Welcome to BlueMail, a messaging platform that integrates best-of-breed email, calendar, contacts, and later board for improved team-driven productivity (the "Platform" and the "Service").
We are committed to protecting and respecting data privacy. As explained below, we do not store your emails on our servers, and we do not sell your data.
PERSONAL DATA PROCESSED
We process your email address. We also optionally process your name or nickname, photo and mobile phone number. We process your email address when you register to use BlueMail.
You may also optionally provide the following items when you register: a chosen name, nickname or pseudonym to be displayed with your email account; a photo used as your avatar; and your mobile phone number for SMS verification.
We also generate a unique app instance number when you install and run
an instance of our client-side app on your smartphone, desktop, laptop
and web browser. It is generated anew if you reinstall our app. We do
not use any hardware identifiers such as Unique Device Identifier
(UDID), SSAID (Android ID), IDFA, GAID, or IMEI and we have no way to
track the specific hardware you use.
We refer to this as "Registration Information".
We process your account preferences, such as background color, font
and email signature.
We process your account settings, such as the background color you have chosen, the refresh rate and font settings you selected, and the automatic email signature you configured.
We refer to this as "Account Settings Information".
We process billing information using BlueMail's
We process payment information, such as credit card details, that we may collect from the administrator of an organization or from users who make purchases, in which case we process their payment information as well.
We refer to this as "Billing Information".
When you use or access groups through the Platform, we process the
group's conversation setting which include the email addresses of the
group members as well as other settings.
When you use or access groups through the Platform, we process the email addresses of the group members as well as the group's selected name, avatar and notes.
We refer to this as "Group Conversation Settings".
We will process your email credentials in certain cases.
If you use Windows, Mac or Linux we do not process your credentials or OAuth tokens. If you configure your account settings to allow Instant push notifications when you have a new email and use OAuth supported email accounts on Android, or IMAP and Exchange email accounts on iOS we will we process either the OAuth token or encrypted credentials.
We refer to this as "Credential Information".
We will process user inquiries you choose to send us.
You can submit an inquiry through our online "Contact Us" form or by emailing or writing to us. We will collect the information you provide in the inquiry, which typically includes your name, email address, other contact information, country, and the text of your message.
We refer to this as "Inquiry Information".
We will process user feedbacks and reviews you provide.
You can provide us feedback, review, or answers to surveys or promotions, on social media channels, by posting on any of our online public forums or communities, by sending an e-mail to any of our designated addresses, or any other form of communication. We will process the data you choose to provide, which may include your name, email address and the feedback or review.
We refer to this as "Feedback Information".
In the provision of the Service, the Platform performs limited
processing of your emails, later board, contacts and calendar events.
In order to provide the Service to you, the Platform is involved in processing your emails, later board, contacts and calendar events, but in a very limited fashion as described below.
We refer to this as "Your Content".
You do not have a legal obligation to let us process any of the above information. However, you will not be able to use the Platform and the Service unless we process this information, because we require it to operate the Platform and provide you the Service.
We collect and process measurements regarding your use of the
We collect meta-data such as the frequency of your use of the Platform, your interaction with the Platform's user interface, general details such as the model of your smartphone and its operating system and information about bugs and crashes in our client-side app on your smartphone, desktop, laptop and web browser.
We refer to this entire data as "Analytics Information".
HOW YOUR PERSONAL DATA IS PROCESSED
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
We will process your information to provide you the functionality of the Service.
We store and use your Registration Information, Account Settings Information, Credential Information and Group Conversation Settings in order to provide you the functionality of the Platform.
We use your Billing Information in order to charge the fees applicable to your organization's use of the Platform or to your in-app purchases. We do not store or maintain your credit card number and are not exposed to it. It is handled by payment processors who are certified to acceptable security standards when they handle this information.
We do not store your email messages or calendar events on our servers. If you use an iOS device or you use an Android device with an OAuth compliant account, and have configured your account on the Service to send you instant push notification of new incoming emails, our servers will momentarily process each incoming email message. The Platform's push proxy receives email headers and within in 1-2 seconds pushes them to device's push service, after which the email headers are automatically and completely deleted from the Platform's servers.
