Privacy by Design
It’s Your Data,
We Process and Protect It.
See How PoliteMail Protects Your Privacy and Data.
Now measure your most effective employee communication channel while keeping your employee’s personal data private. We take proactive measures to identify risks and build data privacy and security controls into our software and services. PoliteMail is compliant with global privacy legislation including the EU GDPR, the Californian CCPA and the Canadian PIPEDA.
Measure your most effective employee communication channel while keeping your employees’ personal data private. We take proactive measures to identify risks and build data privacy and security controls into our software and services.
Data Security
Is a Privacy Feature
Privacy is accomplished with effective data security practices, which follows the data through it full lifecycle, from initial collection, to reporting, to archiving and deletion.
Transparent
Policies
We are completely transparent about our policies, operational practices, technology platforms and data processing. We never sell or share your company or personal data with any third parties.
GDPR
Compliance
PoliteMail complies with all the requirements of the recent EU privacy legislation, and currently complies with both the EU-US Privacy Shield and the Standard Contractual Model Clauses. Additionally, we can host your data in the US, EU, Asia or AU, per customer order.
While PoliteMail customers, as the data controllers and owners, have the primary responsibility and obligation to protect personal data, as a processor providing software and services, we commit to having implemented security and privacy safeguards, policies and practices to protect the data privacy of individuals and give them the right to access information collected about them.
Privacy by Design and Default.
When developing our software products and services, we consider both our customer and their data subjects (typically employees).
By default, PoliteMail provides statistical email analysis at the anonymous level, which means, while you know who the email was sent to (e.g. the employees on the distribution list), and you will have accurate statistics regarding the number of people and devices interacted with your message, you will not know specifically who.
PoliteMail provides dedicated cloud services and databases so your data is never at risk of being intermingled with other customers. While virtual machines may run on the same physical hardware as that of other customers, we use logical isolation and storage segregation to maintain clear separation. All data in transit is encrypted using the HTTPS TLS1.2 protocols and at rest with AES256 encryption.
We build privacy into our software and services when developing our products. We follow a security development lifecycle to address privacy and security concerns up front. We ensure we code against the SANS/CWE Top 25 most dangerous software errors, conduct static and dynamic vulnerability scanning on every build, and conduct at least annual third party application penetration testing.
How We Manage Your Data
We use your customer data only to provide the services we have agreed on, and never share or sell it for marketing or advertising. We make contractual data security and privacy commitments for the software and services we agree to provide. We strive to maintain transparent policies and processes, so our customers and their employee data subjects can be fully aware of the data being collected, its purpose, and what operations are being performed on that data. We provide ready access to your data, so you may extract as desired, and if you leave our service we follow specific processes to remove your data from our systems.
How We Limit Access to Your Data
We take proactive measures to protect your data from unauthorized or inappropriate access, following least privilege principles using role-based security group controls, IP restrictions and multifactor authentication for PoliteMail personnel. All PoliteMail employees are required to sign confidentiality agreements and attend data security and privacy awareness training upon hire and at least annually.
Data Locations
PoliteMail limits our use of subcontractors to only our Tier 1 cloud hosting service providers, whom we maintain active partnerships with, and with whom we have agreements which are at least as stringent as our own data-processing terms.
Customers may select a specific geographic location, such as within the EU, and even when data services are provided.
US EAST – Virginia
US WEST – Washington
EU – Ireland
EU – Germany
AsiaPac – Singapore
AsiaPac – Australia
How We Respond to Legal Requests for Customer Data
In the event of a legal hold or government request for data, we follow our standardized, contractual processes to provide you with notice and a copy of such request, unless legally prohibited to do so.
How Does Politemail Anonymization Work to Protect the Privacy of Your Employees?
Personal data, including name and email address is always stored within our systems, as we use that information to address and send your email messages, so you will have a record of who the email was sent to.
When it comes to the analytics data, PoliteMail utilizes anonymization and pseudonymization techniques to protect the identity of the email recipients, such that their specific interactions cannot be tied back to a specific person.
Anonymization means the data cannot be identified to a person, and pseudonymization or encryption means no individual can be identified without a specific “key” and such a key is kept separate from the data.
When PoliteMail sends an email, it creates a pseudo anonymized record, one for each recipient, and it inserts unique, anonymized tracking encoding into the email message for each recipient, which is directly related only to the pseudo anonymized record. Specifically, PoliteMail includes an https request to a tiny, transparent image hosted on the analytics server, commonly called a “beacon image,” and it will rewrite any URLs contained within the email message to a redirect URL which is also hosted on the PoliteMail analytics server.
