When you use the SaneBox service as an agent (e.g., an employee) of an organization, your organization is the data controller, and SaneBox is a data processor for the personal data we process for you in our Service.
And when you use the SaneBox service as an individual, SaneBox is the data controller. Legal jargon aside, our goal is to ensure that you, as a SaneBox user, are in control of how your data is processed in our Service.
Where SaneBox acts as a data controller, we rely on one or more of the following legal grounds for processing your personal data:
When SaneBox acts as a data processor, we process your personal data based on the documented instructions of our customer.
We may use personal data for the following purposes:
We may also use non-identifying and aggregated data to help improve our Service and our website.
We will delete all the personal data that you’ve previously submitted to the Service, as soon as you cancel your Service.
All email resides on the customer’s email server and is never held on SaneBox servers. SaneBox simply monitors the customers SaneBox related email folders and asks the email server to move emails accordingly.
We log and keep information on active accounts about email movement and behavior in order to debug any current issues customers may report. But, we securely remove those email activity logs older than 30 days
We securely remove customer data (that can be regenerated) from inactive accounts after 90 days. This includes any cached information about emails that did reside in the customers email server folders that SaneBox monitors.
We "cancel" accounts that have no billing relationship and have been inactive for 6 months. The customers are warned about once a month that this cancelation is pending and given directions for how to activate their accounts to avoid it.
We are required to obtain certain permissions in order for SaneBox to function. If we could ask for less, we certainly would.
A cookie is a small piece of data that a website or app stores on your computer or mobile device. We use the following types of cookies:
User‑input cookies (i.e., session ID) which are first‑party cookies that keep track of your input when filling online forms, and similar things. These cookies have a lifespan of not more than a few hours, typically.
Authentication cookies, which identify you once you’ve logged in to our web application, and which last for the duration of your session.
Multimedia content player cookies, which are used to store technical data to help play back video or audio content. These cookies usually last for the duration of your session.
Third‑party social plug‑in content‑sharing cookies (if you’re a logged‑in member of a social network).
We share personal data with our service providers, that process personal data on behalf of SaneBox. Such third parties include those providing:
Our service providers may be located outside of the United States; however, we will require that those third parties maintain at least the same level of confidentiality that we maintain for such personal data. SaneBox may be liable for the protection of your personal data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
We may disclose your personal data (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, or (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes.
We reserve the right to use and share aggregated, anonymous data, which does not include any personal data, about our Service’s users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers and customers.
If we must disclose your personal data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.
To prevent unauthorized access, to maintain the accuracy of your personal data, and to ensure that you’re in control of your personal data, we have put in place appropriate physical, technical, and administrative controls to safeguard and secure the personal data we process.
All payments and payment data submitted on our site is handled through Stripe, Paypal or Amazon payments. No such payment data is retained within our computer systems.
Protecting the privacy of the young is especially important. For that reason, we never collect or otherwise process personal data about anyone we actually know is under 13, and no part of our website is structured to attract anyone under 13.
If we process your personal data, your SaneBox profile settings enable you to:
You own the data associated with your account. We only access the envelope and header data associated with your emails. The actual body of your emails (i.e., the contents of the email message) are never downloaded or accessed by our systems.
When you cancel your SaneBox membership, we not only securely delete all data on our servers associated with your mail account but we also delete any labels or flags we might have created - so not only will we no longer have any of your data on our servers, but also your email inbox will look exactly like it did before you signed up with us.
If for any reason, SaneBox, Inc. decides to discontinue the SaneBox Service, all users will be contacted by email and their account data will be securely deleted from our servers in a timely manner.
And remember that we will only backup metadata - never the actual email envelopes. So once securely deleted, it’s practically impossible for us, or anyone else, to recover them.
VeraSafe has been appointed as SaneBox's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to SaneBox only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form.
Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Prague 1, 11002
VeraSafe Ireland Ltd
North Point House
North Point Business Park
New Mallow Road
If you are an individual in the European Union whose personal data we process, and we’re unable to resolve a privacy-related complaint you lodge with SaneBox, you may also have the right to lodge that complaint with a data protection regulator in your EU Member State, and, under certain conditions, to invoke binding arbitration.
SaneBox complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the European Economic Area to the United States. You can learn more about Privacy Shield at privacyshield.gov. We ask that you first submit any complaints about our Privacy Shield compliance directly to us via firstname.lastname@example.org.
In compliance with the Privacy Shield Principles, SaneBox commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SaneBox via email at email@example.com.
SaneBox has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. EU DPAs are the sole independent recourse mechanism for Privacy Shield.
SaneBox is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).