Shared Email Templates for Microsoft Outlook

Privacy Policy

Effective date: November 23, 2023

This document is an integral part of the Terms of Use.

This Privacy Policy applies from November 23, 2023. The previous version of this Privacy Policy, available at https://www.ablebits.com/docs/outlook-shared-templates-privacy-policy-archive-2023-08-01/, applies until then.

Introduction

We value your privacy. With this policy, we set out your privacy rights and how we collect, use, disclose, transfer, and store your Personal Data in Shared Email Templates.

Definitions

When we say "we", "our", or "us", we mean Office Data Apps sp. z o.o., Warszawska str., 109, Office 5, Lomianki, 05-092, Poland, which is the entity responsible for processing your Personal Data.

When we say "Services", we mean collectively Shared Email Templates web application located on https://email-templates.app, Shared Email Templates add-in for Microsoft Outlook available from Microsoft AppSource (https://www.ablebits.com/go.php?to=shared-email-templates-signup&label=privacy-policy), and Shared Email Templates backend infrastructure located on Amazon Web Services.

When we say "Personal Data", we mean all of personal data or personal information or personally identifiable information (as defined by applicable law).

Our Services allow you to create, use, and share templates for email messages ("Template" or "Templates"). Templates are the centerpiece of our Services. Your Templates are part of your Personal Data.

When we say "Cookies", we mean cookies and similar technologies referred to as "IndexedDB", "HTML Local Storage", "HTML Session Storage". These are implemented on our Services and used together with Cookies.

When we say "you", "user", or "users", we mean all of visitors, customers, and consumers that access our Services.

When processing Personal Data, we adhere to the following principles:

  • We do not collect more information than is necessary.
  • We do not use Personal Data for purposes other than those specified in this Privacy Policy.
  • We do not store Personal Data if it is no longer needed.
  • We do not disclose Personal Data in cases other than those specified in this Privacy Policy.
    • By accepting our Privacy Policy, you are consenting to the collection, use, and storage of Personal Data pursuant to the disclosures contained within this Privacy Policy. You may withdraw your consent at any time through the Data Subject Request Form (https://www.ablebits.com/support/data-protection-form.php) or by email at privacy@ablebits.com. If you refuse to provide such Personal Data or withdraw your consent to our processing of your Personal Data, then in some cases we may not be able to fulfill our obligations to you.

      If you do not agree with our Privacy Policy, do not use our Services. By accessing or using our Services, you agree to this Privacy Policy.

      When you decide to contact us, get access to a trial version of our Services, purchase a subscription, we may ask you to provide your personal details. Depending on the context, we may use this Personal Data, for example, to communicate with you, to perform an agreement concluded with you, fulfill statutory data retention obligations (e.g., resulting out of accounting law regulations or tax law or data protection regulations), inform you about our Services updates, and pursue other legitimate goals.

      We may also temporarily process data which belongs to you if you want to contact our support services and decide to share Services or system logs with us. You can find more information about how we process data in the What information we collect section.

      You have the right to request access and update your Personal Data and the right to be forgotten. You also have the right to have the processing of your Personal Data restricted. If the processing of your Personal Data is based on your consent, you also have the right to withdraw it at any given time. Withdrawal of your consent will not influence the lawfulness of processing based on this consent before its withdrawal. If the processing of your Personal Data is based on our legitimate interests, you also have the right to object against such processing. You can find more information about your rights in the Your rights regarding your Personal Data section.

What information we collect

We collect information about you when you provide it to us and when you use Services, as described below.

Information that you provide to us

  • Account Information. Services require to create an account. We will ask you to provide personal account information, including first and last name, username, email address, date of birth, and additional information such as a company name and the number of users for a company account. When you collaborate with other users, you provide the information about them, namely team names, team descriptions, team members lists, team members' email addresses, and users access permissions.
  • Newsletters. You may also optionally subscribe to our newsletters. We will only use your email address to send you newsletters and promotional emails with your express consent. You may opt out of receiving our email communications at any time by clicking an unsubscribe link at the bottom of every email or by sending us an email stating your request through the contact information below. This opt-out does not apply to information provided to us as a result of your support requests regarding Services.
  • User content. We receive and store the information you provide directly to us when you use our Services. The types of information we may collect directly from Users include Personal Data and other information provided by you and stored in HTML and plain text formats.

