Privacy Policy

INTRODUCTION

This Privacy Policy (“Policy”) describes how Edison Software (“Edison,” “we,” “us,” “our”), an affiliate of Yipit LLC (d.b.a. YipitData), collects, uses, and discloses information when you visit our websites or use our applications. This Policy applies to our websites at edisonmail.com, trends.edison.tech, onmail.com, and any other websites that link to or reference this Policy (collectively, the “Sites”); as well as our Edison Assistant and Edison Mail applications, the OnMail email service owned and operated by Edison Software, and any related online and offline services (collectively, the “Services”).

Please read this Policy carefully to understand how we handle information about you. By using our Services, you acknowledge that you have read and understood this Policy and that we collect, use, and share information as set forth below.

1. ABOUT THE SERVICES

Edison Mail is an application that lets you unify and better manage your email accounts by making your mail available to you in one place on your device. The Edison Mail mobile app interacts directly with your mail provider over a secure HTTPS connection to allow you to view, edit, manage, receive, and send email.

Edison Assistant is a virtual assistant application that completes tasks related to contacts, calendar, and mail.

OnMail is an email service that allows you to send and receive messages online.

By connecting your email accounts to the Services, you authorize Edison to access and process email messages in those accounts and collect, use, and disclose information from emails as described below. By connecting any other Internet accounts to the Services (for example, accounts with online retailers), you authorize Edison to collect, use, and disclose information from those accounts as described below.

2. INFORMATION WE COLLECT

We may collect the following information from and about you. You are not obliged to provide us with any information. However, certain information is required for our features and services to function. If you do not provide us with certain information, or block the collection of certain information (e.g., by disabling cookies), you may be unable to access some of our features and services.

Information You Provide to Us Directly. You directly provide Edison with personal information when you:

• Create an account. By registering for an Edison or an OnMail account, you may provide us with information including your name, username and password, photo, and email address. We may also collect preferences and demographic information from you.

• Interact with the Service. When you use the Services, we may collect information you submit through the Services, such as general app preferences such as a default view.

• Contact us. When you contact us for customer service or other purposes, we may collect information such as your name, email address, and phone number, and any other information you provide in your communications with us.

• Otherwise provide information to us. If you complete a survey, submit an online form, or otherwise provide information to us, we will collect it and use it as described in this Policy.

Information We Collect from the Services. We collect the content you create, upload, or receive when you connect your accounts to and/or use our Services, such as the emails you send or receive.

We also collect information from Internet accounts other than email that you connect to the Services. For example, you can connect certain other Internet accounts (for example, an account you have with a social media network or an online retailer) to Edison Mail so you can access information from those accounts in Edison Mail (including order details).

Information We Collect From Third Parties. We may collect information about you from third parties, including social networks, business partners, marketers, and data compilers. This information may include demographic information, information about how you have interacted with the third party providing the information to us, and interest information.

Information We Collect Automatically. We collect some information automatically when you use the Services, such as information on the type of device you use, operating system version, certain device identifiers (for example, IDFA), internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics), operating system, date/time stamp, and/or clickstream data.

We (and third parties) may automatically collect technical information about your device through cookies and similar technologies when you interact with the Services and email messages or other communications we send you. Some of these technologies (such as cookies) involve storing unique identifiers or other information on your browser or device for later use. As we and our Service Providers (defined below) adopt other technologies, we may also gather information using other methods.

Information about your browser or device. We may automatically collect certain information about your browser or device when you use the Services, such as:

• Your user, system, or device settings (for example, time zone, language, and permissions status)

• Cookie identifiers

• Mobile advertising identifier (MAID)

• Other device or online identifiers (including hashed IDs or pseudonymous IDs used by us or our partners)

• Browser or device information (for example, the name and version of your device and the operating system it is running)

• Information stored on your device or made available through your device’s services (for example, we may access your calendar or your contacts when you give us permission through your device settings)

Information about how you use our Services. We collect information regarding your use of the Services, such as:

• Your activities and transactions in using the Services

• Information about the links you click, the types of content you interact with, and the frequency and duration of your activities

• Information about your online activity directly preceding or following your use of the Services, such as whether you were “referred” to the Site through another website or shared link

• Other information about how you use our Services

Information about your internet connection. When you interact with the Services from an internet-connected device (for example, when you use our mobile app or web platform), we collect information about your Internet connection including MAC address, Internet protocol (IP) address, Internet service provider, and mobile carrier.

