Privacy Policy

Dec 21ST, 2021

Introduction

This Privacy Policy (“Policy”) describes how Edison Software (“Edison,” “we,” “us,” “our”) collects, uses, and discloses information when you visit our websites or use our applications. This Policy applies to our websites at Edison.tech, mail.edison.tech, assistant.edison.tech, trends.edison.tech, OnMail.com, and any other websites that link to or reference this Policy (collectively, the “Sites”); as well as our Edison Assistant and Edison Mail applications, the OnMail email service owned and operated by Edison Software, and any related online and offline services (collectively, the “Services”).

Please read this Policy carefully to understand how we handle information about you. By using our Services, you acknowledge that you have read and understood this Policy and that we collect, use, and share information as set forth below.

About the Services

Edison Mail is an application that lets you unify and better manage your email accounts by making your mail available to you in one place on your device. The Edison Mail mobile app interacts directly with your mail provider over a secure HTTPS connection to allow you to view, edit, manage, receive, and send email.

Edison Assistant is a virtual assistant application that completes tasks related to contacts, calendar, and mail.

OnMail is an email service that allows you to send and receive messages online.

By connecting your email accounts to the Services, you authorize Edison to access and process email messages in those accounts and collect, use, and disclose information from emails as described below. By connecting any other Internet accounts to the Services (for example, accounts with online retailers), you authorize Edison to collect, use, and disclose information from those accounts as described below.

About the Services

Information You Provide to Us Directly. You directly provide Edison with personal information when you:

  • Create an account. By registering for an Edison or an OnMail account, you may provide us with information including your name, username and password, photo, and email address. We may also collect preferences and demographic information from you.

  • Interact with the Service. When you use the Services, we may collect information you enter through the Services.

  • Contact us. When you contact us for customer service or other purposes, we may collect information such as your name, email address, and phone number, and any other information you provide in your communications with us.

  • Otherwise provide information to use. If you complete a survey, submit an online form, or otherwise provide information to us, we will collect it and use it as described in this Policy.

Information We Collect from the Services. We collect the content you create, upload, or receive when using our Services. This may include, for example, the email messages you send and receive. We also collect information from Commercial Messages (“Commercial Data”). “Commercial Messages” are emails you receive (including those you set up to auto-forward from another email account) from businesses related to commercial activities such as subscriptions, sign-ups/cancellations, account requests and confirmations, purchases, travel, reservations, event tickets, boarding passes, promotions, bills, and package shipments.

We also collect information from Internet accounts other than email that you connect to the Services (for example, an account you have with a social media network or an online retailer). For example, you can connect certain other Internet accounts to Edison Mail to access select information from those accounts in Edison Mail (including order details).

Information We Collect From Third Parties. We may collect information about you from third parties, including social networks, business partners, marketers, and data compilers. This information may include demographic information, information about how you have interacted with the third party providing the information to us, and interest information.

We (and third parties) may automatically collect technical information about your device through cookies and similar technologies when you interact with the Services and email messages or other communications we send you. Some of these technologies (such as cookies) involve storing unique identifiers or other information on your browser or device for later use. As we and our Service Providers (defined below) adopt other technologies, we may also gather information using other methods.

  • Information about your browser or device. We may automatically collect certain information about your browser or device when you use the Services, such as:

    • Your user, system, or device settings (for example, time zone, language, and permissions status)

    • Cookie identifiers

    • Mobile advertising identifier (MAID)

    • Other device or online identifiers (such hashed IDs or other pseudonymous IDs used by us or our partners)

    • Browser or device information (for example, the name and version of your device and the operating system it is running)

    • Information stored on your device or made available through your device’s services (for example, we may access your calendar or your contacts when you give us permission through your device settings)

    • In some cases, credentials (in an encrypted format)

  • Information about how you use our Services. We collect information regarding your use of the Services, such as:

    • Your activities and transactions in using the Services

    • Information about the links you click, the types of content you interact with, and the frequency and duration of your activities

    • Information about your online activity directly preceding or following your use of the Services, such as whether you were “referred” to the Site through another website or shared link

    • Other information about how you use our Services

  • Information about your internet connection. When you interact with the Services from an internet-connected device (for example, when you use our mobile app or web platform), we collect information about your Internet connection including MAC address, Internet protocol (IP) address, Internet service provider, and mobile carrier.

  • Location Information. We may collect location information, including your approximate location derived through your device settings or IP Address, when you use the Services. We may also collect billing and/or shipping addresses through the Services.

