1. Responsible Contact
2. Reasons for collection of information
We may use the information we collect from Mailbutler and our website to provide, maintain, protect and improve Mailbutler and to communicate with you about your use of the Application.
3. Personal data
Personal data is any individual information about the personal or material circumstances of a specified or identifiable natural person. Personal data primarily includes details such as a person’s name, postal address or e-mail address.
4. Processing and use of personal data
4.1 Registration information
In order to register a Mailbutler account we require and store your email address and password.
4.2 Order and payment information
In order to process orders we require all relevant personal information, such as your name, address, email address, company name, VAT ID and information concerning the payment method you have chosen. Payments are handled securely by our payment providers Recurly, Paypal and Stripe. These partner companies have their own data protection policies. We encourage you to read these policies thoroughly before using the Service, and check that you agree with them. To enable payments to be processed and invoiced, the partner company stores references to payment details. The actual payment details (including credit card and bank details) do not pass through Mailbutler servers and systems.
4.3 Mailbutler information
In order to guarantee full functionality of all Mailbutler features and to deliver high level of customer service for you we may collect and store
(a) your e-mail address. We process this type of personal data in order to sell and market our Services to you, to create an account for you and to provide you our Services. We process this type of Personal Data based on the consent you expressly grant to us at the time we collect such personal data. We do not sell, rent, loan, or lease your contact information or any other data to others, unless we are required by law or litigation to disclose your personal information.
(b) certain technical information about your device, including device hardware model, operating system details, unique device identifiers. We process this type of Personal Data in order to provide you our Services. We process this type of Personal Data for our legitimate interests in providing the Services.
(c) certain information about your Mailbutler usage, including date and time when you used a Mailbutler feature. We process this type of data in order to show you usage analytics in your dashboard and to provide you our Services. We process this type of Personal Data for our legitimate interests in providing the Services.
(d) certain information about the recipient email address, recipient name, message subject and message ID (RFC 2392) when you use the Mailbutler feature Tracking, Note, Task, Snooze or Send Later. The message content of your emails are never read, stored or collected by us. We process this type of data in order to display the recipient name, email address and subject line within Mailbutler. We process this type of Personal Data for our legitimate interests in providing the Services. You are able to control how much information we collect and store in your privacy settings. Please refer to our support page for more details: https://support.mailbutler.io/knowledge-base/choosing-your-mailbutler-privacy-settings/.
(e) user authentication information of your email server when using the feature Snooze or Send Later. We use the industry-standard OAuth mechanism for user authentication (wherever possible) which gives us access to your data without letting us know your password. We only collect and store this information temporarily when you use the snooze or send later feature and only for the time the features are active. We process this type of Personal Data in order to provide you our Services. We process this type of Personal Data for our legitimate interests in providing the Services. We don't read, write, modify, store, collect or control your message bodies.
(f) content of your Message Templates, Snippets, Signatures, Notes and Tasks you created with Mailbutler. We process this type of Personal Data in order to provide you our Services. We process this type of personal data for our legitimate interests in providing the Services. We encourage Customers not to include any highly sensitive information in their Message Templates, Snippets, Signatures, Notes and Tasks to avoid transferring that data to our servers. We don't allow humans to read this data unless we have your affirmative agreement to access your account.
4.4 Your Google User Data
(a) Mailbutler will use access to read, write, modify or control Gmail messages, metadata, headers, and settings to provide its features of delayed sending and message snoozing. Mailbutler will not process or transfer any Gmail data besides metadata (message identifiers) to its own servers or others unless doing so is necessary to comply with applicable law. Mailbutler never reads, modifies, stores or analyzes the content of your messages as the aforementioned features only require automated delivery of scheduled emails or moving messages between mailboxes.
(b) Mailbutler will not use this Gmail data for serving advertisements.
(c) Mailbutler will not allow humans to read Gmail user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Mailbutler internal operations and even then only when the data has been aggregated and anonymized.
4.5 Third party service
You may link Mailbutler to third party services like Wunderlist, Asana, Todoist or others when you want to synchronise your Mailbutler Notes and Tasks with these services. These third party companies have their own data protection policies. We encourage you to read these policies thoroughly before using the third party integration in Mailbutler.
5. Mailbutler’s Snooze and Send Later Functionality
5.1 How does Mailbutler’s Snooze and Send Later Features Work?
Mailbutler enables you to mark emails that you'd like to have returned to the top of your inbox at a later time (Snooze) or to schedule an email to be sent at a specific date and time (Send Later). If you activate the Snooze or Send Later feature for a specific email, Mailbutler will move the email from the inbox folder to the Mailbutler-Snoozed or Mailbutler-Scheduled folder on your email server. At the end of the Snooze period, Mailbutler moves the email from the Mailbutler-Snoozed folder back to your inbox. At the end of the Send Later period, Mailbutler moves the email from the Mailbutler-Scheduling folder to your outbox. Your email server automatically sends this email.
