Shared Email Templates for Microsoft Outlook & Gmail
Privacy, security, and data safety notes
The protection of your personal information is our priority. We want you to feel safe while using our Shared Email Templates for Microsoft Outlook & Gmail ("Shared Email Templates" or "SET"). However, Shared Email Templates would not work if we didn't collect certain data. On this page, you can find detailed information on what data we collect, how we protect it, and where we store it.
What data we collect
Personal data
When you create an account, you provide your first and last name, username, email address, and password. We collect this information so that you can sign in to your account.
Templates
While creating a template for email messages, appointments, signatures, and mail merge, you enter its name, description, and the template itself. All this information is saved so that you can use your templates.
Note. When you attach files or insert pictures from any cloud storage to your templates, we do not save your files and credentials for these storages (OneDrive, or SharePoint, or Google Drive). These files and pictures are transferred from your cloud storage to the currently opened message when you insert your templates, directly without us — any our services or code — in the middle.
Teams
We save the names of your teams, descriptions, members, their email addresses, and teammates permissions.
Cookies
We use cookies and/or similar technologies to operate the core functions of Shared Email Templates. You can find more information in Privacy Policy (https://www.ablebits.com/docs/shared-templates-privacy-policy/#annex-one).
Activity
We save the date and time when you last started the SET add-in or SET Chrome extension to identify accounts that are inactive, inform users who have inactive accounts, and delete such accounts.
Communications
When you contact our customer support service, we keep all your email and chat messages.
Required permissions for Shared Email Templates for Outlook
Your use of our products does not give us access to any sensitive personal data stored in your Microsoft account such as physical address or credit card details.
Depending on the Shared Email Templates feature you're going to use for the first time, you'll get the corresponding permissions request like the one in the screenshot below:
We use each of the permissions granted by you for a specific purpose. Please see detailed descriptions of required permissions in Privacy Policy (https://www.ablebits.com/docs/shared-templates-privacy-policy/#annex-two).
How you can revoke the granted permissions
If you have a Microsoft work or school account
Follow instructions available on the Microsoft Support website on the Edit or revoke application permissions in the My Apps portal help page.
If you have a personal Microsoft account
- Go to https://account.microsoft.com/account and sign in to your account.
- Select Privacy > App Access.
- Next to Shared Email Templates, select Details.
- In the dialog that will appear, select Stop sharing.
Required permissions for Shared Email Templates for Gmail
Your use of our products does not give us access to any sensitive personal data stored in your Google account such as physical address or credit card details.
Depending on the Shared Email Templates feature you're going to use for the first time, you'll get the corresponding permissions request like the one in the screenshot below:
We use each of the permissions granted by you for a specific purpose. Please see detailed descriptions of required permissions in Privacy Policy (https://www.ablebits.com/docs/shared-templates-privacy-policy/#annex-three).
How you can revoke the granted permissions
If you no longer want our Extension to have access to your Google account, you can delete the access you've given to Extension:
- Make sure you’re signed into your Google account.
- Open all third-party apps and services that you shared data with: https://myaccount.google.com/connections
- Find and select Shared Email Templates for Gmail in the list.
- Scroll to the bottom and select Delete all connections you have with Shared Email Templates for Gmail > Remove all access > Confirm.
Where we store the collected data
All your templates are stored in an encrypted cloud-based database hosted by Amazon Web Services. This is a protected storage inside an isolated private network. All data can only be accessed through the template sharing service, the core back-end service of Shared Email Templates.
When you create an encrypted team, you add one more layer of encryption. In this case, all templates are encrypted with the AES symmetric-key algorithm before being saved to the cloud database. Please note, you are the only person who knows the Team Password and passes the password to your teammates in a safe way.
Also, SET stores local copies of your templates (the local templates cache) in the following locations on your devices:
- web browser local storage in case of the Shared Email Templates web app or the Shared Email Templates add-in running in Outlook on the web (Outlook Online)
- Outlook cache in case of the Shared Email Templates add-in running in your desktop Outlook.
- in your web browser local storage in case of the Shared Email Templates web app or the Shared Email Templates extension running from Chrome Web Store.
The local templates cache is isolated and not accessible by other browser extensions or Outlook add-ins. We store the local templates cache unencrypted because of the performance reasons. Otherwise we would have to decrypt templates each time you start Shared Email Templates, which would dramatically increase its startup time.
The local templates cache is refreshed with each change in templates, e.g. if your teammate creates a new template, the new template goes to the cache.
