Privacy Policy

Privacy Policy

This Privacy Policy is meant to help you understand how Nylas collects, uses, and shares Customer Data to operate, improve, develop, and protect Nylas’ Services. This Privacy Policy applies to Customer Data processed as a result of access to or use by our developer customers, (“Developers”, “you”, or “your”) of the Nylas API, websites (“Website”), dashboard (“Dashboard”), our API Platform (“Platform”), related tools, and other products or services (collectively, the “Services”) provided by Nylas Inc. (“Nylas”, “we”, “us”, or “our”). All capitalized terms not defined in this Privacy Policy will have the meanings set forth in the Nylas’ Terms of Service.

Introduction

At Nylas, we value customer trust above all else. As such, we strive to help our customers, our customer’s end-users, and our Website visitors maintain control of their information. This Privacy Policy explains our information practices, the kinds of information we may collect, how we intend to use and share that information, and how you can exercise choices you may have in Customer Data. Nylas processes three broad categories of personal information (known collectively as (“Customer Data”)): As a developer customer (or potential developer customer) of Nylas, you will need to provide us information to create an account and use the Services – we refer to this as “Customer Account Data.”

As a developer customer, you may provide us with personal information of your end-users who use or interact with Your Application that you’ve built on Nylas’ Platform – we refer to this information as “Customer End-User Data.”

“Restricted Customer End-User Data” is any Customer End-User Data that is synced through the following providers and syncing mechanisms: Gmail (non-G Suite) end-user accounts that have approved access to their email data through the Google Restricted Scope API ( https://mail.google.com/ ).

Nylas distinguishes between these categories of Customer Data because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end-users. If you are located in the European Economic Area, Nylas is the “controller” of your Customer Account Data and a “processor” of Customer End-User Data and Restricted Customer End-User Data.

How Nylas Processes Customer Account Data

We, Nylas, collect and process your Customer Account Data: When you visit a Nylas public-facing Website like nylas.com, sign up for a Nylas event, or make a request to receive information about Nylas or our products, like a Nylas’ white paper or a newsletter;

When you contact Nylas’ Sales Team or Customer Support Team; and

When you sign up for a Nylas’ account and use our products and Services. Broadly speaking, we use Customer Account Data to: Perform our contract with you;

Pursue our legitimate interests to: understand who our customers and potential customers are and their interests in Nylas’ products and Services, manage our relationship with you and other customers, provide you with marketing materials, perform research (including marketing research), carry out core business operations such as accounting and filing taxes, and help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services;

Comply with any legal obligations we may have; and

Carry out other uses which you have consented to.

What Customer Account Data Nylas Processes When You Visit Our Website, Sign Up for a Nylas Event, or Make a Request for Information About Nylas and Why

When you visit our Website, sign up for a Nylas’ event or request more information about Nylas, we will collect information that you submit to us (e.g., through a web form) and we will also collect information automatically using tracking technologies like cookies. We collect this information to fulfill your request, to learn more about who is interested in our products and services, to advertise to you, and to improve our Services. Information You Share Directly: In some places on Nylas’ Websites, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a marketing or a newsletter, register for a Nylas event, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer like your Nylas use case, your company name, or your role at your company. If you sign up to receive marketing communications from Nylas, like a newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from Nylas. You may also contact our Customer Support Team to communicate your choice to opt-out. Information We Collect Automatically: When you visit Nylas’ Websites, including our web forms, we and service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our Websites are using them, which pages and features of the Websites are most popular, and to tailor and deliver advertisements. This helps us understand how we can improve our Websites and track performance of our advertisements. We may use Google Analytics to collect information regarding visitor behavior and visitor demographics on our Website and Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.

What Customer Account Data Nylas Processes When You Communicate with Our Sales or Customer Support Teams and Why

If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and Services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. We will try to take appropriate measures to protect any sensitive information you share with us, but it is best to avoid sharing any personal or other sensitive information in these communications unless it is necessary for these teams to assist you.

