AutoDelegate Privacy Policy

 

1. Our details as the data controller

 

AutoDelegate Application (the "App") and services provided by AutoDelegate (the "Service") are brought to you by AutoDelegate, Inc. (the "Data Controller" of your personal data). Consequently, "We", "Us" and "Ours" refers to the Data Controller.

 

2. Information we collect and how we use this information

 

We collect certain information about you when you provide it directly to us or use our App and Service. We only obtain information necessary to provide you with our services.

 

SMS Messages, Email, Calendar, Contacts, : As a communications assistant, the core functionality of our Product is based on providing you with the ability to manage your SMS messages, email, calendar events and contacts. For this reason, AutoDelegate asks you to provide access to these data when you start using the App. We use your email address and/or phone number as a unique identifier of you as a user within our system and allows us to secure your data. Your email address will also be used as a primary means of communication for us on anything related to changes to the App and Service such as Privacy Policy, Terms of Use, or core functionality of our App or Service. We may also occasionally contact you for marketing purposes and it will be in our legitimate interests to do so, but you will always have a chance to opt out of such marketing communications for similar products and/or services anytime. Your SMS messages, email, calendar events and contacts are safe and we do not use it for profiling or targeting.

 

OAuth login: AutoDelegate requires your credentials to log into your mail, calendar, and contacts system in order to receive, search, compose and send email messages. The credential is also used to retrieve, search, create and edit calendar events as well as tasks. Without using these services, our Product won’t be able to provide you with the basic features.

 

SMS message content, email content, calendar events and contacts while using AutoDelegate: We allow you and your colleagues to create organizations within the App. It allows you to have a secure space where you share information such as email and SMS conversations, calendar events and virtual contact cards. This information is stored on servers provided by third-party providers (e.g. Amazon Web Services, Google Cloud) in order to make Services available to you, so you can collaborate with your teammates with the App.

 

IP address: Core functionality of our Product is based on connection to the Internet. That is why our App and Service won’t properly function without Internet connection. Your IP address is a unique identifier that lets you connect to the Internet and our service will log connections for security and troubleshooting purposes.

 

APNS(Apple Push Notification Service)/FCM(Firebase Cloud Messaging) device token: Push notifications allow you to get immediate updates about new communications or private messages within your team. You’re free to enable or disable them during initial App setup or later using your device’s system preferences.

 

App token assigned by us: This token allows us to identify your device in our system and troubleshoot potential issues you might experience.

 

Device, App version, iOS/Android version information: We need to have this information so the App functions properly on your specific device.

 

Statistical information with regards to App usage: In order to better understand general app usage patterns, improve the Product and its user experience, AutoDelegate collects general statistical information about the usage of the Product. Collecting such data helps us optimize the App in future updates and such usage does not affect your rights and freedoms and does not disclose any personal data of yourself or your contacts.

 

Recently accessed communications and collaboration threads: We need this information to provide AutoDelegate features to you and your teammates such as private discussions around email and SMS, shared tasks and shared calendar events. By collecting and storing this data, we are able to present message discussion threads through your AutoDelegate app and provide better communication experience with your team.

 

Logs: We collect this information to prevent fraud and potential unauthorized access to your personal information, ensuring the technical availability and security of the App. The server that hosts the App may record requests your device makes to the server, the details on the device and browser you use, your IP address, date and time of access, city and country, operating system, browser type, mobile network information. This data is used only for technical purposes – that is, to ensure the proper functioning and security of the App and to investigate possible security incidents.

 

Cookie information: This information is necessary for the AutoDelegate website as well as the Web version of AutoDelegate App. Cookies allows us to identify you as a member of the team and prevent unauthorized access to your team administration portal by other users. All of this information is stored locally on your device.

 

Customer Support communication: We save a record of communication including attachments and information you voluntarily decide to share with us for troubleshooting purposes whenever you communicate with our support team.

 

Website: your browser transfers certain data so that it can access the Website, namely:

 

  • the IP address

  • the date and time of the request

  • the browser type

  • the operating system

  • the language and version of the browser software.

 

Cookies: Use of (Further Analyzing) Tools

 

Cookies are stored on your computer when using the Website. Cookies are small text files that are stored on your hard disk of the computer with which you visit a website and which are allocated to your browser and through which certain information is submitted to the cookie user that sets the cookie (in this case us). Cookies serve to make the website offering more user-friendly and effective overall.

 

The Website uses cookies to the following extent:

 

  • Transient / Session cookies

  • Persistent / Setting cookies

  • Analytics cookies

 

Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, which identifies user sessions in the browser. Session cookies are deleted when you log out or close your browser.

