Welcome to BlueMail, a messaging platform that integrates best-of-breed email, calendar, contacts, and later board for improved team-driven productivity (the "Platform" and the "Service").
This Privacy Policy ("Privacy Policy") explains how information about you is collected and used by the Platform developed and operated by Blix, Inc. ("Blix" or "we", "us", "our").
We are committed to protecting and respecting data privacy. As explained below, we do not store your emails on our servers, and we do not sell your data.
Please read this Privacy Policy carefully.
PERSONAL DATA PROCESSED
We process your email address. We also optionally process your name or nickname, photo and mobile phone number. We process your email address when you register to use BlueMail.
You may also optionally provide the following items when you register: a chosen name, nickname or pseudonym to be displayed with your email account; a photo used as your avatar; and your mobile phone number for SMS verification.
We also generate a unique app instance number when you install and run
an instance of our client-side app on your smartphone, desktop, laptop,
and web browser. It is generated anew if you reinstall our app. We do
not use any hardware identifiers such as Unique Device Identifier
(UDID), SSAID (Android ID), IDFA, GAID, or IMEI, and we have no way to
track the specific hardware you use.
We refer to this as "Registration Information".
We process your account preferences, such as background color, font, and email signature.
We process your account settings, including the background color you have chosen, the refresh rate and font settings you selected, and the automatic email signature you configured.
We refer to this as "Account Settings Information."
We process billing information using BlueMail's
fee-based plans.
We process payment information, such as credit card details, that we
may collect from the administrator of an organization or from users
who make purchases, in which case we process their payment information as well.
We refer to this as "Billing Information".
When you use or access groups through the Platform, we process the
group's conversation setting which include the email addresses of the
group members as well as other settings.
When you use or access groups through the Platform, we process the
email addresses of the group members as well as the group's selected
name, avatar and notes.
We refer to this as "Group Conversation Settings".
We will process your email credentials in certain cases.
If you use Windows, Mac or Linux: We do not process your credentials or
OAuth tokens.
If you use a mobile device: if you configure your account settings to allow Instant
push notifications when you have a new email and use OAuth supported
email accounts on Android, or IMAP and Exchange email accounts on iOS,
we will process either the OAuth token or encrypted credentials.
We refer to this as "Credential Information".
We will process user inquiries you choose to send us.
You can submit an inquiry through our online "Contact Us" form or by
emailing or writing to us. We will collect the information you provide
in the inquiry, which typically includes your name, email address, other
contact information, country, and the text of your message.
We refer to this as "Inquiry Information".
We will process user feedbacks and reviews you provide.
You can provide us feedback, review, or answers to surveys or
promotions, on social media channels, by posting on any of our online
public forums or communities, by sending an e-mail to any of our
designated addresses, or any other form of communication. We will
process the data you choose to provide, which may include your name,
email address and the feedback or review.
We refer to this as "Feedback Information".
In the provision of the Service, the Platform performs limited
processing of your emails, later board, contacts and calendar events.
In order to provide the Service to you, the Platform is involved in
processing your emails, later board, contacts and calendar events, but
in a very limited fashion as described below.
We refer to this as "Your Content".
You do not have a legal obligation to let us process any of the above information. However, you will not be able to use the Platform and the Service unless we process this information, because we require it to operate the Platform and provide you the Service.
We collect and process measurements regarding your use of the
Platform.
We collect meta-data such as the frequency of your use of the
Platform, your interaction with the Platform's user interface, general
details such as the model of your smartphone and its operating system
and information about bugs and crashes in our client-side app on your
smartphone, desktop, laptop and web browser.
We refer to this entire data as "Analytics Information".
HOW YOUR PERSONAL DATA IS PROCESSED
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
We will process your information to provide you the functionality of the Service.
We store and use your Registration Information, Account Settings Information, Credential Information and Group Conversation Settings in order to provide you the functionality of the Platform.
We use your Billing Information to charge the fees applicable to your organization's use of the Platform or for your in-app purchases. We do not store or maintain your credit card number, nor are we exposed to it. Instead, it is handled by payment processors who are certified to meet acceptable security standards when managing this information.
We do not store your email messages or calendar events on our servers. If you use an iOS device or you use an Android device with an OAuth compliant account, and have configured your account on the Service to send you instant push notification of new incoming emails, our servers will momentarily process each incoming email message. The Platform's push proxy receives email headers and within in 1-2 seconds pushes them to device's push service, after which the email headers are automatically and completely deleted from the Platform's servers.
If you use the Service's spam filter, our servers will momentarily process information about the sender of incoming email messages to determine if the message is believed to be spam. If you tag an email message as spam, we will store the sender's email address in order to keep flagging it as spam.
If you use the optional Share feature, you can share a link to a specific email by uploading it to our Servers. You can then send it to any of your contacts.
If you use the optional GemAI (Generative Email) feature, the relevant email will be temporarily processed by our servers and subsequently transferred to a generative AI service provider for a response. We will not retain the email information and its response and will use it solely for the purpose of facilitating AI services.
