Post a comment
Seen by everyone, do not publish license keys and sensitive personal info!
Effective date: November 23, 2023
This document is an integral part of the Terms of Use.
This Privacy Policy applies from November 23, 2023. The previous version of this Privacy Policy, available at https://www.ablebits.com/docs/outlook-shared-templates-privacy-policy-archive-2023-08-01/, applies until then.
We value your privacy. With this policy, we set out your privacy rights and how we collect, use, disclose, transfer, and store your Personal Data in Shared Email Templates.
When we say "we", "our", or "us", we mean Office Data Apps sp. z o.o., Warszawska str., 109, Office 5, Lomianki, 05-092, Poland, which is the entity responsible for processing your Personal Data.
When we say "Services", we mean collectively Shared Email Templates web application located on https://email-templates.app, Shared Email Templates add-in for Microsoft Outlook available from Microsoft AppSource (https://www.ablebits.com/go.php?to=shared-email-templates-signup&label=privacy-policy), and Shared Email Templates backend infrastructure located on Amazon Web Services.
When we say "Personal Data", we mean all of personal data or personal information or personally identifiable information (as defined by applicable law).
Our Services allow you to create, use, and share templates for email messages ("Template" or "Templates"). Templates are the centerpiece of our Services. Your Templates are part of your Personal Data.
When we say "Cookies", we mean cookies and similar technologies referred to as "IndexedDB", "HTML Local Storage", "HTML Session Storage". These are implemented on our Services and used together with Cookies.
When we say "you", "user", or "users", we mean all of visitors, customers, and consumers that access our Services.
When processing Personal Data, we adhere to the following principles:
By accepting our Privacy Policy, you are consenting to the collection, use, and storage of Personal Data pursuant to the disclosures contained within this Privacy Policy. You may withdraw your consent at any time through the Data Subject Request Form (https://www.ablebits.com/support/data-protection-form.php) or by email at privacy@ablebits.com. If you refuse to provide such Personal Data or withdraw your consent to our processing of your Personal Data, then in some cases we may not be able to fulfill our obligations to you.
If you do not agree with our Privacy Policy, do not use our Services. By accessing or using our Services, you agree to this Privacy Policy.
When you decide to contact us, get access to a trial version of our Services, purchase a subscription, we may ask you to provide your personal details. Depending on the context, we may use this Personal Data, for example, to communicate with you, to perform an agreement concluded with you, fulfill statutory data retention obligations (e.g., resulting out of accounting law regulations or tax law or data protection regulations), inform you about our Services updates, and pursue other legitimate goals.
We may also temporarily process data which belongs to you if you want to contact our support services and decide to share Services or system logs with us. You can find more information about how we process data in the What information we collect section.
You have the right to request access and update your Personal Data and the right to be forgotten. You also have the right to have the processing of your Personal Data restricted. If the processing of your Personal Data is based on your consent, you also have the right to withdraw it at any given time. Withdrawal of your consent will not influence the lawfulness of processing based on this consent before its withdrawal. If the processing of your Personal Data is based on our legitimate interests, you also have the right to object against such processing. You can find more information about your rights in the Your rights regarding your Personal Data section.
We collect information about you when you provide it to us and when you use Services, as described below.
As you navigate through and interact with our Services, we may use automatic data collection technologies or other methods of web analysis to collect certain information about your equipment, browsing actions, and patterns, specifically:
We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy.
To support the delivery of our Services, we may use data processors with access to certain Personal Data (hereby known as "Sub-processors"). We currently use third-party Sub-processors to provide various business functions such as infrastructure, payments, customer support, newsletter delivery service, external accounting and bookkeeping services. Prior to engaging any third-party Sub-processors, we perform due diligence to evaluate their defensive posture and execute an agreement requiring each Sub-processor to maintain minimum acceptable security practices.
These parties are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. By accepting this policy, you authorize us to instruct Sub-processors to process your Personal Data in accordance with this Policy and for the purposes of using Services.
Specifically, such third parties include:
As required by applicable law, we have in place Data Processing Agreement(s) with those processors that process Personal Data to ensure compliance with our obligations under applicable data protection laws and regulations.
We do not collect any payment information such as bank account details, credit card information, check information.
We do not ask you to provide and do not knowingly collect any special categories of Personal Data from you such as Personal Data that reveals your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade unions membership, data concerning your health, sex life, sexual orientation or history of criminal convictions.