 

Persistent cookies help the Website remember your information and settings when you visit them in the future. They are automatically deleted after a specified period, which may differ depending on the cookie.

 

We also use cookies on our website which enable an analysis of the user's surfing behavior.

 

You can configure your browser settings according to your wishes and, for example, restrict the use of cookies or refuse them altogether. However, we would like to point out that you may not be able to use all the functions of the Website in this case.

 

The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States.

 

In case IP-anonymization is activated on the Website, your IP address will be truncated within the area of member states of the European Union or within other contracting states to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. Google will use this information on behalf of AutoDelegate for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services for AutoDelegate relating to website activity and internet usage.

 

The IP address that your browser transfers within the scope of Google Analytics will not be associated with any other data held by Google.

 

You may refuse the use of cookies by selecting the appropriate settings in your browser, however please note that if you do so you may not be able to use all functions of the Website. You can also opt-out from the storage by Google of the data that is created by the cookie and is related to the use of the Website (including your IP address) and the processing of such data by Google by downloading and installing the Google Analytics opt-out Browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=en.

 

As an alternative to the browser add-on or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this Website in the future (this opt-out option applies only for the browser in which you set it and with regard to the Website). In this case an opt-out cookie is put on your device. In case you delete your cookies, you will have to use the aforementioned link again.

 

For further information on Google Analytics please refer to: http://www.google.com/analytics/terms/.

 

Email messages sent by us via third-party services like MailChimp or CampaignMonitor may contain tracking pixels which helps us collect statistics on delivery and opening rates of our correspondence. These pixels do not provide us with any additional personal data about you or your behavior online. You can disable image rendering in your email client which will deactivate this feature, however you will be unable to see any images within other received emails.

 

If you decide to deactivate (some of) the cookies and tools described above, please note that certain features and functionalities of the Services might not work or might not be accessible to you.

 

3. What we do with your personal data

 

Your personal data is used to provide you our App and Services, and to improve the Product. Your personal data is not used for marketing purposes. We encrypt your emails and then store some of your personal data on secure servers that would prevent unauthorized access or destruction. Unless you have asked us not to, We may rarely contact you by email about similar products and services to the App. Whenever We contact you, We would always give you the right to opt out at any time (see the section "Your Rights" below).

 

As stated in section 2 above, We only process personal data for the purposes strictly necessary to provide you with the service. Some of the purposes for processing the data provided by you include:

 

  • Providing you with the services

  • Fraud prevention

  • Improving our services

  • Notifying you of any changes in our services

 

4. How long personal data is stored for

 

Depending on the type, your personal data is stored either until you delete the App or after a certain period.

 

Type of information

Length of storage

Email address, communications content, calendar events, contacts, mail server credentials, APNS/FCM device token, App token assigned by us, device info

3 months after deletion of your account from AutoDelegate on all devices

Recent communications received

3 months

IP addresses

3 months

   

5. Security measures used by Us

 

Your data is stored on secure servers that we rent and We use the recommended industry practices to keep your data secure. We use appropriate levels of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

 

For instance, We ensure that all transmission is secured with HTTPS so that no one else can access your data. Your email and account credentials are stored on secure cloud-based servers using symmetric encryption. We currently use Amazon Web Services (AWS) and Google (the "Hosting providers"). Those Hosting providers are in possession of various international security certificates that ensure safety of your data with them. You can read more on the security measures of Google, for instance, by following the link: https://cloud.google.com/security/compliance/.

 

We use appropriate levels of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. A non-exhaustive list of such measures include:

 

1. Protective measures for physical access control:

 

Furthermore, an alarm system is installed in the premises, preventing infiltration by unauthorised persons. The alarm system is linked to a locking mechanism for the doors.

 

1. Protective measures for system access control:

 

Each employee has access to the systems/services only via his/her own employee access. The access rights involved are limited to the responsibilities of the respective employee and/or team.

 

We regulate access to our own systems via password procedures and the use of SSH keys, which strengthen the productive systems against attacks that target weak passwords, as the password-based access to the relevant systems is disabled.

 

We have, in addition, a regulation for the creation of passwords. This guarantees higher security also for systems that offer password-based access.

 

Passwords must meet the following requirements:

  • At least 8 characters long

  • At least 1 letter in upper-case

  • At least 1 letter in lower-case

  • At least 1 number

  • At least 1 non-alphanumeric character

 

Our systems are protected by firewalls that reject all incoming connections by default. Only connection types defined by exception are accepted.

 

2. Protective measures for data access control:

 

All servers and services are subject to continuous monitoring. This includes the logging of personal access in the user interface.