What Customer Account Data Nylas Processes When You Sign Up for and Log into a Nylas Account and Why

When you sign up for a Nylas account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and Services. We also collect some information automatically, like your IP address, when you login to your account or when Your Application built on Nylas makes requests to our Platform. We use this to understand who is using our Services and how, and to detect, prevent and investigate fraud, abuse, or security incidents. Information You Share Directly: You can also name your account (or accounts, if you have more than one). We collect this information so we know who you are, we can communicate with you about your account(s), and we can recognize you when you communicate with us through the account portal or otherwise. We also use your email address to send you information about other Nylas products, services or events in which we think you may be interested in. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from Nylas. You may also contact our Customer Support Team to communicate your choice to opt-out. If you upgrade your trial account, we’ll ask you to provide our payment processor with your payment method information like a credit card and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and Services. Our payment processor will share your billing address with Nylas. Your billing address may also be used by Nylas for tax calculation and audit purposes. Information We Generate or Collect Automatically. When you sign up for an account with Nylas, we’ll automatically assign each of your Platform Applications unique IDs and we’ll automatically generate an API keys for each of Your Applications. These are used like a username and password to authenticate end-user accounts onto the Platform. You can use these API keys to retrieve an access token for each end-user account. We keep a record of these access tokens so we know it is you making the requests when your application makes requests to our API using these credentials. In addition, when you use our Dashboard and Platform, we collect your IP address and other information through tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience. Note that we also collect the IP address of your devices or servers when you make requests to our Platform. When you use our Platform, we also collect and process the information contained in those interactions. For more information about how personal information is processed in that context, see our API Docs. All information we collect when you sign up for a Nylas’ account and interact with the Nylas’ Dashboard or our products and Services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.

Other Customer Account Data We Collect and Why

We may collect information about you from publicly-available sources so we can understand our customer base better. We may also obtain information about your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.

How Long We Retain Your Customer Account Data

Nylas will retain your Customer Account Data as long as needed to provide you with our Services, to operate our business, and comply with applicable laws. If you ask Nylas to delete specific Customer Account Data we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.

How to Make Choices About Your Customer Account Data

Nylas provides you with various choices regarding your Customer Account Data. If you login to your Nylas’ account, you can use it the account portal to access, correct, delete Customer Account Data, and/or update your preferences. Please contact Customer Support for any other requests about your Customer Account Data you cannot make through these self-service tools. Closing Your Account and Deletion. To request closure or deletion of your Nylas’ account, you can contact Customer Support. Within 60 days following your request, Nylas will either delete your Customer Account Data or de-identify it such that it can no longer be used to identify you. You should know that closure and/or deletion of your Nylas’ account will result in you permanently losing access to your account and Customer Data in the account. Please note that certain information associated with your account may nonetheless remain on Nylas’ servers in a de-identified or aggregated form that does not identify you or your end-users. Similarly, Customer Account Data, including personal information, we are required to maintain for legal purposes or for necessary business operations (see “How Long We Retain Your Customer Account Data” section above) will be retained after account closure until no longer needed. Promotional Communications. You can choose not to receive promotional emails from Nylas by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting Customer Support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages related to things like updates to our Terms of Service or Privacy Policy, security alerts, and other notices relating to your access to or use of our products and Services. Cookies and Tracking Technologies. You may stop or restrict the placement of cookies and other similar technologies on your device or remove them by adjusting your preferences as your browser or device permits. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice. Please note you must separately opt out in each browser and on each device. “Do Not Track”. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. Other Choices About Your Customer Account Data. In addition, you can exercise other choices about your Customer Account Data (e.g., accessing it, correcting or amending it, deleting it, restricting or objecting to its use, porting it, or withdrawing consent) by contacting Customer Support. We will process such requests in accordance with applicable laws. To protect your privacy, Nylas will take steps to verify your identity before fulfilling your request. If you are an end-user of an application built on Nylas’ Platform and not a direct customer of Nylas, you should direct any requests relating to your personal information to the relevant application provider in accordance with the application provider’s own privacy policy.

How Nylas Processes Customer End-User Data

For individuals located in the European Economic Area, when Nylas processes Customer End-User Data, it acts as a “processor.” Nylas will only process Customer End-User Data at the instruction of our customers (i.e., the “controller”). You can learn more about this on our

GDPR blog. As a customer, your end-users’ personal information (“Customer End-User Data”) typically shows up on Nylas’ Platform in a few different ways: While using Your Application, end-users approve access to their data during an authentication process, and Nylas begins to sync data they have approved access to into the Platform on your (our customer’s) behalf .

Your end-users’ personal information may also be contained in the content of communications you (or your end-users) send or receive using Nylas’ products and Services.

If you use the Nylas Scheduler, Customer End-User Data will be in calendar invites that your end users submit.