Information we collect automatically

As you navigate through and interact with our Services, we may use automatic data collection technologies or other methods of web analysis to collect certain information about your equipment, browsing actions, and patterns, specifically:

  • Log file information. Log file information is automatically reported by your browser each time you access Services. Server logs may include information such as your web request, IP address, operating system, browser type, referring/exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, search queries on Services, and other such information. Log file data is securely encrypted utilizing the most advanced encryption methods and is used for debugging purposes and to improve our Services.
  • Cookies and similar technologies. Our Services use Cookies and/or similar technologies to operate the core functions. In addition, by accepting our Privacy Policy upon purchase of our Services, you are consenting to us use of cookies in connection with Services themselves. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from Services and transferred to your device. You can set your browser to remove or reject cookies, however, our Services do not work properly without Cookies. Please review our Cookies Policy, which is part of (and incorporated into) this Privacy Policy, for more information in Annex 1: Cookies Policy.
  • Analytics. We collect in-house analytics to improve existing features and create new features regarding Services.

Information we receive from others or shared or disclosed

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy.

To support the delivery of our Services, we may use data processors with access to certain Personal Data (hereby known as "Sub-processors"). We currently use third-party Sub-processors to provide various business functions such as infrastructure, payments, customer support, newsletter delivery service, external accounting and bookkeeping services. Prior to engaging any third-party Sub-processors, we perform due diligence to evaluate their defensive posture and execute an agreement requiring each Sub-processor to maintain minimum acceptable security practices.

These parties are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. By accepting this policy, you authorize us to instruct Sub-processors to process your Personal Data in accordance with this Policy and for the purposes of using Services.

Specifically, such third parties include:

  • Cloud service provider. We use Amazon Web Services for our backend infrastructure. You should click on the hyperlink (https://aws.amazon.com/privacy/) for more information about their data collection and privacy policies.
  • Microsoft 365 integration. We use Azure Active Directory access to integrate our Services with Microsoft 365. We do this based on the permissions you have given us. You can find more information in Annex 2: Microsoft 365 permissions for Services. Relevant privacy policy may be found at https://privacy.microsoft.com/privacystatement. Standard Contractual Clauses are used to transfer your data to Microsoft Corporation to ensure that the data is properly protected. For more information, go to https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-eu-model-clauses.
  • Payment processing provider. We ourselves do not store debit or credit card information or other payment information. We utilize third-party payment processors to manage and process payments to guarantee the security of your payment information. Our e-commerce provider (reseller) is Verifone Payments B.V. (Netherlands) and its privacy policy may be found at https://www.2checkout.com/legal/privacy/.
  • Customer Support Service. We use Zendesk, Inc (USA) for live chat support and helpdesk purposes. Zendesk may collect your username, contact information, IP address, and cookies when you opt to provide such information for customer support purposes. Please see Zendesk privacy policy (https://www.zendesk.com/company/customers-partners/privacy-policy/) for more information on their data collection and use practices.
  • Newsletters. We may use Selzy email marketing platform (Ecomz Holding Limited, Cyprus) to create and deliver newsletters. We share contact information, such as name and email address, to process that data in accordance with our instructions regarding our mailing campaigns. Please see Selzy privacy policy (https://selzy.com/en/privacy-notice/) for more information on their data collection and processing practices.
  • External accounting and bookkeeping services providers. We may use this to the extent that such disclosure is necessary to have these services provided to us.
  • Other potential third-party disclosures. Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: as required by law, such as to comply with a subpoena, or similar legal process; if we are involved in a merger, acquisition, or sale of all or a portion of our assets; to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; to investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify you about law enforcement or court ordered requests for data unless otherwise prohibited by law.
  • Anonymized information. However, we may disclose anonymized data about our Users without restriction.

As required by applicable law, we have in place Data Processing Agreement(s) with those processors that process Personal Data to ensure compliance with our obligations under applicable data protection laws and regulations.

We do not collect

We do not collect any payment information such as bank account details, credit card information, check information.