5.2 What data is collected?
In order to guarantee full functionality of Mailbutler’s Snooze and Send Later features we may collect and store certain information about the recipient email address, recipient name, message subject and message ID (RFC 2392) when you use Snooze or Send Later. The message content of your emails are never stored, read nor collected by us. We process recipient email address, recipient name, message subject in order to display the recipient name, email address and subject line in Mailbutler. We process this type of Personal Data for our legitimate interests in providing the Services. You have the option in the privacy settings to control which data we collect and store. Please refer to our support page for more details: https://support.mailbutler.io/knowledge-base/choosing-your-mailbutler-privacy-settings/. We temporally collect and store user authentication information of your email server for the Snooze and Send Later period. We use OAuth for user authentication (wherever possible) which gives us access to your data without letting us know your password. We only collect and store this information temporally when you use the snooze or send later feature and only for the time the features are active.
6. Mailbutler’s E-Mail Opened Confirmation Functionality (Email Tracking)
6.1 How does Mailbutler’s Email Tracking Work?
Mailbutler enables mail senders to see when, where, how often and on which device the recipient has opened an email. If the sender activates email tracking for a specific email, Mailbutler includes a hidden image (also referred to as web-bug or 1-pixel image) with a unique mail-ID into the outgoing mail. Once the recipient opens the email, the recipient’s mail client or web service sends a request to our server in order to load the hidden image. Our servers collect and store the mail-ID, email client information, device information and the date and time of such request. We pass on the date/time, email client information, device information and mail-ID to the Mailbutler software of the sender where it is combined with the specific email and enables the Mailbutler software to display the read date/time, email client information, device information and location.
6.2 What data is collected?
Through Mailbutler’s email tracking the sender obtains the information when the recipient opened the email. We only store the mail-ID, optionally the email's meta information (subject, recipients) together with the corresponding opened date/time, device information and the location of the receiving device. We do not collect further data.
6.3 Who is responsible?
The sender of an email using Mailbutler’s email tracking functionality may collect, process and use personal data. It is the sender’s responsibility to ensure that the use of the email tracking functionality is in compliance with any laws applicable to the sender, in particular data protection laws. This may require the sender to inform the recipient about the tracking, to offer an opt-out or to obtain prior consent.
6.4 How can the Recipient avoid Email Tracking?
Recipients can configure their email client (e.g. Outlook) or web service (e.g. Gmail) so that by default images contained in emails are not loaded. Please see the configurations menu and manual of your email client or web service for details. Alternatively, you can contact the sender and object to any future email tracking.
8. Cookies of third party providers and tracking
We use the services of other companies to optimize our websites and our services. You will receive an overview of the services we use in the following section.
8.1 Google Analytics
8.2 Google Remarketing
Our websites use Google’s remarketing technology. This technology enables users who have already visited our online services and shown interest in our services to see targeted advertising on the websites of the Google partner network. Likewise users that are similar to the visitors of our websites can be addressed. The advertising will be displayed using cookies. These are small text files saved on the user’s computer. The information generated by the cookie about the website use will be transmitted to and stored on servers in the United States by Google. In the event that the IP address is transferred, it will be reduced by the last 3 digits. Using cookies, the user behavior on a website can be analyzed and subsequently utilized to provide targeted product recommendations and advertising based on the user’s interests.
8.3 Facebook Conversion Tracking Pixel
With your permission, our website utilizes the Conversion Tracking Pixel service of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”). This tool allows us to follow the actions of users after they are redirected to a provider’s website by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data are saved and processed by Facebook. We are informing you on this matter according to our information at this time. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found under: https://www.facebook.com/about/privacy/. Facebook Conversion Tracking also allows Facebook and its partners to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes.
Only users over 13 years of age may give their permission. If you are younger than this age, please consult your legal guardians. Please click here if you would like to revoke your permission: https://www.facebook.com/ads/website_custom_audiences/.
9. Third party websites and services
10. Data Processing (GDPR / DSGVO)
For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. GDPR also requires compliance from companies that process the personal data of these European individuals. Ensuring our users’ data privacy and security has always been top priority to Mailbutler’s product development and business. As your service provider to enhance your email experience, we make sure to evaluate all our practices to safeguard your information as effectively as possible. As a German company, Mailbutler will be fully GDPR compliant. If you have any questions about GDPR or our data practices generally, please contact our data protection officer Tobias Knobl (firstname.lastname@example.org).
