We understand that you put a lot of trust in us by granting us access to your customer service inbox.
You and your customers’ privacy is important to us, therefore we have designed our platform with this in mind. We provide this statement in an attempt to be transparent about our security and privacy practices.
Our platform stores old customer service conversations and it uses these to learn from and improve the generation of draft email responses. To help you meet your ethical obligations to your customers and to stay compliant with various privacy laws, we use artificial intelligence to anonymize past email conversations before they are saved to our database.
This anonymization process removes a lot different personal identifiers such as names, email addresses, social security numbers, ids, phone numbers and addresses. We also take care to remove information related to racial or ethnic origin, political affiliations and sexual orientation.
If a conversation has been fully anonymized it is no longer regulated by the GDPR and thus can stored and processed for the purposes email draft generation without issue:
The principles of data protection should apply to any information concerning an identified or identifiable natural person. ... To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly.
- General Data Protection Regulation (GDPR) Recital 26 - https://eur-lex.europa.eu/eli/reg/2016/679/oj
In the interest of transparency we acknowledge that automated means of anonymization in some instances can be error prone or insufficient.
For this reason we give you full access to all the past conversations with your customers that we have saved to our database. You will then be able to edit these conversations and remove any identifiable information that was missed by the automated anonymization process.
To sum up: the automated anonymization process will often work well, but to stay compliant with existing privacy laws you will need to verify that this process has actually achieved full anonymity for your data.
When customers share their information with a business, they are placing their trust in that business to use it responsibly. Violating that trust damages the relationship between businesses and customers.
Maintaining privacy safeguards not only preserves the trust between businesses and their customers, but also fosters a culture of respect and integrity in the way personal information is handled, contributing to a healthier and more ethical business environment.
Therefore one must refrain from using data containing customer information in ways they do not expect or have not agreed to.
Depending on the jurisdiction you operate in, the way you use customer data may also be governed by privacy legislation such as the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Texas Data Privacy and Security Act.
Though we can not offer legal advice it is important to note that many of these laws restrict your ability to process and store customer data in various ways.
Unlock AI-powered email drafting that understands your style. Start saving time now!
We employ various methods to keep your data safe.
Infrastructure segregation is achieved through the implementation of various network security controls. These measures ensure that only authorized traffic is allowed to communicate with the components responsible for reading your inbox.
This means that while these components require internet connectivity to communicate with your inbox, they are themselves not reachable from the internet. This measure minimizes the surface area for potential attacks and enhances the overall security posture of our platform.
We utilize secure communication protocols, such as Transport Layer Security (TLS), to encrypt all data being transmitted, including communication between our platform and your inbox. This encryption ensures that sensitive information remains protected while being transmitted between our infrastructure components and while in transit over the internet.
We also employ encryption at rest - all your data on our platform, including your mailbox credentials, is stored in encrypted form.
We operate under the principle of least privilege, which means that we grant the minimum level of access and permissions necessary for users and system components to perform their designated functions.
We use the same approach for the data we store, right down to the level of individual data rows, meaning that data access is granted only to the users for who are actually supposed to have access.