How We Use Information

We use the information we collect for various purposes, depending on the type of information and the Services you use, including to:

  • Provide you with the Services, including to register you for an account;

  • Personalize the Services, including by providing custom content;

  • Research and analyze how the Services are used;

  • Test and develop new products, features, and Services;

  • Communicate with you, subject to any opt-out preferences you have communicated to us;

  • Analyze and resolve technical problems and maintain security;

  • To advertise and market our Services to you, including on third-party websites (subject to any opt-out preferences you have communicated to us);

  • To comply with legal requirements, relevant industry standards, and our policies;

  • To protect the safety, rights, property or security of Edison, our Users, employees, third parties, members of the public and/or our Services;

  • To conduct sweepstakes, promotions, surveys, events, and similar activities;

  • To prevent fraud and enforce our legal terms and policies; and

  • For any other purpose with your consent.

Combined Information. For the purposes discussed in this Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Policy.

Aggregate/De-identified/Anonymous data. We may aggregate, de-identify and/or anonymize any information collected through the Services so that such information is no longer reasonably capable of being associated with you. We may use aggregated or anonymized information for any purpose, including for research and marketing purposes, and we may also share such information for any purpose with any third parties, at our discretion.

Edison’s business processes prohibit reidentification of de-identified information in the Commercial Data sold to our subscribers and include security controls to safeguard against breaches of both personal information and the deidentified information in Commercial Data. Edison does not attempt to reidentify de-identified information contained in the Commercial Data sold to our subscribers, nor allows our subscribers to.

How We Share Information

We disclose the information described above as follows.

Subscribers.We share Commercial Data with businesses that subscribe to our commercial services. We do not share Commercial Data containing personal information – information that could directly or indirectly identify you – with such subscribers. We also prohibit subscribers from attempting to re-identify individuals from whom Commercial Data is derived.

Service Providers & Vendors. We may share information with service providers that assist our business operations, including by hosting our Services and providing email communication, customer support services, application development, data storage, maintenance, marketing, security, and analytics (“Service Providers”).

Advertising. We may share information about you with advertising service providers and vendors in order to advertise our Services to you. Please see Section 6 for your choices regarding how we share information in this way.

Legal Compliance. We may disclose your information as permitted or required by law, including to comply with legal process served on us or our affiliates to provide information to law enforcement or regulatory agencies, or in connection with an investigation on matters related to public safety. We may also disclose your information to enforce our Terms or this Policy, take precautions against liability, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the Services, or protect the rights, property, or personal safety of ourselves or others.

Legal Compliance. We may disclose your information as permitted or required by law, including to comply with legal process served on us or our affiliates to provide information to law enforcement or regulatory agencies, or in connection with an investigation on matters related to public safety. We may also disclose your information to enforce our Terms or this Policy, take precautions against liability, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the Services, or protect the rights, property, or personal safety of ourselves or others.

Corporate Change or Business Transfer. We may also transfer or assign your information in the course of a corporate change or business transfer including, but not limited to, divestitures, mergers, or dissolution. If any of our assets are sold or transferred to a third party, your information may be one of the transferred business assets.

With your permission. We may share your information in ways you consent to at the time of collection or as you otherwise permit us.

Data Retention

We may retain your information for as long as your account is active or, subject to any applicable law, as needed to provide our Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Your Choices to Manage Information

Opt-Out of Data Sharing for Subscribers. You can ask us not to share certain information with our subscribers via the “Manage Privacy” page in the Email app settings or OnMail settings. If you do so, we will not share Commercial Data derived from your use of the Services with any subscribers.

Revoke Access to Email & Social Network Accounts. You may choose to disconnect your email account, social networking accounts, or other Internet accounts from our Services through your account settings. For steps on how to remove yourself from our Services please visit our FAQ pages for our Email App and for our Assistant App. If you no longer have access to your phone or your application, you can also contact your email account provider to revoke our access to your account or contact us at mailsupport@edison.tech.

Email Data Deletion. You can request deletion of any of your information collected and stored by Edison under the “Manage Privacy” settings within the Email app. For assistance with other apps, please contact us at mailsupport@edison.tech.

Unsubscribe. If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email. Alternatively, you can send us an email at mailsupport@edison.tech. requesting to unsubscribe. Please note, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services.

Push Notifications. We will send you push notifications consistent with your device permissions, which you can update at any time, for instance about new email arrival, flight and shipment status notifications. If you no longer wish to receive these types of communications, you may turn them off at the device level.

“Do Not Track”. Do Not Track (“DNT”) is a setting that users can enable in certain web browsers. DNT signals do not have a commonly agreed up meaning and we do not currently recognize or respond to DNT signals.

Tailored Advertising. We may use the information we collect in connection with the Services tailor the advertising you see. You have choices about how information about you is used to tailor the ads you see online.

  • On the web. Certain information we collect through the Services may be used or shared to tailor ads you see on the web. To learn more about this type of advertising or to opt out of participating companies (including certain of our advertising partners), please visit the Digital Advertising Alliance’s (DAA) opt-out program at https://www.aboutads.info/ or the Network Advertising Initiative’s (NAI) opt-out page at https://optout.networkadvertising.org/. We make no representation about the accuracy or effectiveness of these opt out mechanism.

