1. Our details as the data controller
AutoDelegate Application (the "App") and services provided by AutoDelegate (the "Service") are brought to you by AutoDelegate, Inc. (the "Data Controller" of your personal data). Consequently, "We", "Us" and "Ours" refers to the Data Controller.
2. Information we collect and how we use this information
We collect certain information about you when you provide it directly to us or use our App and Service. We only obtain information necessary to provide you with our services.
OAuth login: AutoDelegate requires your credentials to log into your mail, calendar, and contacts system in order to receive, search, compose and send email messages. The credential is also used to retrieve, search, create and edit calendar events as well as tasks. Without using these services, our Product won’t be able to provide you with the basic features.
SMS message content, email content, calendar events and contacts while using AutoDelegate: We allow you and your colleagues to create organizations within the App. It allows you to have a secure space where you share information such as email and SMS conversations, calendar events and virtual contact cards. This information is stored on servers provided by third-party providers (e.g. Amazon Web Services, Google Cloud) in order to make Services available to you, so you can collaborate with your teammates with the App.
IP address: Core functionality of our Product is based on connection to the Internet. That is why our App and Service won’t properly function without Internet connection. Your IP address is a unique identifier that lets you connect to the Internet and our service will log connections for security and troubleshooting purposes.
APNS(Apple Push Notification Service)/FCM(Firebase Cloud Messaging) device token: Push notifications allow you to get immediate updates about new communications or private messages within your team. You’re free to enable or disable them during initial App setup or later using your device’s system preferences.
App token assigned by us: This token allows us to identify your device in our system and troubleshoot potential issues you might experience.
Device, App version, iOS/Android version information: We need to have this information so the App functions properly on your specific device.
Statistical information with regards to App usage: In order to better understand general app usage patterns, improve the Product and its user experience, AutoDelegate collects general statistical information about the usage of the Product. Collecting such data helps us optimize the App in future updates and such usage does not affect your rights and freedoms and does not disclose any personal data of yourself or your contacts.
Recently accessed communications and collaboration threads: We need this information to provide AutoDelegate features to you and your teammates such as private discussions around email and SMS, shared tasks and shared calendar events. By collecting and storing this data, we are able to present message discussion threads through your AutoDelegate app and provide better communication experience with your team.
Logs: We collect this information to prevent fraud and potential unauthorized access to your personal information, ensuring the technical availability and security of the App. The server that hosts the App may record requests your device makes to the server, the details on the device and browser you use, your IP address, date and time of access, city and country, operating system, browser type, mobile network information. This data is used only for technical purposes – that is, to ensure the proper functioning and security of the App and to investigate possible security incidents.
Cookie information: This information is necessary for the AutoDelegate website as well as the Web version of AutoDelegate App. Cookies allows us to identify you as a member of the team and prevent unauthorized access to your team administration portal by other users. All of this information is stored locally on your device.
Customer Support communication: We save a record of communication including attachments and information you voluntarily decide to share with us for troubleshooting purposes whenever you communicate with our support team.
Website: your browser transfers certain data so that it can access the Website, namely:
the IP address
the date and time of the request
the browser type
the operating system
the language and version of the browser software.
Cookies: Use of (Further Analyzing) Tools
Cookies are stored on your computer when using the Website. Cookies are small text files that are stored on your hard disk of the computer with which you visit a website and which are allocated to your browser and through which certain information is submitted to the cookie user that sets the cookie (in this case us). Cookies serve to make the website offering more user-friendly and effective overall.
Transient / Session cookies
Persistent / Setting cookies
Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, which identifies user sessions in the browser. Session cookies are deleted when you log out or close your browser.
Persistent cookies help the Website remember your information and settings when you visit them in the future. They are automatically deleted after a specified period, which may differ depending on the cookie.
The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States.
In case IP-anonymization is activated on the Website, your IP address will be truncated within the area of member states of the European Union or within other contracting states to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. Google will use this information on behalf of AutoDelegate for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services for AutoDelegate relating to website activity and internet usage.
The IP address that your browser transfers within the scope of Google Analytics will not be associated with any other data held by Google.
As an alternative to the browser add-on or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this Website in the future (this opt-out option applies only for the browser in which you set it and with regard to the Website). In this case an opt-out cookie is put on your device. In case you delete your cookies, you will have to use the aforementioned link again.
For further information on Google Analytics please refer to: http://www.google.com/analytics/terms/.
Email messages sent by us via third-party services like MailChimp or CampaignMonitor may contain tracking pixels which helps us collect statistics on delivery and opening rates of our correspondence. These pixels do not provide us with any additional personal data about you or your behavior online. You can disable image rendering in your email client which will deactivate this feature, however you will be unable to see any images within other received emails.
If you decide to deactivate (some of) the cookies and tools described above, please note that certain features and functionalities of the Services might not work or might not be accessible to you.
3. What we do with your personal data
Your personal data is used to provide you our App and Services, and to improve the Product. Your personal data is not used for marketing purposes. We encrypt your emails and then store some of your personal data on secure servers that would prevent unauthorized access or destruction. Unless you have asked us not to, We may rarely contact you by email about similar products and services to the App. Whenever We contact you, We would always give you the right to opt out at any time (see the section "Your Rights" below).
As stated in section 2 above, We only process personal data for the purposes strictly necessary to provide you with the service. Some of the purposes for processing the data provided by you include:
Providing you with the services
Improving our services
Notifying you of any changes in our services
4. How long personal data is stored for
Depending on the type, your personal data is stored either until you delete the App or after a certain period.