10.1 Authorized employees
We ensure that all authorized employees who can access personal data are made aware of the confidential nature of personal data and have executed confidentiality agreements that prevent them from disclosing or otherwise processing, both during and after their engagement with Mailbutler, any personal data except in accordance with their obligations in connection with the Services. We don't allow humans to read notes, tasks, message templates, profile, tracking information, send later information and any other user data created in Mailbutler unless we have your affirmative agreement to access your account, doing so is necessary for security purposes such as investigating abuse or to comply with applicable law.
10.2 Authorized subcontractors
Mailbutler may engage authorized Subcontractors to access and process personal data in connection with the Services and from time to time engage additional third parties for the purpose of providing the Services, including without limitation the processing of personal data. A list of current authorized subcontractors (the “List”) is available at https://support.mailbutler.io/knowledge-base/list-of-sub-processors/ (such URL may be updated by Mailbutler from time to time). At least ten (10) days before enabling any third party other than authorized subcontractors to access or participate in the processing of personal data, Mailbutler will add such third party to the List.
10.3 Duration of Processing
We retain personal data about you for as long as you have an open account with us. In some cases we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.
10.4 Security of personal data
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk of Processing Personal Data.
10.5 Access personal data
You can request more information about the personal data we hold about you and request a copy of such personal data by contacting us via email email@example.com
10.6 Erase personal data
You can request that we erase some or all of your personal data from our systems.
10.7 Portability of personal data
You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another service.
10.8 Data processing agreement
If you are using Mailbutler as a customer and have agreed to our terms of service, you do not need to sign an additional Data Protection Agreement. If you are a partner or a customer who needs further documentation of compliance with Mailbutler acting as a Processor, Mailbutler offers Data Processing Agreements (DPAs) to users upon request. Please download a copy of Mailbutler’s DPA (https://downloads.mailbutler.io/Data-Processing-Addendum-Mailbutler.pdf). For documentation purposes, please email us back with your signed copy of the DPA to firstname.lastname@example.org.
Please note that our DPA has been tailored to the way Mailbutler provides its service.
11. Protecting your information
We take the security of your personal information very seriously and have implemented policies and procedures, including technical measures, that are designed to help safeguard it. While we strive to use best practices to protect your personal information, the Internet and computer technology are not 100% secure and we cannot absolutely ensure the security of any personal information that you provide to us. In line with this philosophy, we try to get as little information from you as possible.
12. Reasons for information disclosure
We do not sell, rent, loan, or lease your contact information to others, unless we have your specific permission to do so or we are required by law or litigation to disclose your personal information. We may also find it necessary to disclose information about you if we determine that it is an issue concerning national security, law enforcement, or other issues of public importance.
13. Vulnerability Disclosure
If you have discovered an issue which you believe is an in-scope security vulnerability, please email email@example.com including:
- The website or service in which the vulnerability exists.
- A brief description of the class (e.g. "XSS vulnerability") of the vulnerability. Please avoid including any details which would allow reproduction of the issue at this stage. In accordance with industry convention, we ask that reporters provide a benign (i.e. non-destructive) proof of exploitation wherever possible. This helps to ensure that the report can be triaged quickly and accurately whilst also reducing the likelihood of duplicate reports and/or malicious exploitation for some vulnerability classes (e.g. sub-domain takeovers). Please ensure that you do not send your proof of exploit in the initial, plaintext email if the vulnerability is still exploitable. If you are in any doubt or have any question, please email firstname.lastname@example.org for advice. In response to your initial email to email@example.com you will receive an acknowledgement reply email from the Mailbutler Security Team, this is usually within 24 hours of your report being received. The acknowledgment email will include a ticket reference number which you can quote in any further communications with our Security Team. Following the initial contact, our Security Team will work to triage the reported vulnerability and will respond to you as soon as possible to confirm if further information is required. From this point, necessary remediation work will be assigned to the appropriate Mailbutler teams and/or supplier(s). Priority for bug fixes and/or mitigations will be assigned based on the severity of impact and complexity of exploitation. Vulnerability reports may take some time to triage and/or remediate. Our Security Team will notify you when the reported vulnerability is resolved and will ask you to confirm that the solution covers the vulnerability adequately.
14. Changes to this data protection policy
Mailbutler reserves the right to adapt its security and data protection measures, provided this is necessary as a result of technical or legal developments. In these cases, we will also update our data protection information accordingly. Please make sure, therefore, that you always use the latest version of our data protection declaration.
15. Privacy questions and contact
We reserve the right to change this policy, which we’ll do through online posting.
Last updated: 17th September, 2019