Global
Privacy/Data Protection Policy of Email Veritas Security
Technologies, Ltd.
Effective: Mar 5, 2020
Last Revised: Mar 5, 2020
1. Welcome
This privacy policy defines the way in which Email Veritas
Security Technologies Ltd. (hereinafter, the “EmailVeritas Ltd.”)
uses and protects the data that you provide us, if any, when you
use the EmailVeritas Anti-Phishing Application (hereinafter, the
“EmailVeritas”).
It may be modified or supplemented at any time by
EmailVeritas Security Technologies Ltd., in particular with a view
to complying with any legislative, regulatory, jurisprudential or
technological development. In such a case, the date of its update
will be noted at the top of this policy. These changes are binding
upon the User as soon as they are posted online. EmailVeritas ltd.
therefore invites the User to regularly consult this Privacy
Policy in order to be aware of any changes.
EmailVeritas use of information received from Gmail APIs adhere to
Google's
Limited Use Requirements.
EmailVeritas is a personalized anti-phishing solution that
allows individuals to protect their email communications against
various forms of scam. The solution involves an add-on which
extracts from the email messages aggregated message information
(lexical and syntactic) under the forms of statistics needed to
determine whether the messages are scams or legitimate.
To install and use the EmailVeritas, a user will need to
register by creating an account with EmailVeritas Ltd. When
creating this account, the user must provide their name and email
address. This is the only information needed to create an account
for a user.
The EmailVeritas reads and processes automatically the user email
messages to extract the aggregated message information needed by
our anti-phishing algorithms, but it does not store the
actual messages. The email messages are discarded after
processing and extracting the needed information.
The EmailVeritas does not collect or process sensitive
personal data that directly or indirectly reveals your racial or
ethnic origin, your political, philosophical or religious
opinions, your trade union membership, your health, or your sexual
life.
For EmailVeritas user, we store in our local server their
name, email address and credentials. In addition, we store the
destination (i.e. TO) email addresses from their SENT BOX and
originator (i.e. FROM) email addresses from their INBOX in
encrypted form using a hash algorithm. Because the abovementioned
information is encrypted using a hash algorithm, its security and
privacy are protected.
The aforementioned data represents the only information we
store.
1. EmailVeritas queries the user's inbox and then
fetches the respective email messages for further classification
as legitimate or scam. EmailVeritas uses push notifications to
receive information about new incoming email, and then fetches
the new email and classifies it.
2. EmailVeritas creates a user profile based on
the content of the email. The data used to build the user
profile consists of aggregated information like the average
number of characters, average number of words, average sentence
length in terms of words, numbers of syllables per word, total
number of misspelled words, etc.
3. EmailVeritas classifies incoming email messages
and assigns accordingly to each message a label dependent on
whether the message is legitimate or a scam.
4. EmailVeritas creates the following labels:
e.veritas:legitimate, e.veritas:warning, e.veritas:phishing, and
everitas:spam.
5. EmailVeritas cannot and does not edit or delete
user email messages.
There is no human review of email messages. All
the steps involved in the processing of the email messages are
carried out automatically by the EmailVeritas.
4.1 Gmail Users
EmailVeritas for Gmail consists of an Add-on .
The Add-on uses the following Google scopes:
- https://www.googleapis.com/auth/userinfo.email to get the
user's email address;
- https://www.googleapis.com/auth/gmail.addons.execute to
execute as an Add-on;
- https://www.googleapis.com/auth/script.locale to get the
user language. It is used to interact with the user in their
language;
- https://www.googleapis.com/auth/gmail.addons.current.message.action
to view your email messages when you interact with the add-on;
- https://www.googleapis.com/auth/gmail.labels to get the label of the current message;
- https://www.googleapis.com/auth/script.external_request
to fetch configuration information, report spam, report phishing,
and ask the server to classify a message.
The abovementioned scopes are absolutely essential for the
EmailVeritas to achieve its functionality. The name and email
address scopes are obviously required to classify emails
associated with a particular user and email account.
Further information about the Google API is available https://developers.google.com/gmail/api.
4.2 Outlook Users
EmailVeritas for Outlook consists of an Add-in which is
implemented using the following Microsoft Graph API scopes:
- https://graph.microsoft.com/User.Read to sign in and read
user profile;
- https://graph.microsoft.com/Mail.ReadWrite to fetch the
email messages from the Inbox, classifies them and assign a label
indicating whether the message is legitimate or a scam;
- https://graph.microsoft.com/MailboxSettings.ReadWrite to
list and create email labels in the user mailbox;
- https://graph.microsoft.com/openid to provide a unique
identifier for the authenticated user, i.e., a proof that the
user has successfully been authenticated and has a genuine
identity;
- https://graph.microsoft.com/offline_access to enable
offline access to data you have granted access permission to.
The abovementioned scopes are absolutely required for the
EmailVeritas to achieve its functionality. This involves getting
the user profile, fetching the email messages, and assigning
labels after classifying the messages. These operations must
happen while ensuring that the user identity is authentic.
Further information about the Microsoft Graph API is available https://docs.microsoft.com/en-us/graph/permissions-reference.
5. Information we share
EmailVeritas Ltd. is the sole recipient of your Personal
Data. This data, whether in individual or aggregated form, is
never transmitted to a third party. EmailVeritas never sell the
personal data of EmailVeritas users. We process all the data in
our local servers and we do not send any data to remote servers.
We do not share personal information or any of the data
collected or processed via EmailVeritas unless one of the
following circumstances applies:
For legal reasons. We will share personal information with
companies, organizations or individuals outside of EmailVeritas
Ltd. if we have a good-faith belief that access, use, preservation
or disclosure of the information is reasonably necessary to:
- 1. meet any applicable law, regulation, legal process or
enforceable governmental request.
- 2. enforce applicable Terms of Service, including
investigation of potential violations.
- 3. detect, prevent, or otherwise address fraud, security
or technical issues.
- 4. protect against harm to the rights, property or safety
of EmailVeritas Ltd., our users or the public as required or
permitted by law.
6. Security
EmailVeritas Ltd. is committed to protecting in an optimal
security environment your personal data. EmailVeritas Ltd. has
implemented policies that include administrative, technical, and
physical safeguards designed to help protect Personal Information
against unauthorized access, use, or disclosure. While
EmailVeritas Ltd. strives to protect your privacy, due to many
reasons, including the inherent security flaws in the Internet,
EmailVeritas Ltd. cannot guarantee the security of any
information you disclose to us and, as such, you agree that your
disclosure of such information is at your own risk.
By e-mail: info@emailveritas.com
By mail:
Email Veritas Security Technologies Ltd.
4217 Kincaid Street
Victoria, BC V8X 4K7
Canada
