[Last updated on January 31th, 2020]
All capitalized terms that are not otherwise defined herein obtain their meaning from the Terms.
What Information Do We Collect?
Our primary purpose in collecting personal information from you is to provide you with a safe, smooth, efficient, and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our service to make your experience safer and easier. We only collect personal information about you that we consider necessary for achieving this purpose.
Personal and Identifying Information
Users of the Application must provide the requested contact and identity information and other personal information as indicated where appropriate on the Application. Where possible, on these forms we indicate which fields are required and which fields are optional. In addition, as you use the Application, you can from time to time enter or send to us personal information.
The Application allows Users to connect their Google mail or SMTP accounts to manage their email Campaigns. By connecting your email accounts, additional information may be shared with ScopeLeads.
You always have the option to not provide certain personally identifying information by choosing not to become a User or by not using the particular feature of the Application for which the information is being collected.
Credit Card Information
If you have selected to pay by credit card, PayPal or Stripe, we may collect credit card information for payment and billing purposes.
Information Collected Automatically
Information Collected from Third Parties
We may receive and store information that is received from third parties that interact in some way with the Application or Services or that provide services to us. The third-party applications that operate the Email Marketing may, if you permit, share your personal information and data with ScopeLeads for the Application to run. For example, the Application may use your Gmail API, IMAP and SMTP credentials to connect your email inbox and generate emails. ScopeLeads may also analyze incoming emails to detect replies from sales prospects or changes in preferences. See Gmail API and Limited Use sections below for more on this.
How We Use Your Information
We may use personal information in the file we maintain about you, and other information we obtain from your current and past activities on the Application, to provide to you the Services; resolve service disputes; troubleshoot problems; deliver information to you that, in some cases, is relevant to your interests; customize your experience; detect and protect us against error, fraud and other criminal activity; enforce our Terms; provide you with system or administrative messages, and as otherwise described to you at the time of collection.
We may also use personal information and other information about you to improve our marketing and promotional efforts, to analyze Application usage, to improve our content and product offerings, and to customize the Application’s content, layout, and services. These uses improve the Application and better tailor it to meet your needs, to provide you with a smooth, efficient, safe and customized experience while using the Application.
Please see our Terms for information on what we do to account information when you terminate your account with us.
Our Disclosure of Your Information
The following describes some of the ways that your information may be disclosed in the normal scope of business to provide our services:
Anonymized Aggregated Data. We may aggregate and anonymize data and use and disclose such information for a variety of purposes, including analytics. However, in these situations, we do not disclose any information that could be used to identify you personally.
Gmail API Limited Use. By authorizing and connecting your Gmail account to the Gmail API through ScopeLeads Google App, or with the Nylas Sync Engine Google App, you are giving access to us in order to properly send and read emails on your behalf.
Here are the specifics for each “restricted scope” you agree to when you sync authorize Gmail:
This authorizes us to send emails on your behalf, through your Gmail account. This is automated and what and when you send is only controlled by you.
This authorizes our servers to read your emails. We do not read emails manually and we do not store your emails anywhere. The only thing we look for in the emails is the message-id in the header so that we can reply to emails in the same thread, as well as track if you received a reply to any of your emails sent through our app.
This authorizes us to send email on your behalf using the XOAUTH 2 method which sends email through SMTP. The reason you would use this is to keep our Google App ID out of your message headers and keep full control of your email reputation.
We will always ask for your permission before accessing your ScopeLeads account to test email sending on your behalf.
- – The App will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- – The App will not use this Gmail data for serving advertisements.
- – The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.
Subsidiaries and Affiliates; Service Providers. We may from time to time use the services of affiliates, subsidiaries and unrelated service providers in the operation of the Application and the provision of our Services, and may disclose personal information to them during our use of their services. For example, we may use the services of third-party hosting companies to host the operation of the Application and the Services. This may involve the hosting of data, including personal information, on servers operated by those hosting companies. We may also use service providers to process payments of Users who wish to pay by credit card. We take care to use only service providers that we believe are reputable and able to live up to our and your expectations, including about the handling of confidential information. We will never share your private Gmail data with third party affiliates, service providers, or subsidiaries.
Sale of Business
We may also disclose personal information to the acquirer or its agents in the course of the sale of our business. If we do this, the disclosure will be subject to confidentiality arrangements customary in such transactions.
Storing or Processing Your Data Outside of Canada
Finally, please note that in some cases, personal information that we collect may be stored or processed outside of Canada. In such cases, we continue to protect the information with appropriate safeguards, but it may be subject to the legal jurisdiction of those countries and governmental authorities in those countries.