When recipients receive and interact with the email message, PoliteMail will receive and process those https requests. Such requests include what is commonly called a “user agent” which does contain some personal data, such as IP address or device ID, but only because that information comes over with all standard web https requests. We do not store the user agent or IP, but instead process it to extract some non-specific personal data which is useful for analysis, such as geographic location (to the city level, using a reverse IP look-up database), operating system and device type (such a Windows or iOS and iPhone) and browser and screen size.
In this way, PoliteMail is able to provide accurate analytics down to a specific person, but without identifying who that person is. In other words, PoliteMail will be able to measure if a specific email message was read by one person, using two different devices, but you will not be able to determine who that person was.
Certain features of PoliteMail may make it possible to infer the identity of an individual, for instance, if you sent an email to a list of 3 people, one in each of 3 cities or countries, Then you will likely be able to use the geolocation data to infer a person.
Therefore, in addition to anonymization, PoliteMail provides limitations on segmentation size – the minimum size at which PoliteMail will show certain data. Using the example above, as the send was less than 10 people, no data would be shown, nor would it be exportable by a user, for that send of three.
In the unlikely event of breach, say of the entirety of the server system and PoliteMail databases (meaning the compromise would have to exist at a level which would afford access to the data encryption keys) a person would have to invest significant time and have sufficient technical expertise of the data structures to reverse engineer the anonymization process and link interaction records to an individual.
What Data Does PoliteMail Process and Store?
DATA ELEMENT | REQUIRED | STORED | PROCESSING | STORAGE ENCRYPTION |
---|---|---|---|---|
USER/SENDER DATA | ||||
Email Message | Yes | Optional and temporary (as draft or scheduled send) | Composing and sending email message | AES256 |
USER EMAIL ADDRESS | Yes | Yes | User Authentication | AES256 |
USER PASSWORD | Yes | Yes | User Authentication | SHA256 |
USER TITLE | Optional | User Identity | AES256 | |
USER ADDRESS | Optional | User notifications | AES256 | |
USER PHONE | Optional | User notifications | AES256 | |
USER GROUP | Optional | User Identity, user segmentation | AES256 | |
USER REGION | Optional | User Identity, user segmentation | AES256 | |
RECIPIENT AND MAIL LIST DATA | ||||
RECIPIENT EMAIL | Yes | Yes | Email addressing, list membership, subscription management, reporting segmentation | |
RECIPIENT NAME | Optional (defaults to Outlook display name) | Yes | Email addressing, personalization, list membership | AES256 |
RECIPIENT GEOLOCATION | Yes | Yes | IP reverse lookup to ascertain long/lat to city level | AES256 |
RECIPIENT TIME ZONE | Yes | Yes | Working Hours | AES256 |
RECIPIENT DEFAULT LANGUAGE (OFFICE SETTING) | Optional | Personalization, translation* | AES256 | |
RECIPIENT MANAGER EMAIL | Optional | Hierarchical list management, send from addressing, reporting segmentation | AES256 | |
DEPARTMENT | Optional | List management, reporting segmentation | AES256 | |
DIVISION | Optional | List management, reporting segmentation | AES256 | |
CAMPUS | Optional | List management, reporting segmentation | AES256 | |
BUILDING | Optional | List management, reporting segmentation | AES256 | |
MANAGER | Optional | List management, reporting segmentation | AES256 | |
EXECUTIVE | Optional | List management, reporting segmentation | AES256 | |
OTHER HR ATTRIBUTES IF/AS REQUIRED BY CUSTOMER | Optional | List management, reporting segmentation | AES256 | |
MESSAGE DATA | AES256 | |||
EMAIL MESSAGE | Yes | Optional and temporary (as draft or scheduled send) | Composing and sending email message | AES256 |
USER EMAIL ADDRESS | Yes | Yes | User Authentication | AES256 |
USER PASSWORD | Yes | Yes | User Authentication | SHA256 |
USER TITLE | Optional | User Identity | AES256 | |
USER ADDRESS | Optional | User notifications | AES256 | |
USER PHONE | Optional | User notifications | AES256 | |
USER GROUP | Optional | User Identity, user segmentation | AES256 | |
USER REGION | Optional | User Identity, user segmentation | AES256 | |
RECIPIENT AND MAIL LIST DATA | ||||
RECIPIENT EMAIL | Yes | Yes | Email addressing, list membership, subscription management, reporting segmentation | |
RECIPIENT GEOLOCATION | Yes | Yes | IP reverse lookup to ascertain long/lat to city level | AES256 |
SENT FROM NAME | Yes | Yes | Email Addressing, reporting display | AES256 |
SENT FROM EMAIL ADDRESS | Yes | Yes | Email Addressing, Reporting segmentation | AES256 |
DATE SENT | Yes | Yes | Reporting and Analysis | AES256 |
LISTNAME | Yes | Yes | Email Addressing, Reporting segmentation | AES256 |
