Privacy by Design
It’s Your Data,
We Process and Protect It.
See How PoliteMail Protects Your Privacy and Data.
Now measure your most effective employee communication channel while keeping your employee’s personal data private. We take proactive measures to identify risks and build data privacy and security controls into our software and services. PoliteMail is compliant with global privacy legislation including the EU GDPR, the Californian CCPA and the Canadian PIPEDA.
Measure your most effective employee communication channel while keeping your employees’ personal data private. We take proactive measures to identify risks and build data privacy and security controls into our software and services.
Data Security
Is a Privacy Feature
Privacy is accomplished with effective data security practices, which follows the data through it full lifecycle, from initial collection, to reporting, to archiving and deletion.
Transparent
Policies
Our Privacy Shield certification has been discontinued as a result of the Schrems II decision, and the revised SCC’s are executed in its place.
GDPR
Compliance
PoliteMail complies with all the requirements of the recent EU privacy legislation, and currently complies with both the EU-US Privacy Shield and the Standard Contractual Model Clauses. Additionally, we can host your data in the US, EU, Asia or AU, per customer order.
While PoliteMail customers, as the data controllers and owners, have the primary responsibility and obligation to protect personal data, as a processor providing software and services, we commit to having implemented security and privacy safeguards, policies and practices to protect the data privacy of individuals and give them the right to access information collected about them.
Privacy by Design and Default.
When developing our software products and services, we consider both our customer and their data subjects (typically employees).
By default, PoliteMail provides statistical email analysis at the anonymous level, which means, while you know who the email was sent to (e.g. the employees on the distribution list), and you will have accurate statistics regarding the number of people and devices interacted with your message, you will not know specifically who.
PoliteMail provides dedicated cloud services and databases so your data is never at risk of being intermingled with other customers. While virtual machines may run on the same physical hardware as that of other customers, we use logical isolation and storage segregation to maintain clear separation. All data in transit is encrypted using the HTTPS TLS1.2 protocols and at rest with AES256 encryption.
We build privacy into our software and services when developing our products. We follow a security development lifecycle to address privacy and security concerns up front. We ensure we code against the SANS/CWE Top 25 most dangerous software errors, conduct static and dynamic vulnerability scanning on every build, and conduct at least annual third party application penetration testing.
What Data Does PoliteMail Process & Store?
PoliteMail User/Sender Data
| DATA ELEMENT | REQUIRED | STORED | PROCESSING | STORAGE ENCRYPTION |
|---|---|---|---|---|
| User Email Address | Yes | Yes | User Authentication | AES256 |
| User Role | Yes | Yes | Data Access | AES256 |
| User Password | Optional | Yes (Not with SSO) | User Authentication | SHA256 |
| User Title | Optional | User Identity | AES256 | |
| User Address | Optional | User notifications | AES256 | |
| User Phone | Optional | User notifications | AES256 | |
| User Group | Optional | User Identity, user segmentation | AES256 | |
| User Region | Optional | User Identity, user segmentation | AES256 |
Mailing List & Recipient Data
| DATA ELEMENT | REQUIRED | STORED | PROCESSING | STORAGE ENCRYPTION |
|---|---|---|---|---|
| Recipient Email Address | Yes | Yes | Email addressing, list membership, subscription management, reporting segmentation |
AES256 |
| Recipient Name | Yes | Yes | Email addressing/personalization, list membership | AES256 |
| Recipient Timezone | Yes | Yes | AD working hours for scheduled sends | AES256 |
| Recipient Default Language | Optional | *Browser Setting translation | AES256 | |
| Department | Optional | List management, reporting segmentation | AES256 | |
| Division | Optional | List management, reporting segmentation | AES256 | |
| Campus | Optional | List management, reporting segmentation | AES256 | |
| Building | Optional | List management, reporting segmentation | AES256 | |
| Manager | Optional | List management, reporting segmentation | AES256 | |
| Other HR Attributes If/As Required by Customer | Optional | List management, reporting segmentation | AES256 |
Message Data
| DATA ELEMENT | REQUIRED | STORED | PROCESSING | STORAGE ENCRYPTION |
|---|---|---|---|---|
| Email Message | Yes | Optional and temporary (as draft or scheduled send) | Composing and sending email message | AES256 |
