Data Collection, IT Security and Privacy
What data do we collect for accounts?
- When you login with your Microsoft 365 (aka Office365) account to MailMerge365 your personal information is sent to us to enable our service, but we do NOT receive your password. The password for your account is only verified by Microsoft (it is never sent to us even during the login) and we simply receive a notification from Microsoft to say "MailMerge365 can trust this account". This is a principle called single sign-on. This also means that any additional security features you have activated for your Microsoft 365 (aka Office365) account (such as Two Factor Authentication) automatically also secures your data in MailMerge365, since you will only be able to login to MailMerge365 the same way you login to your Microsoft 365 (aka Office365) account.
- When you create a campaign you upload a spreadsheet of data (or re-use the data from a previous campaign). This data is stored on our servers*.
- When you send the campaign, you are actually sending an email to our servers which then starts the sending process for your campaign. The original email is stored on our servers*.
- The campaign generates an email to each of your recipients and stores this email in Microsoft 365 (aka Office365) servers (your Outlook Mailbox). The generated mail is only stored on our servers until it is sent to your account but then deleted from our servers. We do not keep the contents of each individual email.
- For campaign that use open and click tracking (optional) this metadata data (incl. some information to the person clicking, e.g. user-agent) is stored on our servers*.
*until you either delete the campaign or you delete the account. At this time the data is deleted from our production servers but will still be available in backups for the defined period of time (see below).
What data do we transmit to third parties?
- All your campaign data is transmitted to Microsoft (via Microsoft 365/Office365) upon sending the campaign (in form of the generated emails).
- Your email address, campaign subject line (or name) is transmitted to Postmark (our email provider) for the purpose of sending you your campaign result email.
- The mail contents (body, subject, links etc) are transmitted to each recipient you specify in a campaign.
What are my privacy rights?
- Regardless of any local law that may apply to you or MailMerge365, your data is always fully accessible, correct-able and delete-able. Most of this is available through your dashboard, but if you have any concerns, requests or issue don't hesitate to contact us.
- To clarify: the information stored in Microsoft 365 (aka Office365) (such as your name, email addresses and the individual sent emails in your campaign etc) are managed by Microsoft. They must be changed or deleted by using Microsoft Outlook, the Microsoft 365 (aka Office365) self service options or Microsoft support themselves.
IT Security - How is my data secured?
- MailMerge365 servers run in the same world class Microsoft data centers that Microsoft 365 (aka Office365) itself uses. You can read about the security of their data centers here. More specifically our data centers run only in Microsoft's European data centers, that is Ireland as the primary data center and the Netherlands as a backup.
- Your data runs on database services managed by Microsoft with a 35 day point in time recovery option. This means that the database is serviced and provided to the highest industry levels by Microsoft and we can recover any data that may be accidentally deleted up to 35 days in the past. There is also a long term retention policy in place which provides access to the last 12 months of data in monthly increments.
- All our databases are encrypted at rest.
- Direct access to production and to the the database (incl. any security tokens) is restricted to only the managing director.
- All technical staff and developers have multiple years of IT security experience and secure coding training.