How it works
Shared Email Templates is designed and built taking care of your privacy and security; it is architected and developed following the zero-trust and privacy-by-design principles. The diagram below explains how Shared Email Templates works for the main use case — inserting a template into the email message you are writing. Your mail, attachments, images, and other Outlook or cloud-based data stay on your device and on your cloud storage. No data is sent to Shared Email Templates services or any 3rd-party service, and all actions and transformations are done locally, in your Outlook.
It works the exact same way when you use the extension from your Gmail:
- A user starts the Shared Email Templates add-in or Chrome extension.
- From the Shared Email Templates services, the add-in/extension loads and decrypts the user's and a team's templates, as well as profile and team properties.
- The user inserts the selected template into the currently opened email message.
- The add-in/extension parses the template and its macros.
- From Outlook or Gmail, the add-in/extension reads the current email message if macros referring to the message content are found.
- From Azure Active Directory, the add-in/extension reads the user's properties if macros referring to AD properties are found.
- The add-in/extension asks Outlook or Gmail to attach files or insert pictures if the Attach or InsertPicture macro is found.
- The add-in/extension changes email message fields if corresponding macros are found.
- The add-in/extension inserts the processed template into the current cursor position.
- The add-in/extension replaces the current signature (if there's any) with the signature embedded into the template.
What data others collect, but we don't
We do not collect any payment information, such as bank account details, credit card information, and check information.
You might find that Microsoft Office telemetry is run together with the Shared Email Templates app and add-in. This is because we use Microsoft's office.js framework.
Who can access your personal data at our office
We develop and test our products on specially created testing configurations, so access to your personal data is very limited and only a few people at our office have permissions.
However, no one has permissions to access your templates and passwords, including your personal password and Team Passwords.
Read-only access (provided on request only) is given to a few of our core engineers and only in case they need to figure out some complex technical thing.
Read-only access is provided to our senior system administrator to perform online monitoring and periodic maintenance of our servers and services.
Read-only access to your data is also given to our customer support service and sales specialists. They need your personal data to assist you when you contact us with related questions.
Note. Please be prepared that our customer support service team may ask you to send them the HTML code of your template if they think the problem is in it. However, we will never ask for your password or Team Passwords.
How we control access to your data at our office
We make a lot of effort to keep your data safe. Firstly, we restrict physical access to our office and to our computers with door locking, access control systems, alarm system, and surveillance facilities. Secondly, we restrict access to our systems by using central management of system access, no guest accounts policy, password and authentication policies.
Also, we control access to data with the help of differentiated access rights, access rights defined according to duties, measures to prevent the use of automated data-processing systems by unauthorized persons.
To prevent unauthorized access, data alteration and disclosure, all our communication channels are encrypted using virtual private networks for remote access, transport and communication of data. All our sub-networks are joined into a wholly-owned private network. Finally, all our computers are protected with antivirus software and firewall systems.
You can find detailed information on our technical and organizational security measures in our Data Processing Agreement at https://www.ablebits.com/docs/shared-templates-dpa/#annex-two.
How to erase your data
To remove your data, simply delete all the teams where you are the administrator, and then delete your account in the Profile section. To have all your communications with us removed from our systems, please contact our customer support service.
How you can make sure that everything above is true
You can see all the information that is sent to our services and storages with your own eyes with the help of the Fiddler tool or your browser console. Also, you can inspect our client-side source code directly in your web browser.