Location Information. We may collect or infer location information, including your approximate location derived through your device settings or IP Address, when you use the Services. We may also collect billing and/or shipping addresses through the Services.

3. HOW WE USE INFORMATION

We use the information we collect for various purposes, depending on the type of information and the Services you use, including to:

• Provide you with the Services, including to register you for an account;

• Personalize the Services, including by providing custom content;

• Research and analyze how the Services are used;

• Test and develop new products, features, and Services;

• Develop products and insights for our subscribers, using aggregate, anonymous, or de-identified information;

• Communicate with you, subject to any opt-out preferences you have communicated to us;

• Analyze and resolve technical problems and maintain security;

• To advertise and market our Services to you, including on third-party websites (subject to any opt-out preferences you have communicated to us);

• To comply with legal requirements, relevant industry standards, and our policies;

• To protect the safety, rights, property or security of Edison, our Users, employees, third parties, members of the public and/or our Services;

• To conduct sweepstakes, promotions, surveys, events, and similar activities;

• To prevent fraud and enforce our legal terms and policies; and

• For any other purpose with your consent.

Creation of De-identified Data. We process emails collected through the Services to identify those related to commercial activities, such as subscriptions, sign-ups/cancellations, account requests and confirmations, purchases, travel, reservations, event tickets, boarding passes, promotions, bills, and package shipments (and including emails you set up to auto-forward from another email account). We refer to this data as “Commercial Data.”

We may de-identify Commercial Data. Or, where permitted by applicable law, we may de-identify any other data that we collect (as described in Section 2 above), alone or in combination with other information we collect, so that it is no longer reasonably capable of being associated with you. We refer to all such data as “De-identified Data.” Edison creates and uses De-identified Data for a variety of purposes, including analytics, research, and insights, and provides it to subscribers of our commercial services.

Edison’s business processes prohibit reidentification of De-identified Data sold to our subscribers and include security controls to safeguard against breaches of such data. Edison does not attempt to reidentify De-identified Data.

Combined Information. For the purposes discussed in this Policy, we may combine the information that we collect through the Services. We may also combine information collected through the Services with information that we receive from other sources, both online and offline. We may use such combined information in accordance with this Policy.

Aggregate/Anonymous data. We may aggregate and/or anonymize any information collected through the Services. We may use aggregated or anonymized information for any purpose, including for research and marketing purposes, and we may also share such information for any purpose with any third parties, at our discretion.

4. HOW WE DISCLOSE INFORMATION

We disclose the information described above as follows.

Subscribers.We provide De-identified Data to businesses that subscribe to our commercial services. As noted above, we also prohibit subscribers from re-identifying individuals from whom De-identified Data is derived.

Service Providers & Vendors. We may disclose information to service providers (including affiliates where operate in that role) that assist our business operations, including by hosting our Services and providing email communication, customer support services, application development, data storage, maintenance, marketing, security, and analytics (“Service Providers”). This includes advertising service providers and vendors, which help us advertise our Services to you. Please see Section 6 for your choices regarding how we disclose information in this way.

Legal Compliance. We may disclose your information as permitted or required by law, including to comply with legal process served on us or our affiliates to provide information to law enforcement or regulatory agencies, or in connection with an investigation on matters related to public safety. We may also disclose your information to enforce our Terms or this Policy, take precautions against liability, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the Services, or protect the rights, property, or personal safety of ourselves or others.

Corporate Change or Business Transfer. We may transfer or assign your information in the course of a corporate diligence, change or business transfer including, but not limited to, divestitures, mergers, or dissolution. If any of our assets are sold or transferred to a third party, your information may be one of the transferred business assets.