  • Browser settings. You may be able to set your browser to refuse certain types of cookies or alert you when they are being used. Some browsers offer similar settings for HTML5 local storage and other technologies. Please see the “Help” section of your browser for more information. However, if you block or otherwise reject cookies or other similar technologies, certain features of the Services may not function as expected.

  • On your mobile device. Mobile devices often include settings to help you manage how your device collects and shares information for advertising purposes. For more information on these devices settings, please visit the Network Advertising Initiative’s mobile choice page at https://www.networkadvertising.org/mobile-choice.

Modifying your mobile device or browser settings may have different results depending on the type of device or web browser you use and the version of your device operating system. Opting out of tailored advertising does not prevent you from seeing ads online; instead, the ads you see are less likely to be customized to your interests. Opting out is generally effective only on a device-by-device, or browser-by-browser basis. If you use more than one browser or device, the effect of any opt-out mechanism may be limited to the device on which you used the mechanism.

Security

It is your responsibility to keep your passwords private and secure. We strongly recommend against sharing your logins and passwords with others.

We use administrative, technical, and physical safeguards designed to protect information against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. We encrypt all data in transit and at rest. We take reasonable precautions to ensure the integrity and security of our network and systems. However, no security measures are perfect, so we cannot guarantee that our security measures or Services will work perfectly.

Additional Information for California Residents

This notice applies to residents of California for compliance with the California Consumer Privacy Act of 2018 (“CCPA”). Edison does not sell and will not sell your personal information, including in the past 12 months, regardless of your age. Edison shall not discriminate against you in any way should you exercise your rights under the CCPA.

USE AND SHARING
Edison collects, uses, and discloses your personal information as follows:

Description of Personal Information

Collected in last 12 months?

Commercial or Business Purpose

Source

Categories of 3rd Parties we share your personal information with

Identifiers such as a real name, postal address, email address, account name, or other similar identifiers.

Yes

Provide Edison Apps to You

Send emails to you to notify you about changes to our Services or new Edison services.

Creation of Commercial Data

Your accounts connected with the Edison Apps

Service Providers, Email Service Companies, Government Entities (upon subpoena).

Any categories of personal information described in subdivision (e) of Section 1798.80.

Includes name, physical address

Yes

Only to provide the Edison Apps to you.

Your accounts connected with the Edison Apps

Service Providers, Email Service Companies, Government Entities (upon subpoena).

Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

Provide the Edison Apps to you

Creation of Commercial Data

Your accounts connected with the Edison Apps

Service Providers, Email Service Companies, Government Entities (upon subpoena).

For additional details regarding the categories of personal information we collect and the categories of sources from which we collect them, please refer to Section 2 of this Policy. For more information about the purposes for which we use the personal information we collect, please refer to Section 3 of this Policy. For more information about how we share the personal information we collect, please refer to Section 4 of this Policy.

The contents of the emails you send and receive through the Services may contain other types of personal information. The full contents of all your emails from third-party email providers (such as Gmail or Yahoo Mail) are accessible to you on your device through the Edison Mail or OnMail apps, but are not collected, used, or disclosed by Edison except as described in this Policy. The OnMail email service is offered directly by Edison. Edison stores the emails you send and receive using the OnMail service on its own servers and processes that information as described in this Policy.

INFORMATION ABOUT YOUR RIGHTS UNDER CCPA

Terms used in this Section and not otherwise defined have the meaning given to them under the California Consumer Privacy Act (“CCPA”). California law requires us to provide some additional information regarding your rights with respect to your “personal information.” In many cases, if you are a California resident, the CCPA gives you the right to make certain requests about your personal information.

  • Right to Know. You have the right to request that we disclose what personal information we collect, use, disclose, and sell.

  • Deletion Rights. You have the right to request deletion of your personal information. See the Section above titled “Your Choices to Manage Information” for options and processes for deleting your personal information. Deletion requests require a two-step process, first by making the request, then a second confirmation either via a response from your email account or a second confirmation inside the Services.

  • Verification. Edison verifies requests made via email by first sending a confirmation email to the account connected with the Services. If a request is made on your device from within the Services, then the request for data may be confirmed via a pop-up in the Services. Verification may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information.

  • Who may make a request. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf as your agent, may make a request related to your personal information. You must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

  • Denials. If we are unable to verify the request, the request is unlawful, or exceeds your rights under the CCPA, we may deny the request. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you or to comply with legal obligations, so we would need to either reject your request to delete the information or, if we are legally permitted to delete it, we would need to terminate our provision of the Services to you after deleting it.

  • Non-Discrimination. You have the right not to receive discriminatory treatment by Edison for the exercise of your privacy rights under the CCPA.