Data access using Microsoft Graph
Sign in/Sign up with Microsoft
| Graph Permission | Permission Type | Justification | Azure AD App ID |
|---|---|---|---|
| openid | delegated | Required by Azure AD authorization flow. To sign users in and ensure their consent to using the Shared Email Templates app. | c1e89043-a87e-4168-9620-996b6174f9ce |
| profile | delegated | To read basic user information. | c1e89043-a87e-4168-9620-996b6174f9ce |
| offline_access | delegated | To refresh access token, when the active one is expired. | c1e89043-a87e-4168-9620-996b6174f9ce |
| User.Read | delegated | To read the profile of signed-in users. Also allows the Shared Email Templates app to read basic company information of signed-in users. | c1e89043-a87e-4168-9620-996b6174f9ce |
| User.ReadBasic.All | delegated | To read a basic set of profile properties of other users in the organization on behalf of the signed-in user. | c1e89043-a87e-4168-9620-996b6174f9ce |
General Shared Email Templates functionality
| Graph Permission | Permission Type | Justification | Azure AD App ID |
|---|---|---|---|
| openid | delegated | Required by Azure AD authorization flow. To sign users in and ensure their consent to using the Shared Email Templates app. | c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| profile | delegated | To read basic user information. | c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| User.Read | delegated | To read the profile of signed-in users. Also allows the Shared Email Templates app to read basic company information of signed-in users. | c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Files.ReadWrite.All | delegated | To read and upload files to the signed-in user's OneDrive or SharePoint folders. | c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Sites.Read.All | delegated | To read site and folder items in all site collections on behalf of the signed-in user. | c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Mail.Read | delegated | To read email in user mailboxes. Required for Outlook Draft functionality. | c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Mail.Read.Shared | delegated | To read mail that the user can access, including shared mail. Required for Outlook Draft functionality. | c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| directory.read.all | delegated | Required by Azure AD authorization flow. To read data in groups of the user's organization. | c1e89043-a87e-4168-9620-996b6174f9ce |
Mail Merge functionality
| Graph Permission | Permission Type | Justification | Azure AD App ID |
|---|---|---|---|
| openid | delegated | Required by Azure AD authorization flow. To sign users in and ensure their consent to using the Shared Email Templates app. | 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| profile | delegated | To read basic user information. | 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| offline_access | delegated | To refresh access token, when the active one is expired. | 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| User.Read | delegated | To read the profile of signed-in users. Also allows the Shared Email Templates app to read basic company information of signed-in users. | 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| Files.ReadWrite.All | delegated | To read and upload files to the signed-in user's OneDrive or SharePoint folders. | 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| Mail.Send | delegated | Allows the Shared Email Templates app to send mail as signed-in users. | 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| Mail.Send.Shared | delegated | Allows the Shared Email Templates app to send mail as the signed-in user, including sending on behalf of others. | 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
Data access using Google APIs
Sign in/Sign up with Google
| Scope | Description | Justification | Google Cloud Project ID / Number |
|---|---|---|---|
| /auth/userinfo.profile | See your personal info, including any personal info you've made publicly available | Required for the "Sign in with Google" feature. Utilizes the user's name to populate the SET account. | Shared-email-templates / 1055638364189 |
| /auth/userinfo.email | See your primary Google Account email address | Required to obtain the user's email for creating or accessing an existing SET account. | Shared-email-templates / 1055638364189 |
| openid | Associate you with your personal info on Google | Required to obtain an OpenID Connect token, essential for verifying the user's identity. This ensures that the user is who they claim to be. | Shared-email-templates / 1055638364189 |
General Shared Email Templates functionality
| Scope | Description | Justification | Google Cloud Project ID / Number |
|---|---|---|---|
| /auth/userinfo.profile | See your personal info, including any personal info you've made publicly available | Required for the "Sign in with Google" feature. Utilizes the user's name to populate the SET account. | Shared-email-templates / 1055638364189 |
| /auth/userinfo.email | See your primary Google Account email address | To obtain the user's email for creating or accessing an existing SET account. | Shared-email-templates / 1055638364189 |
| openid | Associate you with your personal info on Google | To obtain an OpenID Connect token, essential for verifying the user's identity. This ensures that the user is who they claim to be. | Shared-email-templates / 1055638364189 |
| /auth/drive.readonly | View and download all your Drive files. | To enable attaching files from Google Drive. Users select which files Shared Email templates can read and attach. | Shared-email-templates / 1055638364189 |
| /auth/spreadsheets.readonly | See all your Google Sheets spreadsheets | To access data from user-selected Google spreadsheets and ranges. This data is then inserted as values into the email body using the Dataset functionality. | Shared-email-templates / 1055638364189 |
| /auth/admin.directory.user.readonly | Scope for only retrieving users or user aliases. | To allow the Shared Email Templates account owner and Google Workspace administrator to create SET users based on the Google Workspace directory user list. | Shared-email-templates / 1055638364189 |
| /auth/admin.directory.customer.readonly | Scope for only retrieving customers. | To obtain the domain name, which allows the Google Workspace administrator to retrieve the list of users in the domain. | Shared-email-templates / 1055638364189 |
| /auth/admin.directory.group.readonly | Scope for only retrieving group, group alias, and member information. | To retrieve Google Workspace directory groups, allowing to create SET users based on these groups. | Shared-email-templates / 1055638364189 |
Post a comment
Seen by everyone, do not publish license keys and sensitive personal info!
If you have any questions or issues with this add-in, please feel free to post your concerns in the comments area. As soon as we answer, a notification message will be sent to your e-mail. If you do not want to share your thoughts in public, please contact us at support@ablebits.com.