We do not ask you to provide and do not knowingly collect any special categories of Personal Data from you such as Personal Data that reveals your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade unions membership, data concerning your health, sex life, sexual orientation or history of criminal convictions.

We do not track you over time and across third-party websites or other online services for any purpose, therefore we do not respond to browser Do Not Track (DNT) signals and do not modify what information we collect or how we use that information based upon whether such signal is broadcast or received.

How and why we use your Personal Data

Purposes of processing Personal Data

We may use your Personal Data for one or more of the following purposes:

  • to present our Services to you
  • to provide you with information about our Services you request from us
  • to provide you with notices about your subscriptions, including expiration and renewal notices, quotes and invoices
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us
  • to notify you about changes or updates to our Services or Services you have purchased or that we offer
  • in any other way we may describe when you provide the information
  • and for any other purpose with your consent

Lawful basis for processing your Personal Data

We have a lawful basis for collecting and processing your Personal Data, as required by the data protection regulation of countries, and we want to demonstrate to you the purposes for which we do so.

The reasons for using your Personal Data may differ depending on the purpose of the collection. We use your Personal Data for the following purposes and on the following legal grounds:

  • Consent. By using our Services, you consent to our collection, use, and sharing of your Personal Data as described in this Privacy Policy. If you do not consent to this Privacy Policy, please do not use Services.
  • Legitimate interests. We will process your Personal Data as necessary for our legitimate interests. Specifically, our legitimate interests are to: facilitate communication between you and us; develop Services; detect and correct bugs in our Services; improve our Services; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crimes (including misappropriation of intellectual property); promote and grow our business. We do not process your Personal Data if your rights and freedoms outweigh our legitimate interests.
  • To perform our contractual services to you. We process your Personal Data to fulfill our obligations to you pursuant to our contract with you to deliver Services.
  • As required by law. We may also process your Personal Data when we are required or permitted to by law; to comply with government inspection, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.

We do not use

We do not use your Personal Data with any automated decision-making processes.

How long we store your Personal Data

We will retain your Personal Data for the entire time that you have subscriptions or contractual agreements with us. At any time, you may ask for your Personal Data to be removed by sending a request using the form: https://www.ablebits.com/support/data-protection-form.php. After the data removal, we may keep pseudonyms of your Personal Data solely for a record about the data removal.

We may retain your Personal Data:

  • for as long as necessary to comply with any legal requirement, protect our legal interests, or otherwise pursue our legal rights and remedies. We will delete your Personal Data after all such statutory data retention periods lapse
  • on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures, but in line with this Privacy Policy

However, anonymized data will be retained as long as we determine such data is commercially necessary for our legitimate business interests.

How we keep your Personal Data safe

Our steps to be secure

We have implemented reasonable administrative, technical, and physical security measures to protect your Personal Data against unauthorized access, destruction, or alteration. All data is securely encrypted with the most advanced encryption methods; connection to external web resources is protected by TSL encryption.

We host our public and internal IT-infrastructure on Amazon Web Services, Microsoft Azure Services, and Microsoft 365. These are well-known companies which have high-level data security practices. You can find more details about their security practices at https://aws.amazon.com/security/ and https://www.microsoft.com/en-us/trust-center/product-overview.

Also, we use only PCI-DSS compliant third-party payment processors to ensure the security of your payment information. You can find more information on security practices for Verifone Payments B.V. (Netherlands) at https://www.2checkout.com/certificates-and-awards/.

Your role in data safety

The safety and security of your Personal Data also depend on you. Whether we have given you or you have chosen a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you to never share your password with anyone.

Data breaches

We will notify you without undue delay after becoming aware of a Personal Data breach. Such notice will include, at a minimum:

  • description of the nature of the Personal Data breach including, where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal records concerned
  • contact details where you can get more information
  • description of the likely consequences of the Personal Data breach
  • description of the measures taken or proposed to be taken by you to address the Personal Data breach including, where appropriate, measures to mitigate its possible adverse effects

International Personal Data transfers

Whenever possible, we will try to use processors which process Personal Data within the European Economic Area ("EEA"). In case there is a need for us to use processors located outside of the EEA, United Kingdom, and Switzerland ("European Countries"), we will only disclose Personal Data to them provided that appropriate international data transfer safeguards described in the GDPR are in place.