To make a request, contact Edison via email at mailsupport@edison.tech. You may also delete your stored data through the Edison Mail app by navigating to the app settings, selecting the “Manage Privacy” option, and then selecting “Delete Stored Data.” To delete your stored data through the OnMail app by navigating to the app settings, selecting the “Security & Privacy” option, and then selecting “Delete My Account”.

California “Shine the Light” Disclosure The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the sharing of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes within the meaning of that law.

Additional Information for non-U.S. Residents

If you are residing outside the US, please note that information collected through our Services will be transferred to and processed in the US or elsewhere. These locations may not have the same data protection laws as the country in which you used our Services.

Additional Information for EEA and UK Residents

This Section only applies to residents of the European Economic Area (EEA) and United Kingdom (UK). For purposes of the EU General Data Protection Regulation (“GDPR”) and the UK GDPR, Edison is a data controller as defined in these laws with regard to any data we collect from and about you that can be used to personally identify you (“Personal Data”).

Your Rights. Residents of the EEA and UK have certain rights regarding Personal Data, including the right to request:

  • Access to your personal information. You can access this right via your account or by contacting us using the information at the end of this Policy.

  • Correction of inaccurate Personal Data. You can access this right via your account or by contacting us using the information at the end of this Policy.

  • To opt out of our sharing of certain personal information with others. You can access this right via your account or by contacting us using the information at the end of this Policy.

  • Deletion your Personal Data from the Services, if (1) the data is no longer necessary for the purpose for which it was collected, (2) you withdraw consent and no other legal basis for processing exists, or (3) you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing. To exercise this right, see the “Manage Privacy” settings within the Email app. For assistance with other Services, please contact us atmailsupport@edison.tech.

  • That your Personal Data be transmitted from us to another data controller in a structured, commonly used, and machine-readable format, where technically feasible. To exercise this right, contact us using the information at the end of this Policy.

When we process your Personal Data based on your consent, you also have the right to withdraw consent at any time. Please note that your withdrawal of consent to collect and process your Personal Data will not affect the lawfulness of processing your personal information based on your consent before you withdraw your consent.

You also have the right to lodge a complaint with the appropriate supervisory authority. If you are an EEA resident, you have the right to lodge a complaint with the appropriate relevant data protection supervisory authority in your EEA country of residence, found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. If you are a UK resident, you have the right to lodge a complaint with the Information Commissioner’s Office.

Legal Basis for Personal Data Processing. As explained above, we use Personal Data in various ways depending on your use of and/or participation in our Services. We may process your Personal Data in reliance upon one or more of the following legal bases, depending on the circumstances: (1) with your consent; (2) as necessary to perform our agreement to provide the Services; (3) to comply with legal obligations; (4) where necessary to protect the vital interests of any individuals; or (5) where we have a legitimate interest.

International Data Transfers. All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws. We may process personal data related to European residents and may transfer that information outside their country of residence through various compliance mechanisms, including data processing agreements that include the EU/EEA Standard Contractual Clauses. For more information about the transfer mechanisms we use, please contact us.

Privacy Shield Notice. Edison complied with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce while they were in effect. On July 16, 2020, the Privacy Shield was struck down by the Court of Justice of the European Union. Edison will continue to apply Privacy Shield protections to Personal Data it collected under the Privacy Shield.

Children’s Privacy

Our services are not directed to or intended for use by persons under the age of 16 and we do not knowingly collect or otherwise process personal information from children under the age of 16. If we become aware that a person under the age of 16 has opened an account or provided us with personal information, we will immediately delete the account and any such personal information.

Links to Other Sites

Our Services may contain links to other sites that are not under our control and have their own privacy policies. Please read over the rules and policies of third-party sites before you proceed to use them. We are not responsible for the acts, omissions, or content linked on websites, and we provide these links solely for the convenience and information of our users. We make no representations as to the accuracy or suitability of information on third-party sites.

Privacy Policy Updates

We may update this Policy from time to time in our sole discretion, so you should review this Policy periodically. When we change the Policy, we will update the “last revised date” at the top of this Policy. Changes to this Policy are effective when they are posted on this page. Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of the Policy.

Google User Data

Notwithstanding anything else in this Privacy Policy, consumer Gmail account information obtained via the Gmail APIs, is subject to these additional restrictions:

  • The Services may read, write, modify, delete or control Gmail message bodies (including attachments), metadata, headers, and settings to provide an email client that allows users to compose, send, read, delete and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

  • The Services will not use this Gmail data for serving advertisements.

  • The Services will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Services’ internal operations and even then only when the data have been aggregated and de-identified.

These restrictions do not apply if you have created an App password for the Services with your Google account with the 2-step verification process.

The Services’ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy.

Contact Us

If you have any questions about this Policy or our practices, please contact us at privacy@edison.tech or at:

Edison Software
555 Clyde Avenue, Suite 100
Mountain View, CA 94043