Type of information
Length of storage
Email address, communications content, calendar events, contacts, mail server credentials, APNS/FCM device token, App token assigned by us, device info
3 months after deletion of your account from AutoDelegate on all devices
Recent communications received
5. Security measures used by Us
Your data is stored on secure servers that we rent and We use the recommended industry practices to keep your data secure. We use appropriate levels of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
For instance, We ensure that all transmission is secured with HTTPS so that no one else can access your data. Your email and account credentials are stored on secure cloud-based servers using symmetric encryption. We currently use Amazon Web Services (AWS) and Google (the "Hosting providers"). Those Hosting providers are in possession of various international security certificates that ensure safety of your data with them. You can read more on the security measures of Google, for instance, by following the link: https://cloud.google.com/security/compliance/.
We use appropriate levels of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. A non-exhaustive list of such measures include:
1. Protective measures for physical access control:
Furthermore, an alarm system is installed in the premises, preventing infiltration by unauthorised persons. The alarm system is linked to a locking mechanism for the doors.
1. Protective measures for system access control:
Each employee has access to the systems/services only via his/her own employee access. The access rights involved are limited to the responsibilities of the respective employee and/or team.
We regulate access to our own systems via password procedures and the use of SSH keys, which strengthen the productive systems against attacks that target weak passwords, as the password-based access to the relevant systems is disabled.
We have, in addition, a regulation for the creation of passwords. This guarantees higher security also for systems that offer password-based access.
Passwords must meet the following requirements:
At least 8 characters long
At least 1 letter in upper-case
At least 1 letter in lower-case
At least 1 number
At least 1 non-alphanumeric character
Our systems are protected by firewalls that reject all incoming connections by default. Only connection types defined by exception are accepted.
2. Protective measures for data access control:
All servers and services are subject to continuous monitoring. This includes the logging of personal access in the user interface.
Due to the close proximity of the employees, a visual inspection is possible at any time.
Locking and/or logging off when leaving work is prescribed and is practised.
3. Protective measures for transfer control:
The handling of local data storage devices, e.g. USB sticks, is regulated via agreements.
Access to the systems from outside the company network is possible only via secure VPN access (provided by third-party services such as ExpressVPN).
4. Protective measures for input control:
Our employees do not work directly at database level, but instead use applications to access the data.
IT employees access the system via individual access and use a common login.
5. Protective measures for availability control:
We ensure the availability of data in several ways. On the one hand, there is regular backup of the entire system. This steps in if the other availability measures fail.
Critical services are operated redundantly in multiple data centres and controlled by a high-availability system.
Our workstations are also protected with the usual measures. For example, virus scanners are installed, laptops are encrypted.
6. Protective measures for separation control:
To separate data, We use logically separate databases so that no accidental reading of data by unauthorised persons can occur.
Access to the data itself is also restricted by the fact that employees use services (applications) which control access.
6. Categories of recipients and Data Processors
We do not rent, sell or share your personal data with any third parties, except where We have to comply with Our legal obligation. Some of the data of our users is aggregated for statistical purposes and processed in the legitimate interests as stated in section 2 above.
This does not mean that We blindly follow disclosure orders. We will check each request to ensure it satisfies the relevant safeguards, contains a court order or is issued under a legislative measure for the prevention, investigation, detection or prosecution of criminal offences. If We employ a processor to act on our behalf, We ensure that there are adequate contractual measures to ensure responsibility, security and liability to the same level as expected of Us.
In any case where a third party accesses your data on our behalf or upon our instructions (be it inside or outside the US), We use the relevant legal basis to comply with the data protection legislation.
7. Your rights
AutoDelegate is a subject of various data privacy regulations including the General Data Protection Regulation and the California Consumer Privacy Act. You are entitled to the full spectrum of the rights under those regulations. We will go out of our way to accommodate any valid request. You can either exercise your rights by deleting your account and all information associated with it from your device or by emailing us at firstname.lastname@example.org.
AutoDelegate under no circumstances sells your data and performs only lawful processing of your personal data, please see section 2 and 3 above for details.
You have a wide array of rights that we respect. Among those the right to:
Require access to your personal data;
Require rectification of your personal data (this is less relevant since otherwise we could not provide you with the service);
Require erasure of your personal data;
Withdraw consent to the processing of your personal data, where applicable, otherwise we could not provide you with the service;
Lodge a complaint with your local supervisory authority if you believe that your privacy rights have been breached.
The right to data portability is inapplicable with the App. You should contact your email provider directly to request combined access to all of your personal data. If your personal data is erased at your request or in accordance with our data retention policy, We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.
8. California Residents Notice
In relation to paragraph (5), s.1798.130 of California Consumer Privacy Act of 2018 (CCPA):
following subparagraph (A) the list of consumer rights can be found in section 7 above;
following subparagraph (B) personal information categories that We collect or have collected about consumers can be found in section 2 and 3 above;
subparagraph (C) does not apply to our practices as We neither sell nor have in the past 12 months sold your personal information as described in subdivision (t) of s.1798.140 CCPA.
9. Children's privacy
We never knowingly collect or solicit any information from anyone of 13 years and younger. The App and its content are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Us at email@example.com.
10. Our commitment
We will only collect and use your data where We have a legal basis to do so;
We will always be transparent and tell you about how we use your information;
When We collect your data for a particular purpose, We will not use it for anything else without your consent, unless other legal basis applies;
We will not ask for more data than needed for the purposes of providing our services;
We will adhere to the data retention policies and ensure that your information is securely disposed of at the end of such retention period;
We will observe and respect Your rights (in section 8 above) by ensuring that queries relating to privacy issues are dealt with promptly and transparently;
We will keep our staff trained in privacy and security obligations;
We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held;
We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with Our commitment;
We will obtain your consent and ensure that suitable safeguards are in place before personal data is transferred to other countries.
12. Contact Information
Name: AutoDelegate Inc.
Address: 17178 NE 5th st Bellevue WA 98008