| Sent Time/Date | Yes | Yes | Reporting & analysis | SHA256 |
| Time Zone | Yes | Yes | List management, reporting segmentation | AES256 |
| To: | Yes | Yes | Reporting & analysis | SHA256 |
| From: | Yes | Yes | Reporting & analysis | AES256 |
| Subject: | Yes | Yes | Reporting & analysis | AES256 |
| URL’s | Yes | Yes | Click reporting | AES256 |
| Word Count | Yes | Yes | Reporting | AES256 |
| Image Count | Yes | Yes | Reporting | AES256 |
| Image Sizes (Pixel Dimensions) | Yes | Yes | Reporting | AES256 |
Email Interaction Data
Device OSYesYesReporting AnalyticsAES256Browser VersionYesYesReporting AnalyticsAES256
| MESSAGE DATA | REQUIRED | STORED | PROCESSING | STORAGE ENCRYPTION |
|---|---|---|---|---|
| Date & Time | Yes | Yes | Reporting Analytics | AES256 |
| Message ID | Yes | Yes | Reporting Analytics | SHA256 |
| Recipient ID | Optional individual or anonymized | Yes | Reporting Analytics | AES256 |
| User Agent | Yes | Partial | Reporting Analytics | AES256 |
| IP | Yes | Optional via proxy | Reporting Analytics | AES256 |
| Geolocation | Yes | Yes | IP reverse lookup to ascertain region (state/province) | SHA256 |
| URL Clicked | Yes | Yes | Reporting Analytics | AES256 |
| Link ID | Yes (Reverse IP lookup) to state/province level | Yes | Reporting Analytics | AES256 |
| View Time | Yes | Yes | Reporting Analytics | AES256 |
What’s the Intent?
The key principal of the data privacy regulation is that personal data is owned by the person, therefore, any collection, processing or use of such data must be handled with care and by permission only. The idea is to limit sharing, profiteering and breach of personal data, such that personal data provided for one purpose, may not be utilized for other purposes without the person’s further permission.
What Is Required for Compliance?
To collect, store and process personal data, a company must obtain and document consent from the individual, keep a record of it, and be able to produce it when requested.
Generally, and this is not legal advice, by providing an employee with an email address and clearly informing them by policy that you intend to send communications to them using that address and to statistically analyze their use of it, you have created informed consent, at minimum implied consent that your organization is using their name and email address in order to send them communications, and if they sign-off on specific acceptable use or internet use policies, and you are clear about your collection and use of data for statistical analysis, as it applies say to internet use in general or email, intranet and internet use specifically, then you have obtained explicit consent for such personal data collection.
Most PoliteMail customers will go one step further and utilize anonymous tracking, which uses a combination of anonymization and pseudo anonymization techniques to prevent the statistical data from being directly or indirectly identified to a person.
Additionally, for compliance, companies must provide the following:
Personal Privacy Rights of the Individual
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to certain processing
- Export their data
Organizational Controls & Transparent Policies
- Person must consent to providing the data for the specific purpose
- Use of the data should be transparent and clearly stated at point of collection
- Personal data should be held no longer than necessary to fulfill the purpose
- Personal data must be properly secured
- Notification to authorities in the case of breach
- Keep detailed records of content send processing
- Define data retention and deletion policy
GDPR FAQ
Has Your Software Been Approved by the EU Works Councils?
With several global enterprises with headquarters based in Germany, PoliteMail has worked through approvals with the German Works Councils, known to be the most privacy restrictive in the EU.
In all cases, PoliteMail’s anonymous tracking methodologies, data processing, privacy and security procedures have been approved, accepted and are in use.
If We Have Employees in the EU, Can We Use Politemail Without Additional Policies?
Most certainly yes. You are already sending employees Outlook email, and by utilizing either our Anonymous or Aggregate tracking options (which can be locked down to a specific method) you will be in compliance with the GDPR.
Do I Have to Notify Employees about Tracking?
With anonymous or aggregate tracking, the email interaction data is not related to, or able to identify, a specific person – so you have no legal obligation to notify employees. Many customers do so implicitly by way of internet use or acceptable use policies (email analytics is similar to web analytics) and others elect to do so explicitly out of respect for employees, including a one-time or even per email notice such as “For statistical analysis we are collecting anonymized information about your interactions with corporate communications broadcast to you. Thank you.”