Privacy policy

JUNE, 2020

INTRODUCTION

Welcome to Dynamics 365 Integration for Gmail, a service provided by Akvelon, collectively referred to as “Akvelon”, “Product”, “Extension” “Service”, “Application” “we”, “our” and “us”.

Your privacy is important to us, so the goal of this policy is to be transparent about what information Akvelon collects, uses, and shares.

By using the Application you are consenting to the use of your information in the manner set out in this Privacy Policy

If you do not agree to any of the provisions of this Privacy Policy, you should not use Dynamics 365 Integration for Gmail. If you have any questions or concerns, you can contact us at gmail.support@akvelon.com.

Please note that this Privacy Policy only applies to the Dynamics 365 Integration for Gmail. Akvelon integrates with 3rd party applications, like Dynamics 365 which enable you to share information. Akvelon is not responsible for the privacy practices of 3rd Parties and we recommend that you review the privacy policies for each before using the Application.

INFORMATION WE COLLECT

We only collect information that is critical to the delivery of our Services to you, our customer. All of the information collected directly by us is listed below:

  • Gmail Email address - for licensing purposes and to identify people within the same organization
  • Dynamics 365 - username and ID used to connect Gmail account and your Dynamics 365 account in order to deliver our Service
  • OAuth token – used to connect to your Gmail account for the purposes of using our Application
  • Dynamics 365 Token – used connecting to your Dynamics 365 account
  • Dynamics 365 Instance URL – used to connect to you to your instance of Dynamics 365
  • Dynamics 365 Organization Name – used to identify the company for licensing purposes and administration of company account
  • Other data needed for administration and licensing
    • Installation date
    • Expiration date
    • Number of seats in organization
    • Number of active and inactive users
    • License type

Akvelon represents and warrants that the Application does not and will not provide Akvelon with the ability to view the content of the users Dynamics account and Gmail account. For details on information collected by third party applications please refer to their individual Privacy Policies available via their websites.

HOW WE COLLECT YOUR DATA

  1. Information you provide
  • Gmail email address, Dynamics 365 username, Dynamics 365 URL. You provide your Gmail email address, Dynamics 365 username and URL in order to log in to the extension. This information is used for license management purposes.
  • Support and Correspondence. You may provide Personal Data in connection with user support and inquiries from our website. User support histories are maintained for so long as the associated account is not deleted, and for a reasonable period thereafter, in case you decide to use our services again (See Log data needed for support team section).
  • Feedback. If you provide us with Feedback, we will collect your email address in order to respond to you.
  • Other Data. We may also collect other types of information in the manner disclosed by us when the information is collected.
  1. Data collected by the Technology
  • Tokens. We automatically collect OAuth token, Dynamics 365 Token so that you could connect to your Gmail and Dynamics 365 accounts through the extension in order to start using plugin. They are stored in Chrome Storage, and we do not have access to them.
  • Dynamics 365 Organization name. We also automatically collect your Dynamics 365 Organization name when you log in to the extension for license management purposes.
  • Usage data. We collect data about the use of the Services (for example, use of features, active time spending to work with the extension and number of active users) in order to provide and improve the Services. Usage Data is kept in secured license server deployed in Azure.
  • Meta data. Akvelon collects and stores “meta data” (attributes to track and sync your data on your behalf) about email, calendar, task and contacts. We use this information in order to store user’s settings, interact with CRM and provide core functionality.

Akvelon does not store your CRM proprietary information, but uses record ID’s in order to provide the service.

PROVIDING OUR SERVICES

**CRM (Dynamics 365)**– To provide our Services, we require access to the data in the customer’s CRM system to provide search, load, match, update and create records. This includes access to CRM entities allowed by CRM itself (profile, contact, lead, opportunity, account, activity, custom objects, and others).

Gmail/Calendar/Contacts – To provide our Services we require access to the data held in the customers email systems (Gmail) to provide ability to track emails from Gmail to CRM. List of permissions needed to deliver core functionality:

  • Access to email/event for read/display/synchronization against matching CRM records.
  • Access to read and create Google contacts – need this functionality to automatically create Google contacts when synchronize events from CRM. Read access needed in order to connect CRM events to existing contact and to not create duplicates.
  • Send access for sending email to support team and request a quote using your Gmail account.
  • Users profile information is accessed to display configuration information to the end users and administrators. Users can revoke our access to their CRM/Gmail/Calendar/Contacts system at any time, although of course if they do so we will not be able to continue to provide the Akvelon services.

GRANTING PERMISSION

If you’re installing the Application in a Chrome web browser, you’ll see a notice about granting the Extension permission to get access to Google API.

Without your explicit authorization, we cannot access your CRM data. After installing the product, you’ll be asked to sign in to CRM.

If you’re installing the Application in a Chrome web browser, you’ll see a notice about granting the Extension permission to get access to Google API.

Please note: we can’t do anything you can’t do. For example, if you don’t have access to read Leads in CRM, you won’t be able to track emails against Leads in CRM Gmail Integration.

