Carom

Effective June 21, 2018

Information You Provide Us Directly

Payment-related information. We collect each Customer’s billing account name, zip code, credit card number, and email address to bill for our Services.

Sales and support information. In the course of considering or using our services, you may provide us your contact information, including an email address or phone number, or may contact us via email with sales or support questions. We maintain any such email correspondence.

Information provided within our websites and apps. Our Services allow you and other Users to enter information or take actions that produce data. For example, you may add comments in a discussion with other Users, flag emails, or create tasks. We use this data to provide our Services.

Information Gathered From and About Your Mailboxes

One of our core services is to connect to your email mailbox to help you organize and understand the data from your email conversations and attachments.

If your email provider is Google (including Google Apps and Gmail), Microsoft (including Outlook 365), or Yahoo, we will ask you to authorize access to your email data directly through these email providers. If we are able to do so, we will never have access to your email password. Instead, with your authorization, these email providers share a token with us that we can use to access your data.

If you are not using one of these service providers, or if for some reason we are unable to connect to these providers except with a username and password, we will ask for and store your mail server credentials, including your username, server host, and server port. We ask for your password for an initial connection but do not store it.

Once we have connected to your mailbox, we import and store some basic metadata. This may include:

• Contact-related data: email addresses and names (when available in your mailbox data) of people you have contacted or who have contacted you by email
• Email-related data: subjects, brief snippets from your emails (e.g., the first sentence or two of a message), dates sent, recipients, folders or labels, read/unread status, flags, and the number of messages in each thread
• File-related data: file names, sizes, senders, recipients, and dates sent

On a much more limited basis, we will download and store full email text or attached files. We download files so that we can include previews or allow you to download them through our Services. We import the full text of emails so that we can display them to you or deliver features of our services (for example, identifying unsubscribe links from mailing list emails).

Information About You We Collect Passively

We collect and store some information about you and your use of our services as you use our websites and applications.

Log data. Like most websites, our Services automatically collect and record some data about you and the requests you send to our servers. This data may include your Internet Protocol (IP) address, data about your browser or computing environment, the addresses of web pages you visit, and data you send along with these requests. We take steps to exclude sensitive data (like passwords) from our log files.

Error data. When you encounter an error while using our Services, we record relevant data to help us diagnose and fix the problem. This includes data similar to what we capture in our log files.

Event tracking and activity data. We track the frequency of certain important events that User take in our Services, along with some data descibing these events. We use this data to understand how Users interact with our Services so that we can improve them.

Cookie and similar data. We use cookies on a limited basis as described in the “Use of Cookies and Similar Technologies” section.

Information We Share With Others

We share a limited amount of your data with a small number of third-party service providers to enable or improve the delivery of our own services:

• Stripe processes credit card payments for our customers. We provide Stripe a billing contact’s name, zip code, and credit card number.
• Sentry is the error-tracking software we use to record and diagnose errors in our websites and applications. In order to help with de-bugging, Sentry records information about the devices you use to access our services, including your IP address, computer operating system version, and browser version.
• Amazon Web Services provides web hosting for several types of data, including email attachments, database backups, and avatars or profile photos for users and contacts. This data is stored in an encrypted manner.
• AppSignal has access to some data related to requests on our Services to help us track their performance.
• Amplitude allows us to analyze certain actions users take in using our services; we use this aggregate data to improve our services.
• Segment serves as an intermediary between us and Amplitude.
• Clearbit provides enriched contact data; we provide email addresses of contacts to enrich.
• Nylas connects to our Users’ email accounts and provides us data from connected mailboxes.
• Postmark handles transactional emails sent from our Services (for instance, to help Users sign in after forgetting their passwords).

We may add, remove, or modify this list over time. The current list will always be available at https://www.carom.io/policies/privacy.

How We Use the Information We Collect

We use different types and sources of data for different purposes, but always in accordance with one of these purposes:

• To provide our Services. We use both information you provide directly and information you authorize us to access from your mailboxes to deliver our services.
• For research and development. Data about your use of our Services (including errors or bugs that arise in the process) helps us improve our Services. For instance, we use performance data from across our Customer base to identify and improve slow functionality, and we refine algorithms and models for mailing list classification and email prioritization based on data from our Users.
• To communicate with you about our Services. We use your contact information to provide certain transactional messages about your use of our Services. For instance, we may contact you with updates to this Privacy Policy or information related to invoices or payments.
• To improve sales and marketing engagement. We use analytics software to understand engagement with our website, where visitors come from, and how long they remain on our website.
• To protect our legitimate business interests and legal rights. We may use information about you where required by law or necessary to protect our legal rights or business interests.
• As required by law enforcement. We will share your data with law enforcement officials only as we are required by law (for instance, with a valid court order).
• For customer support. From time to time we may access your data to address bugs or provide service in response to customer support inquiries.
• For other purposes to which you explicitly consent. From time to time we may offer other services or opportunities unrelated to the purposes above that require or make use of your data. In any such case we will only use your data with your consent after explaining the data to be used and the purpose of its use.

Data Security

We take industry-standard steps to keep your data secure. We only transmit data (either from you to us, or from us to third-party processors describe earlier) with SSL encryption, restrict access to our database servers (both physically and virtually, and store your data in data centers with 24/7/365 physical security. We never store your credit card information; it is only stored by Stripe, a PCI Level 1-certified payment processor.

Data Retention

While you remain a Customer, we will retain any data you provide directly or through mailboxes you connect, as described in this Policy. Upon termination of an account, we will delete this data within thirty (30) days. You agree that you may not be able to access your data at any point after termination of the account.

We may retain other data about your use of the services (for instance, data related to bugs or the performance of our Services) for longer periods of time, but will take reasonable steps to remove any data that connects this data to you or your account.

We may retain other data, including payment related information, for longer periods of time as required by law or regulation or as necessary for our business interests.

Use of Cookies and Similar Technologies

Many websites use “cookies”—small bits of text information stored in your browser’s memory—to record information over time. We use cookies and and your browser’s local storage to record certain information that we use for several limited purposes:

• Authentication. After you sign in to use our services, we store a complex token that identifies you and allows you access to our services.
• Enabling key features of our services. For example, we use your browser’s local storage to keep track of various display preferences in our website interfaces.
• Understanding and improving our services. We track some limited information about your usage of our services (for instance, which features are used most often and how long pages take to load) so that we can improve our services.
• Understanding potential customers. We track some information about how potential users come to our website, how often they come back, and which pages they visit. This allows us to test and improve our sales and marketing operations.

Modifications to the Privacy Policy

We may make changes to the Privacy Policy from time to time as we modify our Services or our business or in response to shifting legal, regulatory, and industry requirements and best practices. The latest version of this policy is available at https://carom.io/policies/privacy. If we make changes that materially alter your privacy rights, we will notify you by email or through our Services.