We do not track you over time and across third-party websites or other online services for any purpose, therefore we do not respond to browser Do Not Track (DNT) signals and do not modify what information we collect or how we use that information based upon whether such signal is broadcast or received.
We may use your Personal Data for one or more of the following purposes:
We have a lawful basis for collecting and processing your Personal Data, as required by the data protection regulation of countries, and we want to demonstrate to you the purposes for which we do so.
The reasons for using your Personal Data may differ depending on the purpose of the collection. We use your Personal Data for the following purposes and on the following legal grounds:
We do not use your Personal Data with any automated decision-making processes.
We will retain your Personal Data for the entire time that you have subscriptions or contractual agreements with us. At any time, you may ask for your Personal Data to be removed by sending a request using the form: https://www.ablebits.com/support/data-protection-form.php. After the data removal, we may keep pseudonyms of your Personal Data solely for a record about the data removal.
We may retain your Personal Data:
However, anonymized data will be retained as long as we determine such data is commercially necessary for our legitimate business interests.
We have implemented reasonable administrative, technical, and physical security measures to protect your Personal Data against unauthorized access, destruction, or alteration. All data is securely encrypted with the most advanced encryption methods; connection to external web resources is protected by TSL encryption.
We host our public and internal IT-infrastructure on Amazon Web Services, Microsoft Azure Services, and Microsoft 365. These are well-known companies which have high-level data security practices. You can find more details about their security practices at https://aws.amazon.com/security/ and https://www.microsoft.com/en-us/trust-center/product-overview.
Also, we use only PCI-DSS compliant third-party payment processors to ensure the security of your payment information. You can find more information on security practices for Verifone Payments B.V. (Netherlands) at https://www.2checkout.com/certificates-and-awards/.
The safety and security of your Personal Data also depend on you. Whether we have given you or you have chosen a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you to never share your password with anyone.
We will notify you without undue delay after becoming aware of a Personal Data breach. Such notice will include, at a minimum:
Whenever possible, we will try to use processors which process Personal Data within the European Economic Area ("EEA"). In case there is a need for us to use processors located outside of the EEA, United Kingdom, and Switzerland ("European Countries"), we will only disclose Personal Data to them provided that appropriate international data transfer safeguards described in the GDPR are in place.
We may transfer the information you have provided to us outside the European Countries, but only to the United States of America. Such transfer will rely on the mechanisms provided in the GDPR that allow the transfer of Personal Data outside the European Countries, including standard contractual clauses approved by the European Commission.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer and processing of your Personal Data in European Countries and the United States of America. By providing your Personal Data, you consent to any transfer and processing in accordance with this Privacy Policy.
If you have further questions about international data transfers that we make, you can contact our Privacy Team (privacy@ablebits.com).
Under applicable data protection laws, you have the following rights with regard to our processing of your Personal Data.
Requests under this section can be made through Data Subject Request Form (https://www.ablebits.com/support/data-protection-form.php). We will respond in the timeframes required under applicable law. Our team may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements.
Our Services are not designed or intended for persons under the age of 18, and we do not knowingly collect information from children under the age of 18. If a parent or guardian becomes aware that their minor child (as defined by the applicable privacy rules or regulations pertaining to the minor child) has provided us with Personal Data without their consent, they should contact us. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating to the child's state and/or country of residence.
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act ("CCPA").
For more details about the personal information we have collected over the past 12 months, please see the What information we collect section. We collect this information for the business and commercial purposes described in the How and why we use your Personal Data section. We share this information with the categories of third parties described in the Information we receive from others or shared or disclosed section.
Under the CCPA, you have the following rights in relation to the personal information we hold about you:
We are committed to exercising your privacy rights, including the rights granted to you under the CCPA.
In accordance with the CCPA's requirements, we will not discriminate against you for exercising any of your CCPA rights. You may make a request pursuant to your rights under the CCPA by contacting us via email (privacy@ablebits.com) or by mail using the contact details set out below. We will verify your request using the information associated with your user account, including the email address. Californian consumers can also designate an authorized agent to exercise these rights on their behalf.
You may request to opt out of the sale of your personal information to third parties. The CCPA defines a sale very broadly and this includes communicating personal information to another business or a third party for non-financial gain. We will never sell your data for profit, however, where we transfer it to our partners for things like displaying personalized ads to you or to deliver improvements to our service, these uses fall within the broad definition of a "sale" under CCPA. We only engage in this kind of data transfer where we believe it benefits you by providing you with a better experience, quality of service or to deliver content that you may be interested in.
