Global Privacy/Data Protection Policy of Email Veritas Security Technologies, Ltd.
Effective: Mar 5, 2020
Last Revised: Mar 5, 2020
1. Welcome
This privacy policy defines the way in which Email Veritas Security Technologies Ltd. (hereinafter, the “EmailVeritas Ltd.”) uses and protects the data that you provide us, if any, when you use the EmailVeritas Anti-Phishing Application (hereinafter, the “EmailVeritas”).
It may be modified or supplemented at any time by EmailVeritas Security Technologies Ltd., in particular with a view to complying with any legislative, regulatory, jurisprudential or technological development. In such a case, the date of its update will be noted at the top of this policy. These changes are binding upon the User as soon as they are posted online. EmailVeritas ltd. therefore invites the User to regularly consult this Privacy Policy in order to be aware of any changes.
EmailVeritas use of information received from Gmail APIs adhere to Google's Limited Use Requirements.
2. Information we collect
EmailVeritas is a personalized anti-phishing solution that allows individuals to protect their email communications against various forms of scam. The solution involves an add-on which extracts from the email messages aggregated message information (lexical and syntactic) under the forms of statistics needed to determine whether the messages are scams or legitimate.
To install and use the EmailVeritas, a user will need to register by creating an account with EmailVeritas Ltd. When creating this account, the user must provide their name and email address. This is the only information needed to create an account for a user.
The EmailVeritas reads and processes automatically the user email messages to extract the aggregated message information needed by our anti-phishing algorithms, but it does not store the actual messages. The email messages are discarded after processing and extracting the needed information.
The EmailVeritas does not collect or process sensitive personal data that directly or indirectly reveals your racial or ethnic origin, your political, philosophical or religious opinions, your trade union membership, your health, or your sexual life.
3. Information we store
For EmailVeritas user, we store in our local server their name, email address and credentials. In addition, we store the destination (i.e. TO) email addresses from their SENT BOX and originator (i.e. FROM) email addresses from their INBOX in encrypted form using a hash algorithm. Because the abovementioned information is encrypted using a hash algorithm, its security and privacy are protected.
The aforementioned data represents the only information we store.
4. How we use information we collect
1. EmailVeritas queries the user's inbox and then fetches the respective email messages for further classification as legitimate or scam. EmailVeritas uses push notifications to receive information about new incoming email, and then fetches the new email and classifies it.
2. EmailVeritas creates a user profile based on the content of the email. The data used to build the user profile consists of aggregated information like the average number of characters, average number of words, average sentence length in terms of words, numbers of syllables per word, total number of misspelled words, etc.
3. EmailVeritas classifies incoming email messages and assigns accordingly to each message a label dependent on whether the message is legitimate or a scam.
4. EmailVeritas creates the following labels: e.veritas:legitimate, e.veritas:warning, e.veritas:phishing, and everitas:spam.
5. EmailVeritas cannot and does not edit or delete user email messages.
There is no human review of email messages. All the steps involved in the processing of the email messages are carried out automatically by the EmailVeritas.
4.1 Gmail Users
EmailVeritas for Gmail consists of an Add-on .
The Add-on uses the following Google scopes:
- https://www.googleapis.com/auth/userinfo.email to get the user's email address;
- https://www.googleapis.com/auth/gmail.addons.execute to execute as an Add-on;
- https://www.googleapis.com/auth/script.locale to get the user language. It is used to interact with the user in their language;
- https://www.googleapis.com/auth/gmail.addons.current.message.action to view your email messages when you interact with the add-on;
- https://www.googleapis.com/auth/gmail.labels to get the label of the current message;
- https://www.googleapis.com/auth/script.external_request to fetch configuration information, report spam, report phishing, and ask the server to classify a message.
The abovementioned scopes are absolutely essential for the EmailVeritas to achieve its functionality. The name and email address scopes are obviously required to classify emails associated with a particular user and email account.
Further information about the Google API is available https://developers.google.com/gmail/api.
4.2 Outlook Users
EmailVeritas for Outlook consists of an Add-in which is implemented using the following Microsoft Graph API scopes:
- https://graph.microsoft.com/User.Read to sign in and read user profile;
- https://graph.microsoft.com/Mail.ReadWrite to fetch the email messages from the Inbox, classifies them and assign a label indicating whether the message is legitimate or a scam;
- https://graph.microsoft.com/MailboxSettings.ReadWrite to list and create email labels in the user mailbox;
- https://graph.microsoft.com/openid to provide a unique identifier for the authenticated user, i.e., a proof that the user has successfully been authenticated and has a genuine identity;
- https://graph.microsoft.com/offline_access to enable offline access to data you have granted access permission to.
The abovementioned scopes are absolutely required for the EmailVeritas to achieve its functionality. This involves getting the user profile, fetching the email messages, and assigning labels after classifying the messages. These operations must happen while ensuring that the user identity is authentic.
Further information about the Microsoft Graph API is available https://docs.microsoft.com/en-us/graph/permissions-reference.
5. Information we share
EmailVeritas Ltd. is the sole recipient of your Personal Data. This data, whether in individual or aggregated form, is never transmitted to a third party. EmailVeritas never sell the personal data of EmailVeritas users. We process all the data in our local servers and we do not send any data to remote servers.
We do not share personal information or any of the data collected or processed via EmailVeritas unless one of the following circumstances applies:
For legal reasons. We will share personal information with companies, organizations or individuals outside of EmailVeritas Ltd. if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- 1. meet any applicable law, regulation, legal process or enforceable governmental request.
- 2. enforce applicable Terms of Service, including investigation of potential violations.
- 3. detect, prevent, or otherwise address fraud, security or technical issues.
- 4. protect against harm to the rights, property or safety of EmailVeritas Ltd., our users or the public as required or permitted by law.
6. Security
EmailVeritas Ltd. is committed to protecting in an optimal security environment your personal data. EmailVeritas Ltd. has implemented policies that include administrative, technical, and physical safeguards designed to help protect Personal Information against unauthorized access, use, or disclosure. While EmailVeritas Ltd. strives to protect your privacy, due to many reasons, including the inherent security flaws in the Internet, EmailVeritas Ltd. cannot guarantee the security of any information you disclose to us and, as such, you agree that your disclosure of such information is at your own risk.
If you have any questions regarding this Privacy Policy, EmailVeritas Ltd. may be contacted at:
By e-mail: info@emailveritas.com
By mail:
Email Veritas Security Technologies Ltd.
4217 Kincaid Street
Victoria, BC V8X 4K7
Canada