With your permission. We may disclose your information in ways you consent to at the time of collection or as you otherwise permit us.

5. DATA RETENTION

We may retain your information for as long as your account is active or, subject to any applicable law, as needed to provide our Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

6. YOUR CHOICES TO MANAGE INFORMATION

Opt-Out of Data Provision to Subscribers. You can ask us not to provide certain information to our subscribers via the “Manage Privacy” page in the Email app settings or OnMail settings. If you do so, we will not disclose De-identified Data derived from your Commercial Data to any subscribers. Opting out or deleting your account will not remove or otherwise affect information already included in or used to develop De-identified Data, so we may continue to disclose such De-identified Data to our subscribers.

Revoke Access to Email & Social Network Accounts. Revoke Access to Email & Social Network Accounts. You may choose to disconnect your email account, social networking accounts, or other Internet accounts from our Services through your account settings. For steps on how to remove yourself from our Services please visit our FAQ pages for our Email App and for our Assistant App. If you no longer have access to your phone or your application, you can also contact your email account provider to revoke our access to your account or contact us at mailsupport@edison.tech.

Email Data Deletion. You can request deletion of any of your information collected and stored by Edison under the “Manage Privacy” settings within the Email app. For assistance with other apps, please contact us at mailsupport@edison.tech.

Unsubscribe. If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email. Alternatively, you can send us an email at mailsupport@edison.tech. requesting to unsubscribe. Please note, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services.

Push Notifications. We will send you push notifications consistent with your device permissions, which you can update at any time, for instance about new email arrival, flight and shipment status notifications. If you no longer wish to receive these types of communications, you may turn them off at the device level.

“Do Not Track”. Do Not Track (“DNT”) is a setting that users can enable in certain web browsers. DNT signals do not have a commonly agreed up meaning and we do not currently recognize or respond to DNT signals.

Tailored Advertising. We may use the information we collect in connection with the Services tailor the advertising you see. You have choices about how information about you is used to tailor the ads you see online.

On the web. Certain information we collect through the Services may be used or shared to tailor ads you see on the web. To learn more about this type of advertising or to opt out of participating companies (including certain of our advertising partners), please visit the Digital Advertising Alliance’s (DAA) opt-out program at https://www.aboutads.info/ or the Network Advertising Initiative’s (NAI) opt-out page at https://optout.networkadvertising.org/. We make no representation about the accuracy or effectiveness of these opt out mechanism.

Browser settings. You may be able to set your browser to refuse certain types of cookies or alert you when they are being used. Some browsers offer similar settings for HTML5 local storage and other technologies. Please see the “Help” section of your browser for more information. However, if you block or otherwise reject cookies or other similar technologies, certain features of the Services may not function as expected.

On your mobile device. Mobile devices often include settings to help you manage how your device collects and shares information for advertising purposes. For more information on these devices settings, please visit the Network Advertising Initiative’s mobile choice page at https://www.networkadvertising.org/mobile-choice.

Modifying your mobile device or browser settings may have different results depending on the type of device or web browser you use and the version of your device operating system. Opting out of tailored advertising does not prevent you from seeing ads online; instead, the ads you see are less likely to be customized to your interests. Opting out is generally effective only on a device-by-device, or browser-by-browser basis. If you use more than one browser or device, the effect of any opt-out mechanism may be limited to the device on which you used the mechanism.

7. SECURITY

It is your responsibility to keep your passwords private and secure. We strongly recommend against sharing your logins and passwords with others.

We use administrative, technical, and physical safeguards designed to protect information against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. We encrypt all data in transit and at rest. We take reasonable precautions to ensure the integrity and security of our network and systems. However, no security measures are perfect, so we cannot guarantee that our security measures or Services will work perfectly.

8. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

If you are a resident of certain U.S. states, you may have certain additional privacy rights. Visit our Additional Information for U.S. Residents page for more information.