What Customer End-User Data Nylas Processes and Why

We use Customer End-User Data to provide Services to you and your end-users and to carry out necessary functions of our business as a communications service provider. The Customer End-User Data Nylas processes when you, our customer, use our products and Services and the reason Nylas processes it depends on which Nylas products and Services you use and how you use those products and Services. For that reason, the API docs for each of our products and Services are the best place to find information about our processing of Customer End-User Data. Records containing Customer End-User Data may also be used in debugging or troubleshooting or in connection with investigations of security incidents, bugs, as well as for the purposes of detecting and preventing spam or fraudulent activity, and detecting and preventing network exploits and abuse.

How Long Do We Retain Customer End-User Data

Details regarding how long we retain Customer End-User Data and options around Customer End-User Data will depend on which Nylas’ products and Services you are using, how you are using them, and the duration for which you use our Services. For that reason, our API docs for each of our products and Services are the best place to find more detailed information about managing your Customer End-User Data. Please note that if you request that we delete your Customer End-User Data, it may take up to 30 days for Customer End-User Data to be completely removed from our systems. In some cases, a copy of those records, including the personal information contained in them, may be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain Customer End-User Data that has been de-identified or aggregated such that your end-user cannot be identified.

When and Why We Share Customer Data

Below are the different scenarios under which we may share Customer Data with third parties. Third-party service providers, Subprocessors, and Consultants . Nylas engages certain third-party service providers, subprocessors, and consultants to carry out certain data processing functions to provide the Services. These third parties are limited to only accessing or using Customer Data to provide services to us and must provide reasonable assurances they will appropriately safeguard Customer Data. An up-to-date list of our subprocessors is located below.

Compliance with Legal Obligations . We may disclose Customer Data to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing a death or serious bodily injury. If Nylas is required by law to disclose any personal information of you or your end-user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we may object to requests we do not believe to be valid.

Affiliates . We may share Customer Data with an affiliate company, like a subsidiary of Nylas Inc. We and our subsidiaries will only use the information as described in this Privacy Policy.

Business Transfers . If we go through a corporate sale, merger, reorganization, dissolution or similar event, Customer Data may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Nylas may continue to process Customer Data consistent with this Privacy Policy. Aggregated or De-Identified Data. Except as necessary to provide the Services, Nylas does not share any de-identified and/or aggregated Customer End-User Data with third parties. However, Nylas may share de-identified and/or aggregated Customer Account Data with third parties for a number of purposes, including research, internal analysis, analytics, and any other legally permissible purposes.

Subprocessors

Nylas uses the following subprocessors to assist in providing the Services: Sub-processor Purpose Country Amazon Web

Services Cloud Services United States Zendesk Customer Support United States ProductBoard Feature request management United States Honeycomb.io Platform Reliability Monitoring United States Rollout.io Feature Flagging & Toggle Platform United States Amplitude Product Analytics United States Nylas customers may subscribe to notifications of subprocessor updates by filling out this

form. With respect to onward transfers to agents under Privacy Shield, Privacy Shield requires that we remain liable should our agents process personal information in a manner inconsistent with the Privacy Shield Principles.

International Data Transfers

Nylas complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”), as set forth by the U.S. Department of Commerce and enforced by the U.S. Federal Trade Commission (“FTC”), regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and Switzerland to the United States. We have certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. Additionally, we may protect information through other legally valid methods, including international data transfer agreements. With respect to onward transfers to agents under Privacy Shield, Privacy Shield requires that we remain liable should our agents process personal information in a manner inconsistent with the Privacy Shield Principles. You agree that all information processed by Nylas may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request. In compliance with the Privacy Shield Principles, Nylas is committed to resolving complaints about collection or use of your personal information. We’d ask that residents of the European Union, the United Kingdom and Swiss individuals with inquiries or complaints first contact us at [email protected]. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, contact JAMS, a dispute resolutions provider which has locations in the United States and the European Union. visit

https://www.jamsadr.com/eu-us-privacy-shield. If any questions remain unresolved, you may have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see

https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over Nylas compliance with the Privacy Shield. You agree that all Customer Data processed by Nylas may be transferred, processed, and stored anywhere in the world, including but not limited to, the European Union, the United States or other countries. By providing information to Nylas, you explicitly consent to the storage in these locations, which may have privacy protections less stringent than your jurisdiction.

Security of Customer Data

We take steps to ensure that Customer Data is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.

Third Party Websites/Applications

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Website or Services. These other domains and websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

California Privacy Rights

California law permits customers who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. Except as otherwise provided in this Privacy Policy, Nylas does not share personal information with third parties for their own marketing purposes.

Supervisory Authority

California law permits customers who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. Except as otherwise provided in this Privacy Policy, Nylas does not share personal information with third parties for their own marketing purposes.

Changes to Our Privacy Policy

We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

Contact Us