If you use the optional Convo feature, you have the option to include other members. Should you choose to do so, an automatic email notification is sent to these members. This email informs the recipients that they can view and participate in a Convo created by you. The content within your Convo, whether it's a solo endeavor or a collaborative effort, is uploaded and stored on our servers to ensure accessibility and functionality. By default, your Convo is private. If other members are included, they can gain access to all the content of the Convo.
Our Platform's servers store your later boards (excluding the email message attached to the task, which we do not store). These are all stored in an encrypted form, which you can read more about below.
We will use the Inquiry Information to handle and respond to your inquiry for quality assurance and for the development and enhancement of the Platform, to prevent fraud, resolve disputes, troubleshoot problems, and for related purposes..
We will use your Inquiry Information to contact you about your inquiry and to handle and respond to it. If your inquiry relates to any other information we have about you, we will process that information to respond to your inquiry.
We may also use the content of your inquiry to maintain and improve the
Service, for quality assurance and for development and enhancement of
the Platform, to prevent fraud, resolve disputes, troubleshoot problems,
assist with any investigations and enforce our terms of use for the
Platform.
We use the Analytics Information and your Feedback Information for our
business needs of developing and enhancing the Service, prevent fraud,
resolve disputes and troubleshoot problems and related purposes.
We process the Analytics Information and Feedback Information to
maintain and improve the Service, for quality assurance and for
development and enhancement of the Platform.
We will also use the Analytics Information and Feedback Information to prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, and enforce our terms of use for the Platform.
If you expressed your consent, we will use your email address to
contact you with marketing messages, promotions and offers relating to
the Platform and the Service.
We will use your email address to send you emails containing BlueMail
updates, promotions, marketing, and special offers. We will only do so
if you have given your consent. If you gave your consent but later wish
to unsubscribe from these emails, you may opt-out of receiving them by
following the unsubscribe link located at the bottom of each
communication or by emailing us at privacy@bluemail.me.
We will use your email address to contact you with administrative
message relating to the Platform, the Service, this privacy policy and
our terms of use.
We will use your email address to initiate contact with you on
administrative issues related to the Services or support and
maintenance.
We will process information with our service providers helping us to
operate our business.
We will process personal information with the assistance of our
service providers who assist us with the internal operations of the
Service. These companies which for example include Amazon Web Services
(our hosting provider), Google, DigitalOcean, OpenAI and Stripe are authorized to use your
personal information in this context only as necessary to provide these
services to us and not for their own business purposes.
We will share information with competent authorities if you violate
any applicable law.
If you violated any applicable law, we may share information we have
about you with competent authorities and with third parties (such as
legal counsels and advisors), for the purpose of handling of the
violation.
We will share your information if we are legally required.
We will share information we have about you if we are required to do
so by a judicial, governmental or regulatory authority.
We will share your information with third-parties in any event of
change in our structure.
If the operation of our business is organized within a different
framework, or through another legal structure or entity (such as due to
a merger or acquisition), we will share information only as required to
enable the structural change in the operation of the business.
COOKIES
What are cookies?
Cookies are text files, comprised of small amount of data, that are
saved on your computer or other device (e.g., smartphone, tablet etc.)
when you use the internet and visit various websites.
The information that the cookies maintain is read by the website you visit, during the session of your visit to the website (these are called 'session' cookies), and when you return to visit it again (these are called 'persistent' cookies).
We use cookies necessary to operate the Platform and for measurement
of analytics.
We use cookies for a number of purposes, as briefly explained below:
Necessary. We use a login cookie to validate your login credentials when you use login to the Platform through the web. This cookie is strictly necessary for the functioning of the Platform. The Platform cannot operate properly without this cookie.
Statistics. Google Analytics cookies that help us understand how you interact with the Platform by collecting data that does not directly identify you.
You can always delete or disable cookies. You can always delete the cookies saved on your device through the settings of your computer browser or device. You can also disable cookies for future use through the settings of your computer browser or device.
SECURITY AND DATA RETENTION
We will generally retain your information for as long as you are a
registered user, and thereafter for record keeping purposes if
necessary.
Generally, we will retain your information for as long as you are a
registered user of the Platform. Except as required by law or our
agreement directly with you, we are not obliged to retain your
information for any particular period, and we are free to securely
delete it or restrict access to it for any reason and at any time, with
or without notice to you.
We will also retain and use your information in the following instances:
Keep evidence to our compliance with applicable law (for instance, records of consents to our terms of use, privacy policy and other similar consents are kept for five years.
If there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved.
The information must be kept for our legitimate business interests, such as fraud prevention and enhancing users' safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behavior or security incidents from opening a new account.
We implement measures to secure your information.
We implement measures to reduce the risks of damage, loss of information
and unauthorized access or use of information. These include TLS and AES
encryption for data in transit and encryption such as for later board,
when they are stored on our servers. In any event, these measures do not
provide absolute information security. Therefore, although efforts are
made to secure personal information, it is not guaranteed, and you
cannot expect that the Service will be immune from information security
risks.
INTERNATIONAL DATA TRANSFERS
We will internationally transfer information in accordance with
applicable data protection laws.
