About this Policy
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
What information we collect about you
We collect information about you when you provide it to us, when you use our Services, and from certain third parties as further described below.
Information to set up Canary Mail: The information Canary accesses and collects depends on the way you use it. By default, Canary does not collect or store the content of your personal email messages, whether incoming or outgoing.
In order to function properly, Canary Mail for Mac and for iOS accesses your name, email address, credentials (such as OAuth access tokens for email servers which support them), and email content. All of this information is stored on your device and is never transferred to our servers.
The only scenario in which we will temporarily store this data is if users of Canary Mail for iOS choose to enable Push notifications when they receive email. In that case, Canary will temporarily store your email address, credentials, sender, subject line, and first line of the message on our server. All data is cleared from our server when notifications are disabled on Canary Mail for iOS or when a user switches from using Push notifications to Fetch mode, in which case all data is stored on the device.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service.
Device and Connection Information: If analytics is enabled, we may analyze information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We analyze information through your device about your operating system, anonymized IP address, device info & identifiers, in-app events, and crash data. If you choose to use our customer support features provided by third-party vendors, we may use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience.
Cookies and Other Tracking Technologies: We include a number of scripts such as cookies and web beacons from third-party vendors on our website. These scripts may gather data for web statistics or be used to identify a returning visitor, and URLs of referring/exit pages. We do not utilize cookies directly for any purpose.
Other services you link to Canary: You can choose to sync features such as preferences, accounts, and signatures, across devices via your personal iCloud account. You can also opt-out and delete all data stored on iCloud at any time. We do not collect any information when users choose to integrate Canary Mail with third-party services such as Google Drive or Dropbox.
How we use the data we collect
Below are the specific purposes for which we use the information we collect about you.
To provide the Services: We use information about you to provide the Services to you, authenticate you when you log in, provide customer support, and operate and maintain the Services. If a Canary Mail for iOS user chooses to receive Push notifications when they receive email, Canary will temporarily store the sender, subject, and first line of the message on our server. This information is then deleted as soon as the notification is delivered. Users desiring to maximize their security can use Fetch notifications on Canary Mail for iOS, in which case your email is fetched from and stored directly on your device.
For research and development: We are always looking for ways to make our Services smarter, faster, more secure, integrated, and useful to you. We use collective learnings about how people use our Services and feedback provided directly to identify which features and preferences users find most useful, to refine the user interface, and to guide further application development. We use device identifiers only to assess performance of our inbound marketing campaigns.
To communicate with you about the Services: If you sign up to receive news from Canary, we may send you emails regarding our latest products and services. You may unsubscribe at any time. We may also deliver a few helpful Push notifications to help you discover new features. You may opt out of these notifications via in-app settings.
Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we may use information about you in connection with legal claims, compliance, regulatory functions, and disclosures in connection with the acquisition, merger or sale of a business.
Legal bases for processing
We collect and process information about EU residents only where we have legal bases for doing so under applicable EU laws. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
How we share information we collect
We are not in the business of selling information about you to advertisers or other third parties. We only share information with the following third parties who help us operate, provide, improve, integrate, support, and market our Services.
Service Providers: We work with third-party service providers to provide for usage analytics, hosting and backend infrastructure, infrastructure monitoring, customer support and other services, which may require them to access or use information about you. In particular, we use:
- Google Analytics: We use Google Analytics to understand application use. Users’ location and device information is collected via anonymized IP addresses and is only available in aggregate, meaning that it cannot be traced to any individual user.
- Firebase: We use Firebase to store anonymized unidirectional hashes that facilitate the implementation and cross-device syncing of certain features such as read-tracking.
- Crashlytics: We use Crashlytics for crash reporting. Crash reports do not contain any individual data such as names, email addresses, or IP addresses.
- Intercom: We use Intercom to deliver customer support via our website and mobile versions. When you use the chat feature to receive technical support, Intercom collects certain information such as your IP address and information which can be derived from it, such as approximate geographical location.
- AppsFlyer (iOS only): We use AppsFlyer provide us with install attribution analytics, which helps us to identify the effectiveness of inbound marketing campaigns. AppsFlyer analyzes users’ IP addresses, device information, and IDFA.
If a service provider needs to access information about you to perform services on our behalf, they do so under appropriate Data Processing Agreements, which include policies and procedures designed to protect your information. All of our third-party service providers have taken steps to comply with the GDPR.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Canary, our users or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Information storage and security
Our data is stored in a secure ISO 270001 certified and FINMA RS 08/7 compliant data center. While we implement cutting-edge encryption and other safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information
We retain your information for as long as you utilize the Services. We do not store any personal data after you cease using Canary, but data collected by third-party vendors such as Google Analytics may remain with them as per their data processing policies, which are compliant with GDPR.
Under the GDPR, if you are an EU citizen you have the right:
- to access your personal data
- to be provided with information about how your personal data is processed
- to have your personal data corrected
- to have your personal data erased in certain circumstances
- to object to or restrict how your personal data is processed
- to receive a copy of your data in a machine-readable format
- to take any complaints about how we process your data to the Data Protection Authority in your country.
How we transfer information we collect internationally
The information we collect is stored on our servers in Switzerland. Switzerland has been recognized by the European Commission as offering and an adequate level of data protection such that personal data can flow from the EU to that country without any need for further safeguards.
Our policy towards children
The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services.
Your information is controlled by Mailr Tech LLP. You may direct any questions regarding this policy to: info [at] canarymail.io.