If you use the Service's spam filter, our servers will momentarily process the information about the sender of the incoming email messages to determine if the message is believed to be spam. If you tag an email message as spam, we will store sender's email address in order to keep flagging it as spam.
You can share a link to an email by uploading it to our Servers and send it to your contacts.
Our Platform's servers store your later boards (but excluding the email message attached to the task, which we do not store). These are all stored in an encrypted form, which you can read more about below.
We will use the Inquiry Information to handle and respond to your
inquiry for quality assurance and for development and enhancement of
the Platform, to prevent fraud, resolve disputes, troubleshoot problems
and related purposes.
We will use your Inquiry Information to contact you about your inquiry and handle and respond to your inquiry. If your inquiry is regarding any other information we have about you, we will process that other information to respond to your inquiry.
We may also use the content of your inquiry to maintain and improve the
Service, for quality assurance and for development and enhancement of
the Platform, to prevent fraud, resolve disputes, troubleshoot problems,
We use the Analytics Information and your Feedback Information for our business needs of developing and enhancing the Service, prevent fraud, resolve disputes and troubleshoot problems and related purposes.
We process the Analytics Information and Feedback Information to maintain and improve the Service, for quality assurance and for development and enhancement of the Platform.
If you expressed your consent, we will use your email address to
contact you with marketing messages, promotions and offers relating to
the Platform and the Service.
We will use your email address to send you emails containing BlueMail updates, promotions, marketing, and special offers. We will only do so if you have given your consent. If you gave your consent but later wish to unsubscribe from these emails, you may opt-out of receiving them by following the unsubscribe link located at the bottom of each communication or by emailing us at email@example.com.
We will use your email address to contact you with administrative
We will use your email address to initiate contact with you on administrative issues related to the Services or support and maintenance.
We will process information with our service providers helping us to
operate our business.
We will process personal information with the assistance of our service providers who assist us with the internal operations of the Service. These companies which for example include Amazon Web Services (our hosting provider), Google, DigitalOcean and Stripe are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own business purposes.
We will share information with competent authorities if you violate
any applicable law.
If you violated any applicable law, we may share information we have about you with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling of the violation.
We will share your information if we are legally required.
We will share information we have about you if we are required to do so by a judicial, governmental or regulatory authority.
We will share your information with third-parties in any event of
change in our structure.
If the operation of our business is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition), we will share information only as required to enable the structural change in the operation of the business.
What are cookies?
Cookies are text files, comprised of small amount of data, that are saved on your computer or other device (e.g., smartphone, tablet etc.) when you use the internet and visit various websites.
The information that the cookies maintain is read by the website you visit, during the session of your visit to the website (these are called 'session' cookies), and when you return to visit it again (these are called 'persistent' cookies).
Necessary. We use a login cookie to validate your login credentials when you use login to the Platform through the web. This cookie is strictly necessary for the functioning of the Platform. The Platform cannot operate properly without this cookie.
Statistics. Google Analytics cookies that help us understand how you interact with the Platform by collecting data that does not directly identify you.
You can always delete or disable cookies. You can always delete the cookies saved on your device through the settings of your computer browser or device. You can also disable cookies for future use through the settings of your computer browser or device.
SECURITY AND DATA RETENTION
We will generally retain your information for as long as you are a
registered user, and thereafter for record keeping purposes if
Generally, we will retain your information for as long as you are a registered user of the Platform. Except as required by law or our agreement directly with you, we are not obliged to retain your information for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you.
We will also retain and use your information in the following instances:
If there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved.
The information must be kept for our legitimate business interests, such as fraud prevention and enhancing users' safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behavior or security incidents from opening a new account.
We implement measures to secure your information.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. These include TLS and AES encryption for data in transit and encryption such as for later board, when they are stored on our servers. In any event, these measures do not provide absolute information security. Therefore, although efforts are made to secure personal information, it is not guaranteed, and you cannot expect that the Service will be immune from information security risks.
INTERNATIONAL DATA TRANSFERS
We will internationally transfer information in accordance with
applicable data protection laws.
