מדיניות פרטיות | OneSuite

תאריך תחילה: January 18, 2026

Welcome to OneSuite! Your privacy is important to us, and we are committed to protecting and respecting your personal data. This Privacy Policy explains how Mailbluster LLC ("we", "us", or "our"), operating as OneSuite, collects, uses, discloses, stores, and protects your data when you use our services or visit our website at onesuite.io.

By using OneSuite, you consent to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use our services.

1. Information We Collect

We only collect information that is necessary for the effective and secure operation of OneSuite. We follow the principle of data minimization, collecting only what is necessary to provide our services.

1.1 Account and Identity Information

When creating an account, we collect:

  • Full name
  • Email address
  • Mailing address (if provided)
  • Phone number (if provided)
  • User ID and Business ID
  • Username, password (hashed), and account settings

1.2 Email Integration Data

When you connect your email account with OneSuite for CRM integration, we collect and store:

  • Email provider information (e.g., Microsoft Outlook)
  • Connected email account identifiers
  • Email metadata: subject line, sender and recipient addresses, CC recipients, thread ID, direction (sent/received), timestamps, and read status
  • Email content (stored in raw and/or compressed form for CRM display)

Email Sending: OneSuite allows you to send emails on your behalf directly from the CRM interface. When you send an email through OneSuite, it is transmitted via the credentials of your connected email account.

1.3 Attachment Information (Metadata Only)

Important: We do NOT store email attachment files. We only store attachment metadata, including:

  • File name
  • File size
  • MIME type
  • Provider attachment ID

Attachment files are retrieved on demand directly from your email provider when you wish to access them. This approach minimizes data storage while maintaining full functionality.

1.4 Authentication and Security Data

For email integrations, we store:

  • OAuth access tokens (encrypted)
  • OAuth refresh tokens (encrypted)
  • Token scopes and expiration information

We never collect or store your email account passwords. Authentication is performed securely via OAuth 2.0 protocols.

1.5 Payment Information

We process subscription payments through Stripe. We do not store full credit card numbers on our servers. Payment information is processed directly by Stripe in accordance with PCI-DSS compliance standards.

We may store:

  • Last four digits of payment card (for display purposes)
  • Billing address
  • Transaction history
  • Stripe customer ID

OneSuite users can connect their own payment processors (Stripe, PayPal, RazorPay, QuickPay) to accept payments from their clients. Each user is responsible for their own payment processor agreements and compliance.

1.6 Usage Data

We automatically collect certain information when you use our services:

  • IP address
  • Device information and operating system
  • Browser type and version
  • Pages visited and features used
  • Time and date of visits
  • Interaction patterns with our services

1.7 Communications

We retain records of your correspondence with us, including emails, live chats through our support system, and support tickets.

2. Information We Do NOT Collect

We do not collect or store:

  • Email account passwords
  • Email attachment file contents (metadata only)
  • Full credit card numbers
  • Government-issued ID numbers
  • Health or biometric data
  • Sensitive personal characteristics (race, religion, political views, sexual orientation, etc.)

3. How We Use Your Information

3.1 Service Provision

  • Providing and maintaining our services
  • Email synchronization, management, and CRM integration
  • Enabling email composition, replies, forwarding, and threading
  • Displaying and organizing your email history in CRM
  • Account creation and management
  • Billing and payment processing
  • Customer service

3.2 Communications

  • Sending service updates, notifications, and important announcements
  • Responding to your inquiries and requests
  • Providing technical support

3.3 Service Improvement

  • Analyzing usage data to improve our services
  • Enhancing user experience
  • Developing new features
  • Monitoring system performance and reliability

3.4 Security and Compliance

  • Protecting our services and users from fraud, abuse, and unauthorized access
  • Detecting and preventing security threats
  • Complying with legal obligations
  • Responding to lawful requests from authorities

3.5 Marketing (Optional)

With your explicit consent, we may:

  • Send you newsletters and promotional materials about our services
  • Inform you about new features and updates

You can unsubscribe from marketing communications at any time by clicking the "Unsubscribe" link in any marketing email or by contacting us directly.

4. How We Process Your Data

  • Emails are retrieved securely via official provider APIs (Microsoft Graph API for Outlook)
  • Data is stored in encrypted databases on AWS in the European Union (Ireland)
  • Access is granted only to authorized personnel on a need-to-know basis
  • Attachments are retrieved on demand only when you request them
  • OAuth tokens are encrypted and regularly rotated
  • Logs are sanitized to avoid unnecessary exposure of sensitive content

5. Information Sharing

5.1 Service Providers (Sub-processors)

We share limited data with trusted third-party service providers who assist us in operating OneSuite. These providers act strictly as data processors under our instructions and are contractually obligated to protect your data.

Provider Purpose Data Processed
Amazon Web Services (AWS) Cloud hosting and infrastructure All application data
Amazon SES Transactional emails Email address, email content
Stripe Payment processing Billing information, payment details
Google Analytics Website analytics Usage data, IP address (anonymized)
Crisp Customer support chat Name, email, chat messages

5.2 Legal Requirements

We may disclose your information to law enforcement agencies, regulatory authorities, courts, or other government bodies when required to:

  • Fulfill legal obligations
  • Respond to lawful requests (subpoenas, court orders)
  • Protect our rights and interests
  • Prevent fraud or illegal activities

5.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring company or successor organization. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5.4 What We Never Share

We do not:

  • Sell, rent, or trade your personal data to third parties
  • Share your email content with third parties for marketing purposes
  • Share OAuth tokens or authentication data
  • Use your email data to train AI models or for advertising
  • Share your data with business partners for joint promotions without your explicit consent

6. Third-Party API Compliance

6.1 Microsoft Graph API (Outlook Integration)

When you connect your Microsoft Outlook account with OneSuite, we access your email data through the Microsoft Graph API. We comply with Microsoft's API terms of use and privacy requirements.