RECIPIENT EMAIL ADDRESS | Yes | Yes | Email addressing, reporting segmentation | AES256 |
SUBJECT LINE | Yes | Yes | Email Addressing, Reporting segmentation | AES256 |
LINK TEXT & URL(s) | Optional When included within email content will be stored unless ‘no track’ option is applied | Yes | Email content, click measurement and reporting | AES256 |
WORD COUNT | Yes | Yes | Reporting & analysis | AES256 |
FLEISH READING EASE (And other text analysis attributes) | Yes | Yes | Reporting & analysis | AES256 |
IMAGE AREA | Yes | Yes | Reporting & analysis | |
IMAGE(s) | Optional If placed into message using PoliteMail tools AND Outlook embed images set to default off | Yes | Image content | AES256 |
FILE ATTACHMENTS | Optional Through upload via app SmartAttachment feature (10MB and format limited) | Email content (as URL to hosted file) | IP restricted optional AES256 | |
RECIPIENT INTERACTION DATA | ||||
OPEN DATE | Yes | Yes | Reporting analytics | AES256 |
OPEN TIME | Yes | Yes | Reporting analytics | AES256 |
MESSAGE ID | Yes | Anon | Reporting analytics | AES256 |
RECIPIENT ID | Optional Individual or Anonymized | Anon | Reporting analytics | AES256 |
IP | Yes | Yes | Reporting analytics | AES256 |
USER AGENT | Yes | Yes | Reporting analytics | AES256 |
LONG/LAT | Yes, Reverse IP lookup | Yes | Reporting analytics | AES256 |
URL CLICKED | Yes | Yes | Reporting analytics | AES256 |
READ TIME | Yes | Yes | Reporting analytics | AES256 |
*Future
What’s the Intent?
The key principal of the data privacy regulation is that personal data is owned by the person, therefore, any collection, processing or use of such data must be handled with care and by permission only. The idea is to limit sharing, profiteering and breach of personal data, such that personal data provided for one purpose, may not be utilized for other purposes without the person’s further permission.
What Is Required for Compliance?
To collect, store and process personal data, a company must obtain and document consent from the individual, keep a record of it, and be able to produce it when requested.
Generally, and this is not legal advice, by providing an employee with an email address and clearly informing them by policy that you intend to send communications to them using that address and to statistically analyze their use of it, you have created informed consent, at minimum implied consent that your organization is using their name and email address in order to send them communications, and if they sign-off on specific acceptable use or internet use policies, and you are clear about your collection and use of data for statistical analysis, as it applies say to internet use in general or email, intranet and internet use specifically, then you have obtained explicit consent for such personal data collection.
Most PoliteMail customers will go one step further and utilize anonymous tracking, which uses a combination of anonymization and pseudo anonymization techniques to prevent the statistical data from being directly or indirectly identified to a person.
Additionally, for compliance, companies must provide the following:
Personal Privacy Rights of the Individual
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to certain processing
- Export their data
Organizational Controls & Transparent Policies
- Person must consent to providing the data for the specific purpose
- Use of the data should be transparent and clearly stated at point of collection
- Personal data should be held no longer than necessary to fulfill the purpose
- Personal data must be properly secured
- Notification to authorities in the case of breach
- Keep detailed records of content send processing
- Define data retention and deletion policy
GDPR FAQ
Has Your Software Been Approved by the EU Works Councils?
With several global enterprises with headquarters based in Germany, PoliteMail has worked through approvals with the German Works Councils, known to be the most privacy restrictive in the EU.
In all cases, PoliteMail’s anonymous tracking methodologies, data processing, privacy and security procedures have been approved, accepted and are in use.
If We Have Employees in the EU, Can We Use Politemail Without Additional Policies?
Most certainly yes. You are already sending employees Outlook email, and by utilizing either our Anonymous or Aggregate tracking options (which can be locked down to a specific method) you will be in compliance with the GDPR.
Do I Have to Notify Employees about Tracking?
With anonymous or aggregate tracking, the email interaction data is not related to, or able to identify, a specific person – so you have no legal obligation to notify employees. Many customers do so implicitly by way of internet use or acceptable use policies (email analytics is similar to web analytics) and others elect to do so explicitly out of respect for employees, including a one-time or even per email notice such as “For statistical analysis we are collecting anonymized information about your interactions with corporate communications broadcast to you. Thank you.”