Back to TenQry

Privacy Policy

Last updated: January 2026

Overview

TenQry is a security reconnaissance tool that queries publicly available data about Microsoft 365 tenants and domain configurations. We are committed to transparency about how the tool works and what data we collect.

What We Query

All information displayed comes from publicly accessible sources:

  • Microsoft Public APIs - OpenID configuration, realm discovery, autodiscover endpoints
  • DNS Records - SPF, DKIM, DMARC, DNSSEC, MX, TXT records via standard DNS queries
  • WHOIS Data - Domain registration information from public registrars
  • Certificate Transparency - SSL certificates from public CT logs
  • HTTP Headers - Security headers from the target domain's public website
  • Cloud Storage - Checking if common bucket names exist (public endpoint checks)

What We Collect

We do NOT collect personal information.

For operational purposes, we log:

  • Queried domain names (for rate limiting and abuse prevention)
  • Anonymized request timestamps
  • Basic analytics (page views via Plausible - privacy-focused, no cookies)

What We Don't Do

  • We don't attempt to access protected or private systems
  • We don't use credentials or authentication bypass techniques
  • We don't sell or share any data with third parties
  • We don't use tracking cookies or fingerprinting
  • We don't store query results beyond the session

Intended Use

TenQry is designed for:

  • IT administrators checking their own organization's security posture
  • Security researchers conducting authorized assessments
  • Due diligence during vendor/partner evaluations
  • Educational purposes to understand public exposure

Note: Users are responsible for ensuring their use of TenQry complies with applicable laws and regulations. Do not use this tool for malicious purposes.

Contact

Questions about this privacy policy? Reach out via tenqry@tenqry.com.