Applicable plans:


The free versionThe complete versionOn-demand version

This article describes Waldo's architecture and data privacy.


1 - Architecture.

Waldo is a multi-tenant SaaS application. To simplify, think of Waldo as a website that is displayed in your Microsoft Teams.


Waldo's architecture relies on the following components:

  • Microsoft Azure Active Directory
  • Microsoft Azure Storage
  • Microsoft  Azure Bot Service
  • Microsoft  Azure App Service
  • Power BI
  • Microsoft Graph
  • Microsoft App Insights
  • Microsoft Event Hub
  • Microsoft Azure functions



Users interact with Waldo via a Teams Personal App composed of a tab and a bot.

The Azure Events Hub dispatches events to subscribers and processes the events (change seats, change parking spot, check-in). Third-party integration (e.g. Exchange Calendar integration) can also generate events.

Data is stored in specific containers for each tenant.

Users can view and analyze data via a Power BI connector.



2 - Data


Data is stored on Microsoft Azure (as explained above) in a multi-tenant environment. Still, we do not store any information related to customers or users (neither email nor names).


By default, data is located in Middenmeer (Netherlands) and Clondalkin (Ireland), which is the same location used by Microsoft 365 European users.


We only store User IDs. Once a user is authenticated through its Azure Active Directory, they make the relation between User Azure IDs and usernames. The same logic applies for areas and offices.



For administrative and marketing purposes, we store the following personal information:

  • Email address, first name, name of the Waldo administrator
  • Email address, first name, name of the Waldo administrative contact
  • Email address, first name, name of the Waldo technical contact


3 - Encryption and network.


3.1 - Data at rest:


Data is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.


3.2 - Data in transit:


All traffic leaving a datacenter is encrypted in transit. TLS 1.3 is the default security protocol used.


3.3 - Network:


All communication relies on HTTPS. There's no need to open any specific port or URL.


4 - Consent.


You can refer to this documentation if you want to learn more about consent.


5 - URLs and IPs


Waldo uses the following URLs and IPs.