You can opt out from any practice that may lead to the sale of your Personal Data at any time. You can also contact us via email (privacy@ablebits.com) or by mail using the contact details set out below.
We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat your Personal Data, we may also notify you by email to the email address specified in your account and through a notice on Services. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting our Services and this Privacy Policy to check for any changes.
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy, or have any requests related to your Personal Data pursuant to applicable laws, you can reach our Privacy Team.
By form: Data Subject Request Form (https://www.ablebits.com/support/data-protection-form.php)
By email: privacy@ablebits.com
By phone: +1 (424) 253-9944 (USA), +48 605 225 490 (Europe)
By mail:
Office Data Apps sp. z o.o.
Attn: Privacy Team
Warszawska str., 109, Office 5,
Lomianki, 05-092, Poland
This Cookies Policy is designed to assist you in understanding how and why we use cookies and similar technologies in Shared Email Templates.
Cookies are small data files that are sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows our Services or a third party to recognize you and make your next visit easier and make our Services more useful to you.
Cookies can be "persistent" or "session". Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser. We use both session and persistent cookies.
You can learn more about cookies on the following third-party websites:
When you use and access our Services, we may place a number of cookie files in your web browser. We use Cookies for the following purposes:
This section sets out information about Cookies that we use on our Services for which we are responsible. Where Personal Data is processed by these Cookies, we are controller of that information, within the meaning of applicable data protection legislation. For an explanation of the meaning of these and other data protection legislation terms and for comprehensive information about our responsibilities when handling Personal Data and your rights in respect of any Personal Data of yours that we process, please see our Privacy Policy.
Some Cookies are placed by third-party services that appear on our pages. These third-party services may process data collected by the Cookies on our site in an aggregated form for their own purposes. We have indicated details in the Cookies declaration section.
Necessary or essential Cookies
We use necessary Cookies to operate the core functions of our Services, so that you may visit and move around the Services' website and use its features. We do not require your consent to use these Cookies, but you may be able to block these Cookies yourself on your device. You can find more information in the What are your choices regarding Cookies section. However, without these Cookies, our Services are unlikely to work as you would expect and certain services that you may ask for, for example, signing into your online account, cannot be provided.
Where we process Personal Data using these necessary Cookies, we do so on the basis of our legitimate interests to provide Services for visitors to use and to promote our business.
Non-essential Cookies
We do not use any preferences, statistic, analytical, marketing or advertising Cookies in our Services.
Managing use of Cookies in your browser
Many internet browsers allow you as a user to change or even delete Cookies, including strictly necessary Cookies. To find out more about how to do this, see the links for major browsers. If your browser is not listed below, go to the help pages of your specific browser for guidance.
Third parties
Any Cookies that are placed on your browsing device by a third party can be managed through your browser (as described above) or by checking the third party's website for more information about Cookies management and how to "opt out" of receiving Cookies from them.
To exercise choice regarding other technologies
There are a number of ways to exercise choice regarding technologies that are similar to cookies, such as browser storage and plugins (e.g., HTML5, IndexedDB, and WebSQL). For example, many popular browsers provide the ability to clear browser storage, commonly in the settings or preferences area; see your browser's help function or support area to learn more. Other technologies, such as Silverlight storage, may be cleared from within the application.
Please note, however, that if you delete Cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our Services pages might not display properly.
If we make any material change to this Cookies Policy which is part of (and incorporated into) our Privacy Policy, we will post the revised Cookies Policy on our Services and update the "Effective" date above to reflect the date on which the new Policy became effective.
Necessary Cookies
We use necessary Cookies to operate the core functions of our Services.
