Effective June 21, 2018
We understand the importance of keeping your data private and secure. By using our services, you are trusting us to transmit and store your data appropriately, and to use it only as you have agreed.
Payment-related information. We collect each Customer’s billing account name, zip code, credit card number, and email address to bill for our Services.
Sales and support information. In the course of considering or using our services, you may provide us your contact information, including an email address or phone number, or may contact us via email with sales or support questions. We maintain any such email correspondence.
Information provided within our websites and apps. Our Services allow you and other Users to enter information or take actions that produce data. For example, you may add comments in a discussion with other Users, flag emails, or create tasks. We use this data to provide our Services.
One of our core services is to connect to your email mailbox to help you organize and understand the data from your email conversations and attachments.
If your email provider is Google (including Google Apps and Gmail), Microsoft (including Outlook 365), or Yahoo, we will ask you to authorize access to your email data directly through these email providers. If we are able to do so, we will never have access to your email password. Instead, with your authorization, these email providers share a token with us that we can use to access your data.
If you are not using one of these service providers, or if for some reason we are unable to connect to these providers except with a username and password, we will ask for and store your mail server credentials, including your username, server host, and server port. We ask for your password for an initial connection but do not store it.
Once we have connected to your mailbox, we import and store some basic metadata. This may include:
On a much more limited basis, we will download and store full email text or attached files. We download files so that we can include previews or allow you to download them through our Services. We import the full text of emails so that we can display them to you or deliver features of our services (for example, identifying unsubscribe links from mailing list emails).
We collect and store some information about you and your use of our services as you use our websites and applications.
Log data. Like most websites, our Services automatically collect and record some data about you and the requests you send to our servers. This data may include your Internet Protocol (IP) address, data about your browser or computing environment, the addresses of web pages you visit, and data you send along with these requests. We take steps to exclude sensitive data (like passwords) from our log files.
Error data. When you encounter an error while using our Services, we record relevant data to help us diagnose and fix the problem. This includes data similar to what we capture in our log files.
Event tracking and activity data. We track the frequency of certain important events that User take in our Services, along with some data descibing these events. We use this data to understand how Users interact with our Services so that we can improve them.
We share a limited amount of your data with a small number of third-party service providers to enable or improve the delivery of our own services:
We may add, remove, or modify this list over time. The current list will always be available at https://www.carom.io/policies/privacy.
We use different types and sources of data for different purposes, but always in accordance with one of these purposes:
We take industry-standard steps to keep your data secure. We only transmit data (either from you to us, or from us to third-party processors describe earlier) with SSL encryption, restrict access to our database servers (both physically and virtually, and store your data in data centers with 24/7/365 physical security. We never store your credit card information; it is only stored by Stripe, a PCI Level 1-certified payment processor.
While you remain a Customer, we will retain any data you provide directly or through mailboxes you connect, as described in this Policy. Upon termination of an account, we will delete this data within thirty (30) days. You agree that you may not be able to access your data at any point after termination of the account.
We may retain other data about your use of the services (for instance, data related to bugs or the performance of our Services) for longer periods of time, but will take reasonable steps to remove any data that connects this data to you or your account.
We may retain other data, including payment related information, for longer periods of time as required by law or regulation or as necessary for our business interests.