display names associated with the conversation record).
- Integration configuration you set up in the App (for example, organization identifiers, integration names and types, and linkage between an integration and a Teams conversation).
- Workflow execution state associated with a session (for example, session identifiers, workflow identifiers and names, status text or structured status lines, and conversation references used to update status messages).
This data is typically provided by Microsoft Teams / Bot Framework when users interact with the App or when Customer configures the App.
4.2 Identifiers for accountability
We may process user or service principal identifiers (for example, Azure AD / Entra ID object IDs or similar) and display names that appear in Teams or your admin configuration, where stored as created_by, updated_by, or similar audit fields in our systems.
4.3 Content you send through Teams
When users send messages, commands, or card submissions to the bot, that content may be processed in transit and in memory to fulfill the request (for example, to parse /config or workflow commands, or to handle approve/reject actions). We design the App to persist operational data (such as configuration and conversation references) as needed for the features described in our documentation; we do not intend to use message content for unrelated advertising. If we add long-term storage of message content beyond what is necessary to provide the service, we will update this policy.
4.4 Logs and security
We may collect diagnostic and security logs (for example, timestamps, error messages, request metadata, and masked identifiers) to operate, secure, and troubleshoot the App.
4.5 Business and billing data
If you purchase paid services, we process billing and account contact information as needed to fulfill the transaction.
5. Purposes and legal bases (summary)
We process information to:
| Purpose | Examples |
|---|---|
| Provide the App | Link Teams conversations to integrations, send notifications, execute and display workflow status |
| Operate and secure | Authentication, abuse prevention, logging, incident response |
| Improve the App | Aggregated or de-identified analytics; product development |
| Comply with law | Respond to lawful requests, enforce our Terms |
If the GDPR applies, we rely on performance of a contract, legitimate interests (operating a secure service, improving features), and, where required, consent. Customer’s lawful basis may also apply for workplace data.
6. Sharing and subprocessors
We may share data with:
- Microsoft — as necessary for Teams, Bot Framework, Azure, or authentication services you use with the App.
- Infrastructure providers — for example, cloud hosting, databases, and monitoring, under contractual safeguards.
- Professional advisers — lawyers, auditors, where bound by confidentiality.
- Authorities — when required by applicable law or to protect rights and safety.
A current list of subprocessors (or a link to it) is published at https://www.rameninc.com when available, or provided on request to privacy@rameninc.com.
We do not sell personal information as defined under U.S. state privacy laws, and we do not share personal information with third parties for their independent marketing without appropriate consent where required.
7. International transfers
If we transfer personal data from the European Economic Area, UK, or Switzerland to other countries, we use appropriate safeguards (such as Standard Contractual Clauses) where required. Details are available on request.
8. Retention
We retain information only as long as needed for the purposes above, including:
- Configuration and conversation linkage — for as long as Customer uses the App or until Customer or we delete it.
- Workflow session status — for operational needs and then deleted or anonymized according to our retention schedule.
- Logs — typically a rolling period (for example, 30–90 days) unless a longer period is needed for security or legal holds.
- Legal / billing — as required by tax, accounting, or dispute resolution.
Customer administrators may request deletion or export of Customer data subject to technical feasibility and our Terms of Use.
9. Security
We implement appropriate technical and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we encourage Customers to use strong access controls in Teams and connected systems.
10. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, or to data portability, and to withdraw consent where processing is consent-based.
- End users should contact their organization’s administrator first, because many requests must be handled at the tenant level.
- You may also contact us at privacy@rameninc.com (or via https://www.rameninc.com) and we will work with Customer where appropriate.
You may lodge a complaint with a supervisory authority in your country.
California residents: Under the CCPA/CPRA, you may have rights to know, delete, and correct personal information, and to opt out of certain sharing. We do not “sell” or “share” personal information for cross-context behavioral advertising as defined by the CPRA in connection with this App. Contact privacy@rameninc.com to exercise rights.
11. Children
The App is intended for business use and is not directed at children under 13 (United States) or 16 where a higher age is required in your jurisdiction. We do not knowingly collect personal information from children for consumer purposes.
12. Changes
We may update this Privacy Policy from time to time. We will post the new version with an updated date and, where appropriate, provide additional notice (for example, through the App listing or admin email). Continued use after the effective date constitutes acceptance of the updated policy where permitted by law.
13. Contact
Ramen Inc.
Website: https://www.rameninc.com
Privacy: privacy@rameninc.com
Legal: legal@rameninc.com