Privacy Policies for provider:
Name | Provider | Purpose | Expiry | Type |
---|---|---|---|---|
__dbnames | Ablebits | Utility IDB database, contains the names of other used databases | Persistent | IndexedDB |
email_templates_data_ID | Ablebits | Where ID is the user ID. IDB database, contains a local copy of downloaded teams, folders, templates, etc. | Persistent | IndexedDB |
email_templates_data_logs | Ablebits | IDB database, contains log information | Persistent | IndexedDB |
access_token | Ablebits | Access token | Persistent | HTML Local Storage |
client_id | Ablebits | Client unique identifier | Persistent | HTML Local Storage |
current_aid | Ablebits | Current application identifier | Persistent | HTML Local Storage |
current_rid | Ablebits | Current data region identifier | Persistent | HTML Local Storage |
Ablebits | User email address | Persistent | HTML Local Storage | |
id | Ablebits | User ID | Persistent | HTML Local Storage |
msal.custom.accesstoken | Ablebits | Access token for accessing OneDrive and SharePoint | Persistent | HTML Local Storage |
msal.custom.accesstoken.expiresIn | Ablebits | Lifetime of the access token that is used for accessing OneDrive and SharePoint | Persistent | HTML Local Storage |
msal.custom.accesstoken.scope | Ablebits | List of the permissions that the access token used for accessing OneDrive and SharePoint is valid for | Persistent | HTML Local Storage |
msal.custom.mailmerge.accesstoken | Ablebits | Access token used for Mail Merge campaigns | Persistent | HTML Local Storage |
msal.custom.mailmerge.idtoken | Ablebits | ID token used for Mail Merge campaigns | Persistent | HTML Local Storage |
msal.custom.mailmerge.accesstoken.expiresIn | Ablebits | Lifetime of the access token that is used for Mail Merge campaigns | Persistent | HTML Local Storage |
msal.custom.mailmerge.accesstoken.scope | Ablebits | List of the permissions that the access token used for Mail Merge campaigns is valid for | Persistent | HTML Local Storage |
msal.custom.mailmerge.code | Ablebits | Authorization code to request the access token used for Mail Merge campaigns | Persistent | HTML Local Storage |
msal.sso.accesstoken | Ablebits | Access token for accessing OneDrive and SharePoint when SSO is enabled | Persistent | HTML Local Storage |
msal.sso.accesstoken.expiresIn | Ablebits | Lifetime of the access token that is used for accessing OneDrive and SharePoint when SSO is enabled | Persistent | HTML Local Storage |
msal.sso.scope | Ablebits | List of the permissions that the access token used for accessing OneDrive and SharePoint when SSO is enabled is valid for | Persistent | HTML Local Storage |
msal.custom.msauth.accesstoken | Ablebits | Access token used for signing in with a Microsoft account | Persistent | HTML Local Storage |
msal.custom.msauth.accesstoken.expiresIn | Ablebits | Lifetime of the access token that is used for signing in with a Microsoft account | Persistent | HTML Local Storage |
msal.custom.msauth.accesstoken.scope | Ablebits | List of the permissions that the access token used for signing in with a Microsoft account is valid for | Persistent | HTML Local Storage |
msal.custom.msauth.idtoken | Ablebits | ID token used for signing in with a Microsoft account | Persistent | HTML Local Storage |
msal.msauth | Ablebits | Flag that indicates authentication via a Microsoft account | Persistent | HTML Local Storage |
msal.custom.nonce | Ablebits | Value included in the authorization request | Persistent | HTML Local Storage |
msal.custom.state | Ablebits | Value included in the authorization request | Persistent | HTML Local Storage |
msal.custom.error | Ablebits | Value used to store the authentication error | Persistent | HTML Local Storage |
msal.refreshflow | Ablebits | Flag that indicates that the Microsoft authentication refresh flow is used | Persistent | HTML Local Storage |
msal.mailmerge | Ablebits | Flag that indicates authentication for Mail Merge campaigns | Persistent | HTML Local Storage |
msal.issharepoint | Ablebits | Flag that indicates that SharePoint permissions must be used in the Microsoft authentication dialog | Persistent | HTML Local Storage |
msal.interactionrequired | Ablebits | Flag that indicates that Microsoft authentication failed because of the Interaction Required error | Persistent | HTML Local Storage |
Office API client | Microsoft | Part of Microsoft Outlook JS API library | Persistent | HTML Local Storage |
reminder_ID | Ablebits | Where ID is the user ID. The next reminder date | Persistent | HTML Local Storage |
role | Ablebits | User role | Persistent | HTML Local Storage |
settingsData-ID | Ablebits | Where ID is the user ID. Add-in settings for a particular user | Persistent | HTML Local Storage |
svgSpriteData | Ablebits | Set of images used in the add-in | Persistent | HTML Local Storage |
svgSpriteRevision | Ablebits | Version of the set of images used in the add-in | Persistent | HTML Local Storage |
teams_ID | Ablebits | Where ID is the user ID. Teams settings for a particular user | Persistent | HTML Local Storage |
token_type | Ablebits | Token type | Persistent | HTML Local Storage |
username | Ablebits | User name | Persistent | HTML Local Storage |
access_token | Ablebits | Access token | Session | HTML Session Storage |
