Authentication and Permissions
When a user installs Gmelius, we create a Gmelius account for the user and link it with the user's Google account. We ask the user for permission to connect to her or his Google account and authenticate that connection via Google Apps OAuth. This means that each users' Gmelius account has the same industry-leading login security as their Google account. Users can add 2-factor authentication via Google if they choose.
Gmelius requests access to the following Google information so that our features can work:
Read, send, delete, and manage your email
Gmelius requests these permissions so we can provide you with features like open, click, and reply tracking, shared inbox, shared labels, campaigns.
Manage your basic mail settings
Gmelius needs access to your mail settings so we can replicate your existing preferences, including email aliases and email signatures.
Manage your calendars
Gmelius enables you to synchronize your Gmelius Kanban boards with specific calendars, making possible to link a card or task with a calendar's event.
Our company's overriding policy is to collect as little user information as possible. We never store the content of your emails. Gmelius may retrieve and store your:
- Email address
- Profile picture or Gravatar
- Timezone and language
- Gmail signatures and aliases
- List of labels and calendars
- Gmelius configuration and data (e.g., subscription details, templates, notes, campaigns)
- Thread IDs, Draft IDs, Message IDs if linked to a Gmelius feature (e.g., shared label, sequence)
We also store the subject and recipients of your tracked emails in order to notify you of opens and display related activities.
We protect your data throughout the data flows of the Gmelius product, from account creation and integration through Google's OAuth service, to encryption of data in transit to Gmelius servers (using browser-based TLS) and encryption of that data at rest, to a variety of administrative, physical, and technical safeguards designed to create a secure environment for our customers' data.
We're an official Google Cloud partner and use Google Cloud Platform ("GCP") to persistently store user data meaning we do not store data on our premises. All Gmelius applications include failover and backup instances and our infrastructure respects and maintains industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, FedRAMP ATO and PCI DSS v3.2. Data in Google Cloud Platform is broken into subfile chunks for storage, and each chunk is encrypted at the storage level with an individual encryption key. The key used to encrypt the data in a chunk is called a data encryption key (DEK). Because of the high volume of keys at Google, and the need for low latency and high availability, these keys are stored near the data that they encrypt. The DEKs are encrypted with (or “wrapped” by) a key encryption key (KEK). For more information, please see Google Cloud.
All user data is tagged with a project-specific token, and a customer must have access to the corresponding API key and secret in order to retrieve that data via API. This provides logical separation between data belonging to multiple clients. Gmelius is the sole tenant on our infrastructure. A user's data may reside on database systems which house data belonging to other users, but our logical controls (token, key and secret) separates one client from another client's data.
Our Chrome extension undergoes a review process by Google's Chrome team, in accordance with Google Chromes’ Developer Program Policies. Our architecture and practices are audited every year by an independent firm, this includes external and app penetration testing; in 2019, the audit has been performed by Bishop Fox (view report).
Data Confidentiality and Retention
Access to user data by Gmelius employees is limited to an as-needed basis, e.g., to resolve customer issues. When such access is required, only personnel with a direct need will access the Gmelius-related data, and such access will be limited as much as possible. Breach of this policy by a Gmelius employee is a serious matter, requiring investigation and appropriate disciplinary action, up to and including termination as well as legal action.
A Gmelius user can delete at any time her or his Gmelius account and remove all data associated with that account from the Gmelius Account page.
Incident Response and Remediation
We monitor our systems 24/7/365 with a variety of performance measurement and error-checking tools. When problems are detected, our ops team is notified immediately, and the issues are investigated. We work closely with our hosting providers to ensure that underlying systems remain secure, and any security breaches are investigated, patched and remediated promptly.
Our system operations are logged, and the logs are stored for at least a 7-day period in the cloud. If needed, these logs may be mined to investigate incidents or to reconstruct a chain of events.
When a serious incident occurs, or a long interval of downtime is anticipated, we notify our users via our blog, Twitter and/or email. Should a security breach occur, we will promptly notify affected users of the nature and extent of the breach, and take steps to minimize any damage.