June 23, 2023
Information we collect
We collect information from you when you register on our site or fill out a form. Any data we request that is not required will be specified as voluntary or optional. When registering on our site, as appropriate, you may be asked to enter your name, e-mail address, mailing address or credit card information. You may, however, visit our site anonymously.
The information we may collect includes, without limitation:
- Service Interaction Data: IP address, details about your browser, pages that you visited before and during your visit, clicks and other information about how you use the service
- Email Account Setting Data: Account security settings, email filters, forwarding, delegating and other configuration data that contain Personal Data.
- Inbox Activity Data: New email arrival notifications, deletion notifications and email thread history that contain Personal Data.
- Email Metadata & Data for Protection: Email addresses and names of participants, email headers that contain Personal Data, metadata of emails (time sent, labels, read/unread status etc.) that are linked to Personal Data, email content, attachments and calendar events that contain Personal Data.
How we use your information
Any of the information we collect from you may be used in one of the following ways:
- We provide cloud email security service to you. We process Personal Data as necessary to perform these activities. In addition to storing and retrieving data, we carry out necessary processing to generate reports of your email account activity and help you make informed email security decisions.
- Take action on your behalf to maintain desired security properties of your email account and your data.
- To personalize your experience (your information helps us to better respond to your individual needs)
- To improve our service (we continually strive to improve our service based on the information and feedback we receive from you and external reports)
- To improve customer service (your information helps us to more effectively respond to your customer service and support needs)
Our role as exclusive data processor
If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to process this data. Our customers control the Personal Data in these cases and determine the security settings within the service, its access controls and credentials. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them.
Disclosing your information to third parties
We do not sell, trade, or otherwise transfer your Personal Data except in accordance with this policy. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses as long as it adheres to applicable data use policies (e.x. Google API Services User Data Policy).
We use sub-processors to provide us with some services that are necessary to provide the features of our website. Those subprocessors and the services they provide are listed here.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
Limited use of your cloud email data
We adhere to all restrictions and limitations defined by your email service provider. For example, Material Security's use and transfer to any other app of information received from Google Restricted scopes APIs will adhere to Google’s Google API Services User Data Policy including the Limited Use requirements.
You have certain choices about your Personal Data. Where you have consented to the processing of your Personal Data, you may withdraw that consent at any time and prevent further processing by contacting us.
Your data privacy rights
In accordance with applicable law, you may have the right to:
- Access Personal Data about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Data transferred to another party.
- Request correction of your Personal Data where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your Personal Data or we may refer you to the controller of your Personal Data who is able to make the correction.
- Request deletion of your Personal Data, subject to certain exceptions prescribed by law.
- Request restriction of or object to processing of your Personal Data, including the right to opt in or opt out of the sale of your Personal Data to third parties, if applicable, where such requests are permitted by law.
If you would like to exercise any of these rights please contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
Once you cancelled or terminated your use of our service, the Personal Data will be deleted within 30 days of the termination date, with the exception of data that is required to establish proof of a right or a contract, which will be stored for the duration provided by enforceable law.
Once deleted, your data cannot be restored.
You may also request transfer of ownership of your data upon termination by contacting us.
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your Personal Data to outside parties without your consent.
Our service is not directed to children under 17 (or other age as required by local law), and we do not knowingly collect Personal Data from children. If you learn that your child has provided us with Personal Data without your consent, you may contact us as set forth below. If we learn that we have collected any Personal Data in violation of applicable law, we will promptly take steps to delete such data and terminate the child’s account.
If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your Personal Data violates applicable law.
Material Security, Inc.
1003 Main St
Redwood City, CA 94063