app_id | Ablebits | A unique identifier of the application | Session | HTML Session Storage |
client_id | Ablebits | Client unique identifier | Session | HTML Session Storage |
current_aid | Ablebits | Current application identifier | Session | HTML Session Storage |
current_rid | Ablebits | Current data region identifier | Session | HTML Session Storage |
Ablebits | User email address | Session | HTML Session Storage | |
hostInfoValue | Microsoft | Part of Microsoft Outlook JS API library | Session | HTML Session Storage |
id | Ablebits | User ID | Session | HTML Session Storage |
role | Ablebits | User role | Session | HTML Session Storage |
token_type | Ablebits | Token type | Session | HTML Session Storage |
username | Ablebits | User name | Session | HTML Session Storage |
app-id | Ablebits | A unique identifier of the application | 3 days | HTTP Cookie |
AWSALBCORS | Amazon Web Services | Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience | 7 days | HTTP Cookie |
AWSALB | Amazon Web Services | Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience | 7 days | HTTP Cookie |
io | Ablebits | Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience | Session | HTTP Cookie |
MC1 | Microsoft | This cookie is used for advertising, site analytics, and other operational purposes | 1 year | HTTP Cookie |
MS0 | Microsoft | Stores the session identification cookie | 30 minutes | HTTP Cookie |
This document is designed to assist you in understanding how and why we request your permissions for part of our features in Shared Email Templates ("Services").
For basic features in our Services, we do not need permissions from you. However, when you use our Services in all power, we need your permissions for integration of our Services with your Microsoft account.
To access a protected resource like email or calendar data in mailbox, our Services need the resource owner's authorization. You as resource owner can consent to or deny our Services request. You can change granted permissions at any time.
The permissions mechanism base on Microsoft identity platform provides flexible and secured implementation of access to your data from our Services while leaving you with full control.
We only use permissions for the following purposes:
We use this permission to attach files from your OneDrive when inserting a Template into the currently composed message if this Template contains macros attaching those files.
We use this permission to attach files from your OneDrive when inserting a Template into the currently composed message.
This permission allows Services to send the scheduled mail merge campaign messages even if you are logged out from your account and have switched off all the devices.
We use this permission to read properties of users' Microsoft work or school accounts such as users' first and last names and email addresses so that a Global Administrator in a Microsoft 365 organization can create Shared Email Templates accounts for their users by importing those users' data from Azure Active Directory and so that those users can sign in to their Shared Email Templates accounts.
We use this permission to attach files from your SharePoint when inserting a Template into the currently composed message if this Template contains macros attaching those files.
We use this permission to read the content of the currently composed message from your personal or shared mailbox.
We use this permission to read the content of the currently composed message from your personal or shared mailbox.
We use this permission to read the content of the currently composed message into which a Template is going to be inserted.
We use this permission to read the content of the currently composed message into which a Template is going to be inserted.
This permission allows Services to send the mail merge campaign messages from your mailbox.
This permission allows Services to send the mail merge campaign messages on behalf of the specified mailbox.
We do not use the content of your mailbox, OneDrive or SharePoint files other than the attachments you use in your mail merge campaign.
We use this permission to read your name, email address, picture, and other properties of your Microsoft personal account or your Microsoft work or school account when inserting a Template into the currently composed message.
We use this permission to read your name, email address, picture, and other properties of your Microsoft personal account or your Microsoft work or school account when inserting a Template into the currently composed message.
The only third party that can access your data is Microsoft itself as our Services are built on Microsoft 365 extensibility technology and your Outlook account should be connected to Microsoft 365, Exchange Online, or Outlook.com.
Initially, Services were developed by Add-in Express but now these Services belong to and are managed by Ablebits.com. We continue using the Add-in Express account in order not to interrupt our current users' work. Unfortunately, Microsoft does not provide an opportunity to transfer products between different vendors' accounts on Microsoft AppSource.
Post a comment
Seen by everyone, do not publish license keys and sensitive personal info!