If we transfer your personal data for processing at locations outside
your jurisdiction, we will abide by data transfer rules applicable to
these situations.
ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EU and UK
Blix is the data controller for all information other than Your
Content.
Blix is the data controller for the following information:
Registration Information, Account Settings Information, Billing
Information, Credential Information, Inquiry Information, Feedback
Information and Analytics Information.
Blix is the data processor for Your Content.
The following is the contact information of Blix:
Blix, Inc.
101 Hudson Street
Jersey City, NJ 07302
United States
privacy@bluemail.me
Legal bases under the GDPR for processing your personal data.
The legal basis under the GDPR for Blix's processing of your
Registration Information, Account Settings Information, Billing
Information, Group Conversation Settings, Credential Information, as
well as the use of the necessary-type cookie, is the performance of the
terms of service contract in providing you the Platform the Service and
its features.
The legal basis under the GDPR for processing your Inquiry Information is our legitimate interest in handling and responding to your inquiry, developing, maintaining and improving our business, the Service and the Platform.
The legal basis under the GDPR for processing your Analytics Information (including the use of the statistics cookie), and Feedback Information is our legitimate interest in developing, maintaining and improving our business, the Service and the Platform.
The legal basis under the GDPR for processing your email address to contact you with administrative messages is our legitimate interest in keeping our users informed of updates relating to the Platform and our compliance with legal obligations of informing users where required by law.
The legal basis under the GDPR for processing your email address to contact you with marketing-related emails is your express consent.
The legal basis under the GDPR for sharing your information with authorities or where we are legally required to share it, is our legitimate interests in complying with mandatory legal requirements imposed on us.
The legal basis under the GDPR for processing your information in the event of a change in our corporate structure is our legitimate interests in our business continuity.
You have certain rights to access, update or delete information,
obtain a copy of your information, and object or restrict certain data
processing activities.
If you are in the EU or the UK, you have the following rights under
the GDPR:
Right to Access your personal data that we process, and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to withdraw your consent after you have given it to allow us to send you marketing-related emails.
Right to Object, based on your particular situation, to using your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
Right to Restrict the processing your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and request instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Privacy Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you object to us processing your data and we have no compelling legitimate grounds to override your objection, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation, we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of your EU rights, please contact us at: privacy@bluemail.me
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you the information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory
data protection authority.
Subject to applicable law, you have the right to lodge a complaint
with your local data protection authority. If you are in the EU of UK,
then according to the GDPR, you can lodge a complaint to the supervisory
authority, in particular in the Member State of your residence, place of
work or place of alleged infringement of the GDPR. For a list of
supervisory authorities in the EU and UK, click here.
ADDITIONAL INFORMATION FOR INDIVIDUALS IN CALIFORNIA
Below is a detailed description of the information we collect from users to our commercial purposes for which we use each category of personal information. This is also the information we have collected in the past 12 months.
| Categories of personal information and source from which the information is collected | Specific Types of Personal Information Collected |
|---|---|
| Identifiers such as a real name, alias, email address and account name– collected directly from you. | As described above in the “Personal Data Processed” section. |
| Commercial information about the Service subscriptions purchased– collected directly from you or from the administrator of your organization using BlueMail. | As described above in the “Personal Data Processed” section. |
| Internet or other electronic network activity information – collected through the device you use to access the Service. | As described above in the “Personal Data Processed” section. |
| ---------------------------------- ----------------------- ------------- |
Business or commercial purposes pursuant to the CCPA
Undertaking activities to verify or maintain the quality of the Service and to improve, upgrade or enhance the Service.
Undertaking internal research for technological development and demonstration.
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
Debugging to identify and repair errors.
We do not sell your personal information and have not done so in the past 12 months, or ever.
Your rights under the CCPA if you are a resident of California.
Disclosure of personal information we collect about you.
You have the right to know:
The categories of personal information we have collected about you;
The categories of sources from which the personal information is collected;
Our business or commercial purpose for collecting personal information;
The categories of third parties with whom we share personal information, if any; and
The specific pieces of personal information we have collected about you.
Right to deletion
Subject to certain exceptions set out below, on receipt of a
verifiable request from you, we will:
Delete your personal information from our records; and
Direct any service providers to delete your personal information from their records.
Please note that we may not delete your personal information if it is necessary to:
Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
Debug to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
Comply with an existing legal obligation; or
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Protection against discrimination
You have the right to not be discriminated against by us because you
exercised any of your rights under the CCPA. This means we cannot, among
other things:
Deny goods or services to you;
Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
Provide a different level or quality of goods or services to you; or
Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.
Exercising your CCPA rights
If you would like to exercise any of your CCPA rights as described in
this Privacy Policy, please email us at: privacy@bluemail.me
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require.
Google API Services - Usage Disclosure
BlueMail's use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
CHANGES TO THIS PRIVACY NOTICE
From time to time, we may change this Privacy Policy. If we do so, we will make efforts to proactively notify you of such changes. In any event, the latest version of the Privacy Policy will always be accessible here.