Privacy Policy

What Do We Store

When you connect your account to us we need to store someinformation so we can communicate with your storage provider.

They do not give us your password - just a token which we canuse to access your storage when you send emails in.

We keep your name on file to improve your experience on thissite.

We store any preferences you set for your account.

We keep a count of attachments you send in for statisticalpurposes.

What Don't We Store

We never store the contents of your emails. Those simplypass through our servers directly to your storage provider without ever touching our own hard drives [*].

We don't store any information about who sent the attachments in.

Canada Based

We are based in Canada, and our data centre is located in theGreater Toronto Area. Your storage provider however is likely located in the USA.

[*] The one exception to this currently is Skydrive. Theirupload API does not provide the options to allow us to stream directly to their servers. We will change this when they fix their API. To support Skydrive we need to write a temporary file to disk which is deleted immediately.

Data Sharing and Disclosure

When you connect a storage provider, we transmit your files andthe OAuth access token for your account directly to that provider's servers. The third-party services we integrate with include:

  • Google Drive (Google LLC)
  • Microsoft OneDrive / SkyDrive (Microsoft Corporation)
  • Dropbox (Dropbox, Inc.)
  • Egnyte (Egnyte, Inc.)
  • SoundCloud (SoundCloud Global Limited & Co. KG)

We do not sell, rent, or share your personal information orGoogle user data with any other third parties, advertisers, or analytics services.

We may disclose data if required to do so by law or in responseto valid legal process.

Data Protection

We take the following measures to protect your data:

  • All data transmitted between your browser, our servers, andyour storage provider is encrypted using HTTPS / TLS.
  • OAuth tokens stored in our database are kept in an access-controlled environment. Direct database access is restricted to authorised server processes only.
  • We do not log or persist the contents of your emails orattachments on our infrastructure.
  • You can revoke our access to your Google account at any timevia your Google Account security settings.

Data Retention and Deletion

We retain your account data (name, OAuth tokens, andpreferences) for as long as your account remains active.

If you wish to delete your data, you may:

  • Contact us at privacy@emailitin.com to request deletion of your account and all associated data.
  • Revoke our OAuth access directly from your storageprovider's security settings (e.g. Google Account permissions). Revoking access removes our ability to store files to your account; contact us to also remove your stored profile information.

Upon a verified deletion request we will remove your personalinformation from our active systems within 30 days.