If we transfer your personal data for processing at locations outside your jurisdiction, we will abide by data transfer rules applicable to these situations.
ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EU and UK
Blix is the data controller for all information other than Your
Blix is the data controller for the following information: Registration Information, Account Settings Information, Billing Information, Credential Information, Inquiry Information, Feedback Information and Analytics Information.
Blix is the data processor for Your Content.
The following is the contact information of Blix:
101 Hudson Street
Jersey City, NJ 07302
Legal bases under the GDPR for processing your personal data.
The legal basis under the GDPR for Blix's processing of your Registration Information, Account Settings Information, Billing Information, Group Conversation Settings, Credential Information, as well as the use of the necessary-type cookie, is the performance of the terms of service contract in providing you the Platform the Service and its features.
The legal basis under the GDPR for processing your Inquiry Information is our legitimate interest in handling and responding to your inquiry, developing, maintaining and improving our business, the Service and the Platform.
The legal basis under the GDPR for processing your Analytics Information (including the use of the statistics cookie), and Feedback Information is our legitimate interest in developing, maintaining and improving our business, the Service and the Platform.
The legal basis under the GDPR for processing your email address to contact you with administrative messages is our legitimate interest in keeping our users informed of updates relating to the Platform and our compliance with legal obligations of informing users where required by law.
The legal basis under the GDPR for processing your email address to contact you with marketing-related emails is your express consent.
The legal basis under the GDPR for sharing your information with authorities or where we are legally required to share it, is our legitimate interests in complying with mandatory legal requirements imposed on us.
The legal basis under the GDPR for processing your information in the event of a change in our corporate structure is our legitimate interests in our business continuity.
You have certain rights to access, update or delete information,
obtain a copy of your information, and object or restrict certain data
If you are in the EU or the UK, you have the following rights under the GDPR:
Right to Access your personal data that we process, and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to withdraw your consent after you have given it to allow us to send you marketing-related emails.
Right to Object, based on your particular situation, to using your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
Right to be Forgotten. Under certain circumstances, such as when you object to us processing your data and we have no compelling legitimate grounds to override your objection, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation, we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of your EU rights, please contact us at: firstname.lastname@example.org
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you the information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory
data protection authority.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU of UK, then according to the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU and UK, click here.
ADDITIONAL INFORMATION FOR INDIVIDUALS IN CALIFORNIA
Below is a detailed description of the information we collect from users to our commercial purposes for which we use each category of personal information. This is also the information we have collected in the past 12 months.
|Categories of personal information and source from which the information is collected||Specific Types of Personal Information Collected|
|Identifiers such as a real name, alias, email address and account name– collected directly from you.||As described above in the “Personal Data Processed” section.|
|Commercial information about the Service subscriptions purchased– collected directly from you or from the administrator of your organization using BlueMail.||As described above in the “Personal Data Processed” section.|
|Internet or other electronic network activity information – collected through the device you use to access the Service.||As described above in the “Personal Data Processed” section.|
|---------------------------------- ----------------------- -------------|
Business or commercial purposes pursuant to the CCPA
Undertaking activities to verify or maintain the quality of the Service and to improve, upgrade or enhance the Service.
Undertaking internal research for technological development and demonstration.
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
Debugging to identify and repair errors.
We do not sell your personal information and have not done so in the past 12 months, or ever.
Your rights under the CCPA if you are a resident of California.
Disclosure of personal information we collect about you.
You have the right to know:
The categories of personal information we have collected about you;
The categories of sources from which the personal information is collected;
Our business or commercial purpose for collecting personal information;
The categories of third parties with whom we share personal information, if any; and
The specific pieces of personal information we have collected about you.
Right to deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
Delete your personal information from our records; and
Direct any service providers to delete your personal information from their records.
Please note that we may not delete your personal information if it is necessary to:
Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
Debug to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
Comply with an existing legal obligation; or
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Protection against discrimination
You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
Deny goods or services to you;
Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
Provide a different level or quality of goods or services to you; or
Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.
Exercising your CCPA rights
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require.
Google API Services - Usage Disclosure
BlueMail's use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
CHANGES TO THIS PRIVACY NOTICE