9. ADDITIONAL INFORMATION FOR NON-U.S. RESIDENTS

If you are residing outside the US, please note that information collected through our Services will be transferred to and processed in the US or elsewhere. These locations may not have the same data protection laws as the country in which you used our Services.

10. ADDITIONAL INFORMATION FOR EEA AND UK RESIDENTS

If you are a resident of the UK or a European Economic Area country, you may have certain additional privacy rights. Visit our Additional Information for UK & EEA Residents page for more information.

11. CHILDREN’S PRIVACY

Our services are not directed to or intended for use by persons under the age of 16 and we do not knowingly collect or otherwise process personal information from children under the age of 16. If we become aware that a person under the age of 16 has opened an account or provided us with personal information, we will immediately delete the account and any such personal information.

12. LINKS TO OTHER SITES

Our Services may contain links to other sites that are not under our control and have their own privacy policies. Please read over the rules and policies of third-party sites before you proceed to use them. We are not responsible for the acts, omissions, or content linked on websites, and we provide these links solely for the convenience and information of our users. We make no representations as to the accuracy or suitability of information on third-party sites.

13. PRIVACY POLICY UPDATES

We may update this Policy from time to time in our sole discretion, so you should review this Policy periodically. When we change the Policy, we will update the “last revised date” at the top of this Policy. Changes to this Policy are effective when they are posted on this page. Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of the Policy.

14. GOOGLE USER DATA

Notwithstanding anything else in this Privacy Policy, consumer Gmail account information obtained via the Gmail APIs, is subject to these additional restrictions:

The Services may read, write, modify, delete or control Gmail message bodies (including attachments), metadata, headers, and settings to provide an email client that allows users to compose, send, read, delete and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

The Services will not use this Gmail data for serving advertisements.

The Services will not allow humans to read this data unless we have your affirmative agreement for specific messages, including when doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Services’ internal operations and even then only when the data have been aggregated and de-identified.

These restrictions do not apply if you have created an App password for the Services with your Google account with the 2-step verification process.

The Services’ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy.

15. ACCESS RIGHTS for UK/EU Residents

The Right to Access: You have the right to request we provide access to and/or a copy of the personal data we process about you, confirmation of whether we process personal data about you, and certain information about such personal data and/or our processing of it.

The Right to Correct: You have the right to request we correct inaccurate personal data about you.

The Right to Delete: You have the right to request we delete personal data about you if certain conditions are met.

The Right to Restrict Processing: You have the right to request we restrict our processing of personal data about you if you contest the accuracy of the personal data, the processing is unlawful, we only need the personal data to exercise and defend our legal rights, or you have exercised the right to object.

The Right to Object: You have the right to object to our processing of personal data about you based on legitimate interest or tasks carried out in the public interest.

The Right to Data Portability: You have the right to request we provide you with personal data about you in a structured, commonly used, machine-readable format, in certain situations and subject to technological limitations.

The Right to Withdraw Consent: When our processing of personal data about you is based on you consent, you have the right to withdraw consent to the processing. This does not affect our processing of personal data collected prior to your withdrawal of consent.

The Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to decisions by us that produce legal effects (or similarly significant effects) for you, and that are based solely on automated processing.
The Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. However, we encourage you to contact us first, and we will do our best to resolve your concern.

To exercise any of these rights (except the right to lodge a complaint), please complete our privacy request form.

16. EU-U.S. Data Privacy Framework with UK Extension, and Swiss-U.S. Data Privacy Framework

Edison complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Edison has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF.  Edison has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Edison is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf.  Edison complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Edison’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Edison may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Edison commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint.  These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

CONTACT US

If you have any questions about this Policy or our practices, please contact us at privacy@edison.tech or at:

Edison Software
555 Clyde Avenue, Suite 100
Mountain View, CA 94043

VeraSafe has been appointed as Yipit LLC’s and Edison Software’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.
 Unit 3D North Point House
 North Point Business Park
 New Mallow Road
 Cork T23AT2P
 Ireland