Correcting and Updating Your Personal Information
Users may review, delete and update your personal information to ensure it is accurate through the Application. Alternatively, Users may contact us at email@example.com to update or delete their personal information.
The Services are not intended for children under the age of eighteen (18). ScopeLeads does not target its Services or the Application to children under eighteen (18). ScopeLeads does not knowingly collect personal information from children under the age of eighteen (18).
If applicable, your ScopeLeads User Account is protected by a password for your privacy and security. You must prevent unauthorized access to your account by selecting and protecting your password appropriately, and limiting access to your device.
While we strive to protect your information and data we cannot guarantee the security of your User Account information. Unauthorized entry or use, hardware or software failure and other factors, may compromise the security of User information at any time.
Incident Response Plan
In the event of a security incident, ScopeLeads staff have been trained to expeditiously deal with the matter. ScopeLeads staff are trained on a yearly basis to recognize anomalies in the systems they regularly utilize, and to report any such anomalies as soon as possible to the Incident Response Manager so the Incident Response Team can be mobilized. Throughout the year the Incident Response Manager and members of the Incident Response Team are kept up to date on the latest security threats and trained in modern techniques of incident remediation.
ScopeLeads will ensure that:
– incidents are reported in a timely manner and can be properly investigated
– incidents are handled by appropriately authorised and skilled personnel
– appropriate levels of management are involved in the determination of response actions
– incidents are recorded and documented
– the impact of the incidents are understood and action is taken to prevent further damage
– external bodies or data subjects are informed as required
– the incidents are dealt with in a timely manner and normal operations restored
– the incidents are reviewed to identify improvements in policies and procedures
The purpose of this policy is to establish a framework for classifying data based on its sensitivity, value and criticality to the organization, so sensitive corporate and customer data can be secured appropriately.
All data at ScopeLeads shall be assigned one of the following classifications. Collections of diverse information should be classified as to the most secure classification level of an individual information component with the aggregated information.
Restricted: Data in any format collected, developed, maintained or managed by or on behalf of ScopeLeads, or within the scope of ScopeLeads’ activities, that are subject to specific protections under federal or state law or regulations or under applicable contracts.
Sensitive: Data whose loss or unauthorized disclosure would impair the functions of ScopeLeads, cause significant financial or reputational loss or lead to likely legal liability.
Open: Data that does not fall into any of the other information classifications. This data may be made generally available without specific information owner’s designee or delegate approval.
User Account Deletion
Account Deletion Policy Accounts providing e-mail capability, web server space, and other functions are created and maintained for active users at ScopeLeads.
If, at any time, ScopeLeads records indicate that the holder of the account has not been active for a period exceeding 15 days, the account is subject to deactivation and subsequent scheduled deletion.
Users who are scheduled for account deactivation or deletion but believe they have received a deactivation notice in error should contact the ScopeLeads live support, either through a live chat or email.
As a provider of security software, services, and research, we take security issues very seriously and recognize the importance of privacy, security, and community outreach. As such, we are committed to addressing and reporting security issues through a coordinated and constructive approach designed to drive the greatest protection for technology users.
When properly notified of legitimate issues, we’ll do our best to acknowledge your emailed report, assign resources to investigate the issue, and fix potential problems as quickly as possible.
Once we have received a vulnerability report, ScopeLeads takes a series of steps to address the issue:
ScopeLeads requests the reporter keep any communication regarding the vulnerability confidential.
ScopeLeads investigates and verifies the vulnerability.
ScopeLeads addresses the vulnerability and releases an update or patch to the software. If for some reason this cannot be done quickly or at all, ScopeLeads will provide information on recommended mitigations.
ScopeLeads publicly announces the vulnerability in the release notes of the update. ScopeLeads may also issue additional public announcements, for example via social media, our blog, and media. Release notes (and blog posts when issued) include a reference to the person/people who reported the vulnerability, unless the reporter(s) would prefer to stay anonymous.
ScopeLeads will endeavor to keep the reporter apprised of every step in this process as it occurs.
Other Information Collectors
Managing Communications with ScopeLeads
All communications made by ScopeLeads to Users shall comply with all anti-spam legislation and regulation. Users may manage their communication preferences and will be able to unsubscribe from all communications with ScopeLeads by clicking the appropriate links contained in the footer of all marketing communications made by ScopeLeads.
You may also manage your communication preferences by emailing ScopeLeads at firstname.lastname@example.org.
It is our goal to make our privacy practices easy to understand. If you have questions, concerns or if you would like more detailed information, please email us at email@example.com.