 

Due to the close proximity of the employees, a visual inspection is possible at any time.

 

Locking and/or logging off when leaving work is prescribed and is practised.

 

3. Protective measures for transfer control:

 

The handling of local data storage devices, e.g. USB sticks, is regulated via agreements.

 

Access to the systems from outside the company network is possible only via secure VPN access (provided by third-party services such as ExpressVPN).

 

4. Protective measures for input control:

 

Our employees do not work directly at database level, but instead use applications to access the data.

 

IT employees access the system via individual access and use a common login.

 

5. Protective measures for availability control:

 

We ensure the availability of data in several ways. On the one hand, there is regular backup of the entire system. This steps in if the other availability measures fail.

 

Critical services are operated redundantly in multiple data centres and controlled by a high-availability system.

 

Our workstations are also protected with the usual measures. For example, virus scanners are installed, laptops are encrypted.

 

6. Protective measures for separation control:

 

To separate data, We use logically separate databases so that no accidental reading of data by unauthorised persons can occur.

 

Access to the data itself is also restricted by the fact that employees use services (applications) which control access.

 

6. Categories of recipients and Data Processors

 

We do not rent, sell or share your personal data with any third parties, except where We have to comply with Our legal obligation. Some of the data of our users is aggregated for statistical purposes and processed in the legitimate interests as stated in section 2 above.

 

This does not mean that We blindly follow disclosure orders. We will check each request to ensure it satisfies the relevant safeguards, contains a court order or is issued under a legislative measure for the prevention, investigation, detection or prosecution of criminal offences. If We employ a processor to act on our behalf, We ensure that there are adequate contractual measures to ensure responsibility, security and liability to the same level as expected of Us.

 

In any case where a third party accesses your data on our behalf or upon our instructions (be it inside or outside the US), We use the relevant legal basis to comply with the data protection legislation.

7. Your rights

 

AutoDelegate is a subject of various data privacy regulations including the General Data Protection Regulation and the California Consumer Privacy Act. You are entitled to the full spectrum of the rights under those regulations. We will go out of our way to accommodate any valid request. You can either exercise your rights by deleting your account and all information associated with it from your device or by emailing us at support@autodelegate.com.

 

AutoDelegate under no circumstances sells your data and performs only lawful processing of your personal data, please see section 2 and 3 above for details.

 

You have a wide array of rights that we respect. Among those the right to:

 

  • Require access to your personal data;

  • Require rectification of your personal data (this is less relevant since otherwise we could not provide you with the service);

  • Require erasure of your personal data;

  • Withdraw consent to the processing of your personal data, where applicable, otherwise we could not provide you with the service;

  • Lodge a complaint with your local supervisory authority if you believe that your privacy rights have been breached.

 

The right to data portability is inapplicable with the App. You should contact your email provider directly to request combined access to all of your personal data. If your personal data is erased at your request or in accordance with our data retention policy, We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.

 

8. California Residents Notice

 

In relation to paragraph (5), s.1798.130 of California Consumer Privacy Act of 2018 (CCPA):

 

  • following subparagraph (A) the list of consumer rights can be found in section 7 above;

  • following subparagraph (B) personal information categories that We collect or have collected about consumers can be found in section 2 and 3 above;

  • subparagraph (C) does not apply to our practices as We neither sell nor have in the past 12 months sold your personal information as described in subdivision (t) of s.1798.140 CCPA.

 

9. Children's privacy

 

We never knowingly collect or solicit any information from anyone of 13 years and younger. The App and its content are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Us at support@autodelegate.com.

 

10. Our commitment

 

  • We will only collect and use your data where We have a legal basis to do so;

  • We will always be transparent and tell you about how we use your information;

  • When We collect your data for a particular purpose, We will not use it for anything else without your consent, unless other legal basis applies;

  • We will not ask for more data than needed for the purposes of providing our services;

  • We will adhere to the data retention policies and ensure that your information is securely disposed of at the end of such retention period;

  • We will observe and respect Your rights (in section 8 above) by ensuring that queries relating to privacy issues are dealt with promptly and transparently;

  • We will keep our staff trained in privacy and security obligations;

  • We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held;

  • We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with Our commitment;

  • We will obtain your consent and ensure that suitable safeguards are in place before personal data is transferred to other countries.

 

11. Changes to the privacy policy

 

We will always notify you via email or otherwise should we update this privacy policy. We will update the "last modified" date at the bottom of this privacy policy to indicate the latest revision, as well as the changes made.

 

12. Contact Information

 

Name:         AutoDelegate Inc.

Address:     17178 NE 5th st Bellevue WA 98008

Email:         support@autodelegate.com