We only access data necessary to provide email synchronization and CRM integration features, specifically:

  • Reading your emails for synchronization with your CRM
  • Sending emails on your behalf when you compose messages in OneSuite
  • Accessing your profile information to identify your connected account

You can revoke OneSuite's access to your Microsoft account at any time through your Microsoft account settings or by disconnecting the integration in OneSuite.

6.2 Google API Services (Gmail Integration)

When Gmail integration becomes available, OneSuite's use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements. You can review Google's policy at: https://developers.google.com/terms/api-services-user-data-policy

We will only use Google user data to provide and improve user-facing features that are prominently visible in the requesting application's user interface. We will not transfer this data to others except as necessary to provide and improve these features, to comply with applicable laws, or as part of a merger, acquisition, or asset sale.

7. Data Storage and Security

7.1 Data Storage Location

Your data is stored on Amazon Web Services (AWS) servers in the European Union (Ireland region, eu-west-1). This location ensures compliance with EU data protection regulations.

7.2 Technical Security Measures

We implement industry-standard security practices to protect your information:

  • Encryption at rest and in transit (TLS 1.2+)
  • Role-based access control
  • Secure secret management for OAuth tokens
  • Multi-factor authentication for system access
  • Token rotation and revocation mechanisms
  • Regular security assessments
  • Data backup and recovery systems

7.3 Organizational Security Measures

  • Access restricted to authorized personnel on a need-to-know basis
  • Security awareness training for employees
  • Incident response procedures
  • Audit logging and monitoring

Important: While we take strict measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our services.

Cookie Type Purpose Description
Essential Authentication Required to keep you logged in and maintain your session. Cannot be disabled.
Analytics Usage tracking Help us understand how you use our services (Google Analytics). Can be disabled via cookie settings.
Marketing Advertising Used to deliver relevant advertising and measure campaign effectiveness. Can be disabled via cookie settings.

You can control cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect the functionality of our services.

9. Data Retention

We retain your data only for as long as necessary to provide our services:

  • Account data: Retained as long as your account is active
  • Email integration data: Retained as long as your email account is connected
  • OAuth tokens: Stored only as long as integrations remain connected
  • Payment records: Retained in accordance with accounting and legal compliance requirements (typically 7 years)

Data Deletion

Your data will be deleted when:

  • You delete specific emails or data within the platform
  • You disconnect your email provider
  • You delete your account

When you delete your account, all associated data is immediately and permanently deleted. We do not retain your data after account deletion unless required by law.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Right of Access: Request access to the personal data we hold about you
  • Right to Rectification: Correct inaccuracies in your personal data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restriction: Restrict the processing of your personal data in certain situations
  • Right to Object: Object to the processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for processing your personal data, where applicable
  • Right to Data Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format
  • Right to Complain: File a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@onesuite.io. We will respond to your request within 30 days.

11. GDPR Compliance

For users in the European Economic Area (EEA) and the United Kingdom, we comply with the General Data Protection Regulation (GDPR). Our data practices follow these principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully and transparently
  • Purpose Limitation: We collect data only for specified, explicit purposes
  • Data Minimization: We collect only data necessary for our purposes
  • Accuracy: We keep data accurate and up to date
  • Storage Limitation: We retain data only as long as necessary
  • Integrity and Confidentiality: We ensure appropriate security of personal data

Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: Processing necessary for the performance of our contract with you (providing OneSuite services)
  • Consent: Processing based on your explicit consent (marketing communications)
  • Legitimate Interests: Processing necessary for our legitimate business interests (security, fraud prevention, service improvement)
  • Legal Obligation: Processing necessary to comply with applicable laws

12. International Data Transfers

Your data is primarily stored on AWS servers in the European Union (Ireland). However, some of our service providers may process data in other countries, including the United States.

When we transfer data outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • EU-US Data Privacy Framework certifications, where applicable

13. Security Incident Handling

In the event of a data breach affecting your personal information:

  • We will promptly investigate
  • We will notify affected users within 72 hours in accordance with GDPR requirements
  • We will take immediate steps to contain and remediate the breach
  • We will implement measures to prevent recurrence
  • We will cooperate with the relevant data protection authorities

14. Children's Privacy

OneSuite is designed for business use and is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child without parental consent, we will take steps to delete it promptly. If you believe we have inadvertently collected information from a child, please contact us immediately.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • New features or services
  • Legal or regulatory requirements

For material changes:

  • The updated policy will be published on our website
  • The effective date will be updated
  • We will notify you by email or through a prominent notice in the application

Continued use of our services after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy regularly.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Company: Mailbluster LLC (operating as OneSuite)

Email: security@onesuite.io

General Inquiries: contact@onesuite.io

Address: 2810 N Church St, Wilmington, Delaware, United States, 19802

Website: https://onesuite.io

Last Updated: January 18, 2026
© Mailbluster LLC. All rights reserved.