We may transfer the information you have provided to us outside the European Countries, but only to the United States of America. Such transfer will rely on the mechanisms provided in the GDPR that allow the transfer of Personal Data outside the European Countries, including standard contractual clauses approved by the European Commission.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer and processing of your Personal Data in European Countries and the United States of America. By providing your Personal Data, you consent to any transfer and processing in accordance with this Privacy Policy.

If you have further questions about international data transfers that we make, you can contact our Privacy Team (privacy@ablebits.com).

Your rights regarding your Personal Data

Under applicable data protection laws, you have the following rights with regard to our processing of your Personal Data.

  • Access and update. You may notify us about any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
  • Restrictions. You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request that we restrict our use of your Personal Data if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing, but we have retained it as permitted by law.
  • Portability. In relation to Personal Data that you provide to us based on your consent or in order to perform a contract, you have the right to request that we provide you with a copy of, or access to, all or part of such Personal Data in a structured, commonly used, and machine-readable format.
  • Withdrawal of consent. You have the right to withdraw your consent to the processing of your Personal Data at any time by sending a request through the contact information below. Withdrawing your consent will not, however, affect the lawfulness of our processing of your Personal Data based on your consent before its withdrawal or on any other lawful basis.
  • Right to be forgotten. You have the right to request that we delete all of your Personal Data. We cannot delete your Personal Data except by also deleting your user account and revoking your licenses, and we will only delete your account when we no longer have a lawful basis for processing your Personal Data or after a final determination that your Personal Data was unlawfully processed. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this Policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. This data will be retained for the periods set forth in our disaster recovery policies.
  • Complaints. You have the right to lodge a complaint with the applicable supervisory authority ("Supervisor") in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to resolve any concerns about your privacy. A list of Supervisors is available here:

Requests under this section can be made through Data Subject Request Form (https://www.ablebits.com/support/data-protection-form.php). We will respond in the timeframes required under applicable law. Our team may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements.

Children's privacy

Our Services are not designed or intended for persons under the age of 18, and we do not knowingly collect information from children under the age of 18. If a parent or guardian becomes aware that their minor child (as defined by the applicable privacy rules or regulations pertaining to the minor child) has provided us with Personal Data without their consent, they should contact us. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating to the child's state and/or country of residence.

California privacy rights

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act ("CCPA").

For more details about the personal information we have collected over the past 12 months, please see the What information we collect section. We collect this information for the business and commercial purposes described in the How and why we use your Personal Data section. We share this information with the categories of third parties described in the Information we receive from others or shared or disclosed section.

Under the CCPA, you have the following rights in relation to the personal information we hold about you:

  • right to be informed
  • right to request deletion
  • right to opt out
  • right to disclosure
  • right to equal services and prices (non-discrimination)

We are committed to exercising your privacy rights, including the rights granted to you under the CCPA.

In accordance with the CCPA's requirements, we will not discriminate against you for exercising any of your CCPA rights. You may make a request pursuant to your rights under the CCPA by contacting us via email (privacy@ablebits.com) or by mail using the contact details set out below. We will verify your request using the information associated with your user account, including the email address. Californian consumers can also designate an authorized agent to exercise these rights on their behalf.

You may request to opt out of the sale of your personal information to third parties. The CCPA defines a sale very broadly and this includes communicating personal information to another business or a third party for non-financial gain. We will never sell your data for profit, however, where we transfer it to our partners for things like displaying personalized ads to you or to deliver improvements to our service, these uses fall within the broad definition of a "sale" under CCPA. We only engage in this kind of data transfer where we believe it benefits you by providing you with a better experience, quality of service or to deliver content that you may be interested in.

You can opt out from any practice that may lead to the sale of your Personal Data at any time. You can also contact us via email (privacy@ablebits.com) or by mail using the contact details set out below.

Changes to our Privacy Policy

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat your Personal Data, we may also notify you by email to the email address specified in your account and through a notice on Services. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting our Services and this Privacy Policy to check for any changes.

How to contact us

If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy, or have any requests related to your Personal Data pursuant to applicable laws, you can reach our Privacy Team.

By form: Data Subject Request Form (https://www.ablebits.com/support/data-protection-form.php)

By email: privacy@ablebits.com

By phone: +1 (424) 253-9944 (USA), +48 605 225 490 (Europe)

By mail:
Office Data Apps sp. z o.o.
Attn: Privacy Team
Warszawska str., 109, Office 5,
Lomianki, 05-092, Poland

Annex 1: Cookies Policy

Introduction

This Cookies Policy is designed to assist you in understanding how and why we use cookies and similar technologies in Shared Email Templates.

What are Cookies?

Cookies are small data files that are sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows our Services or a third party to recognize you and make your next visit easier and make our Services more useful to you.

Cookies can be "persistent" or "session". Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser. We use both session and persistent cookies.

You can learn more about cookies on the following third-party websites:

How do we use Cookies?

When you use and access our Services, we may place a number of cookie files in your web browser. We use Cookies for the following purposes:

  • to enable certain functions of Services
  • to collect in-house analytics for future tools and services
  • to store your preferences

This section sets out information about Cookies that we use on our Services for which we are responsible. Where Personal Data is processed by these Cookies, we are controller of that information, within the meaning of applicable data protection legislation. For an explanation of the meaning of these and other data protection legislation terms and for comprehensive information about our responsibilities when handling Personal Data and your rights in respect of any Personal Data of yours that we process, please see our Privacy Policy.

Some Cookies are placed by third-party services that appear on our pages. These third-party services may process data collected by the Cookies on our site in an aggregated form for their own purposes. We have indicated details in the Cookies declaration section.

Necessary or essential Cookies
We use necessary Cookies to operate the core functions of our Services, so that you may visit and move around the Services' website and use its features. We do not require your consent to use these Cookies, but you may be able to block these Cookies yourself on your device. You can find more information in the What are your choices regarding Cookies section. However, without these Cookies, our Services are unlikely to work as you would expect and certain services that you may ask for, for example, signing into your online account, cannot be provided.

Where we process Personal Data using these necessary Cookies, we do so on the basis of our legitimate interests to provide Services for visitors to use and to promote our business.

Non-essential Cookies
We do not use any preferences, statistic, analytical, marketing or advertising Cookies in our Services.

What are your choices regarding Cookies?

Managing use of Cookies in your browser
Many internet browsers allow you as a user to change or even delete Cookies, including strictly necessary Cookies. To find out more about how to do this, see the links for major browsers. If your browser is not listed below, go to the help pages of your specific browser for guidance.

Third parties
Any Cookies that are placed on your browsing device by a third party can be managed through your browser (as described above) or by checking the third party's website for more information about Cookies management and how to "opt out" of receiving Cookies from them.

To exercise choice regarding other technologies
There are a number of ways to exercise choice regarding technologies that are similar to cookies, such as browser storage and plugins (e.g., HTML5, IndexedDB, and WebSQL). For example, many popular browsers provide the ability to clear browser storage, commonly in the settings or preferences area; see your browser's help function or support area to learn more. Other technologies, such as Silverlight storage, may be cleared from within the application.

Please note, however, that if you delete Cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our Services pages might not display properly.

Changes to our Cookies Policy

If we make any material change to this Cookies Policy which is part of (and incorporated into) our Privacy Policy, we will post the revised Cookies Policy on our Services and update the "Effective" date above to reflect the date on which the new Policy became effective.

Cookies declaration

Necessary Cookies
We use necessary Cookies to operate the core functions of our Services.

Privacy Policies for provider:

Name Provider Purpose Expiry Type
__dbnames Ablebits Utility IDB database, contains the names of other used databases Persistent IndexedDB
email_templates_data_ID Ablebits Where ID is the user ID. IDB database, contains a local copy of downloaded teams, folders, templates, etc. Persistent IndexedDB
email_templates_data_logs Ablebits IDB database, contains log information Persistent IndexedDB
access_token Ablebits Access token Persistent HTML Local Storage
client_id Ablebits Client unique identifier Persistent HTML Local Storage
current_aid Ablebits Current application identifier Persistent HTML Local Storage
current_rid Ablebits Current data region identifier Persistent HTML Local Storage
email Ablebits User email address Persistent HTML Local Storage
id Ablebits User ID Persistent HTML Local Storage
msal.custom.accesstoken Ablebits Access token for accessing OneDrive and SharePoint Persistent HTML Local Storage
msal.custom.accesstoken.expiresIn Ablebits Lifetime of the access token that is used for accessing OneDrive and SharePoint Persistent HTML Local Storage
msal.custom.accesstoken.scope Ablebits List of the permissions that the access token used for accessing OneDrive and SharePoint is valid for Persistent HTML Local Storage
msal.custom.mailmerge.accesstoken Ablebits Access token used for Mail Merge campaigns Persistent HTML Local Storage
msal.custom.mailmerge.idtoken Ablebits ID token used for Mail Merge campaigns Persistent HTML Local Storage
msal.custom.mailmerge.accesstoken.expiresIn Ablebits Lifetime of the access token that is used for Mail Merge campaigns Persistent HTML Local Storage
msal.custom.mailmerge.accesstoken.scope Ablebits List of the permissions that the access token used for Mail Merge campaigns is valid for Persistent HTML Local Storage
msal.custom.mailmerge.code Ablebits Authorization code to request the access token used for Mail Merge campaigns Persistent HTML Local Storage
msal.sso.accesstoken Ablebits Access token for accessing OneDrive and SharePoint when SSO is enabled Persistent HTML Local Storage
msal.sso.accesstoken.expiresIn Ablebits Lifetime of the access token that is used for accessing OneDrive and SharePoint when SSO is enabled Persistent HTML Local Storage
msal.sso.scope Ablebits List of the permissions that the access token used for accessing OneDrive and SharePoint when SSO is enabled is valid for Persistent HTML Local Storage
msal.custom.msauth.accesstoken Ablebits Access token used for signing in with a Microsoft account Persistent HTML Local Storage
msal.custom.msauth.accesstoken.expiresIn Ablebits Lifetime of the access token that is used for signing in with a Microsoft account Persistent HTML Local Storage
msal.custom.msauth.accesstoken.scope Ablebits List of the permissions that the access token used for signing in with a Microsoft account is valid for Persistent HTML Local Storage
msal.custom.msauth.idtoken Ablebits ID token used for signing in with a Microsoft account Persistent HTML Local Storage
msal.msauth Ablebits Flag that indicates authentication via a Microsoft account Persistent HTML Local Storage
msal.custom.nonce Ablebits Value included in the authorization request Persistent HTML Local Storage
msal.custom.state Ablebits Value included in the authorization request Persistent HTML Local Storage
msal.custom.error Ablebits Value used to store the authentication error Persistent HTML Local Storage
msal.refreshflow Ablebits Flag that indicates that the Microsoft authentication refresh flow is used Persistent HTML Local Storage
msal.mailmerge Ablebits Flag that indicates authentication for Mail Merge campaigns Persistent HTML Local Storage
msal.issharepoint Ablebits Flag that indicates that SharePoint permissions must be used in the Microsoft authentication dialog Persistent HTML Local Storage
msal.interactionrequired Ablebits Flag that indicates that Microsoft authentication failed because of the Interaction Required error Persistent HTML Local Storage
Office API client Microsoft Part of Microsoft Outlook JS API library Persistent HTML Local Storage
reminder_ID Ablebits Where ID is the user ID. The next reminder date Persistent HTML Local Storage
role Ablebits User role Persistent HTML Local Storage
settingsData-ID Ablebits Where ID is the user ID. Add-in settings for a particular user Persistent HTML Local Storage
svgSpriteData Ablebits Set of images used in the add-in Persistent HTML Local Storage
svgSpriteRevision Ablebits Version of the set of images used in the add-in Persistent HTML Local Storage
teams_ID Ablebits Where ID is the user ID. Teams settings for a particular user Persistent HTML Local Storage
token_type Ablebits Token type Persistent HTML Local Storage
username Ablebits User name Persistent HTML Local Storage
access_token Ablebits Access token Session HTML Session Storage
app_id Ablebits A unique identifier of the application Session HTML Session Storage
client_id Ablebits Client unique identifier Session HTML Session Storage
current_aid Ablebits Current application identifier Session HTML Session Storage
current_rid Ablebits Current data region identifier Session HTML Session Storage
email Ablebits User email address Session HTML Session Storage
hostInfoValue Microsoft Part of Microsoft Outlook JS API library Session HTML Session Storage
id Ablebits User ID Session HTML Session Storage
role Ablebits User role Session HTML Session Storage
token_type Ablebits Token type Session HTML Session Storage
username Ablebits User name Session HTML Session Storage
app-id Ablebits A unique identifier of the application 3 days HTTP
Cookie
AWSALBCORS Amazon Web Services Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience 7 days HTTP
Cookie
AWSALB Amazon Web Services Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience 7 days HTTP
Cookie
io Ablebits Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience Session HTTP
Cookie
MC1 Microsoft This cookie is used for advertising, site analytics, and other operational purposes 1 year HTTP
Cookie
MS0 Microsoft Stores the session identification cookie 30 minutes HTTP
Cookie

Annex 2: Microsoft 365 Permissions for Services

Introduction

This document is designed to assist you in understanding how and why we request your permissions for part of our features in Shared Email Templates ("Services").

For basic features in our Services, we do not need permissions from you. However, when you use our Services in all power, we need your permissions for integration of our Services with your Microsoft account.

What are permissions?

To access a protected resource like email or calendar data in mailbox, our Services need the resource owner's authorization. You as resource owner can consent to or deny our Services request. You can change granted permissions at any time.

The permissions mechanism base on Microsoft identity platform provides flexible and secured implementation of access to your data from our Services while leaving you with full control.

Which Microsoft 365 permissions do we request?

We only use permissions for the following purposes:

Have full access to all files user can access

We use this permission to attach files from your OneDrive when inserting a Template into the currently composed message if this Template contains macros attaching those files.

Have full access to all files you have access to

We use this permission to attach files from your OneDrive when inserting a Template into the currently composed message.

Maintain access to data you have given it access to

This permission allows Services to send the scheduled mail merge campaign messages even if you are logged out from your account and have switched off all the devices.

Read all users' basic profiles

We use this permission to read properties of users' Microsoft work or school accounts such as users' first and last names and email addresses so that a Global Administrator in a Microsoft 365 organization can create Shared Email Templates accounts for their users by importing those users' data from Azure Active Directory and so that those users can sign in to their Shared Email Templates accounts.

Read items in all site collections

We use this permission to attach files from your SharePoint when inserting a Template into the currently composed message if this Template contains macros attaching those files.

Read mail you can access

We use this permission to read the content of the currently composed message from your personal or shared mailbox.

Read user and shared mail

We use this permission to read the content of the currently composed message from your personal or shared mailbox.

Read user mail

We use this permission to read the content of the currently composed message into which a Template is going to be inserted.

Read your mail

We use this permission to read the content of the currently composed message into which a Template is going to be inserted.

Send mail as you

This permission allows Services to send the mail merge campaign messages from your mailbox.

Send mail on behalf of others or yourself

This permission allows Services to send the mail merge campaign messages on behalf of the specified mailbox.

We do not use the content of your mailbox, OneDrive or SharePoint files other than the attachments you use in your mail merge campaign.

Sign in and read user profile

We use this permission to read your name, email address, picture, and other properties of your Microsoft personal account or your Microsoft work or school account when inserting a Template into the currently composed message.

Sign you in and read your profile

We use this permission to read your name, email address, picture, and other properties of your Microsoft personal account or your Microsoft work or school account when inserting a Template into the currently composed message.

A remark about a third-party service

The only third party that can access your data is Microsoft itself as our Services are built on Microsoft 365 extensibility technology and your Outlook account should be connected to Microsoft 365, Exchange Online, or Outlook.com.

A remark about Add-in Express

Initially, Services were developed by Add-in Express but now these Services belong to and are managed by Ablebits.com. We continue using the Add-in Express account in order not to interrupt our current users' work. Unfortunately, Microsoft does not provide an opportunity to transfer products between different vendors' accounts on Microsoft AppSource.

Post a comment

Seen by everyone, do not publish license keys and sensitive personal info!

If you have any questions or issues with this add-in, please feel free to post your concerns in the comments area. As soon as we answer, a notification message will be sent to your e-mail. If you do not want to share your thoughts in public, please contact us at support@ablebits.com.