PERMISSIONS JUSTIFICATION FOR GOOGLE CHROME EXTENSION

  • storage – it is needed to store users’ data (events from Google calendar, CRM records, Auth tokens).
  • identity – it is needed to sign in Gmail and Dynamics 365 using Google OAuth and Dynamics 365 OAuth accordingly (core functionality which is needed to integrate Gmail with Dynamics 365).
  • downloads – it is needed to download log files – user has the ability to collect and send log file (does not contain any sensitive info) to Akvelon Support team in case he/she experiences any issues.
  • tabs – it is needed to open new CRM windows to create new CRM activities and CRM records. Also, it is needed to sign in to Google account.
  • unlimitedStorage – it is needed to store users’ data (events from Google calendar, CRM records, Auth tokens) – we need more than 5MB provided by storage permission.-
  • webRequest – to connect to Dynamics 365 On-Premise through ADFS (to confirm correctness of domain as we can’t get this data beforehand – all users use different URL’s).

Host permissions

Host permission Justification
https://login.microsoftonline.com To log in to Dynamics 365 using OAuth
https://dynamics.com To iterate with Dynamics 365 CRM (create new records, update existing ones, sync CRM and Google calendars)
https://www.googleapis.com To get data from Google API (get info about emails, contacts and calendar) which is needed to add information from Gmail to Dynamics 365 CRM
https://accounts.google.com/o/oauth2/auth To log in to Gmail using Google OAuth (user has to authorize in order to get access to his/her data located in Gmail, Google Calendar and Contacts (to save this data to Dynamics 365 CRM)
https://accounts.google.com/o/oauth2/token To get Google token for OAuth (it allows users to work with the app without necessity to relogin too often)
https://cgiprod.akvelon.net To connect to the license server in order to manage subscription

LIST OF GMAIL AND GOOGLE API SCOPES

Scope Level of access and justification
openid In order to use OAuth for Gmail. User ID, so we can identify you.
email Used to connect CRM username and Gmail username for License purposes.
profile In order to use OAuth for Gmail.
https://www.googleapis.com/auth/contacts.readonly See, edit, download, and permanently delete your contacts. Need this functionality to automatically create Google contacts when synchronize events from CRM. Read access needed in order to connect CRM events to existing contact and to not create duplicates.
https://www.googleapis.com/auth/gmail.compose Create, read, update, and delete drafts. Send messages and drafts. Used to sending email to support team and request a quote using your Gmail account.
https://www.googleapis.com/auth/gmail.readonly Read all resources and their metadata—no write operations. Used for core functionality to get info about, email body, from/to, attachment, subject, thread and reply ID, etc. to add this data into CRM.
https://www.googleapis.com/auth/calendar.events View and edit events on all your calendars. Used for calendar sync functionality.
https://www.googleapis.com/auth/calendar.settings.readonly View your Calendar settings. Used for calendar sync functionality.
https://www.googleapis.com/auth/calendar.readonly View calendar resources on your domain. Used for calendar sync functionality
https://www.google.com/m8/feeds To create new contacts in Google
https://www.googleapis.com/auth/contacts See, edit, download, and permanently delete your contacts. need this functionality to automatically create Google contacts when synchronize events from CRM. Read access needed in order to connect CRM events to existing contact and to not create duplicates.

HOW WE USE INFORMATION WE COLLECT

  • Without your explicit authorization, CRM Gmail Integration cannot access your CRM data. You authorize CRM Gmail Integration by signing into CRM with your CRM username and password. This authentication process is entirely managed by CRM. No user-sensitive information is stored.
  • We use credentials to sign in your CRM organization and get necessary information to provide main functionality of the CRM Gmail Integration app:
    • Pull information about your activities and display this data in the CRM Gmail Integration sidebar.
    • Look for existing entities in CRM and track email against them.
    • Create new entities and activities is CRM using metadata (list of available entities).
    • Sync CRM appointments with Google calendar.
    • We collect Gmail profile information in order to perform license management.
    • We collect the e-mail addresses of those who communicate with us via e-mail. Gmail account is being used as a sender when sending emails with logs to support team. This can be done only by user request.
    • We also might use e-mail addresses for marketing purposes to improve the service we deliver to our customers.
    • We use list of calendars related to user’s Gmail account to display list of calendars in the Calendar sync section.

HOW WE SHARE YOUR DATA

Akvelon will never sell your Personal Data or use it except as stated in this Policy. We share your Personal Data in the following circumstances:

  • Service Providers. We provide Personal Data (Gmail email address, Dynamics 365 Username and ID, Dynamics 365 URL, Dynamics 365 Organization Name) to third party service providers solely as required to provide license management (for example, Personal Data is available to Microsoft as the license server is deployed in Azure).
  • Affiliates. This Policy applies to all entities that are owned by, or under common control with, Akvelon, Inc. (“Affiliates”). We can share Personal Data among Affiliates as required to provide the Services and respond to requests.
  • Corporate Restructuring. If Akvelon, Inc. or its business or assets are acquired by, or merged into, another company, that company will possess any Personal Data in our possession at such time, and will assume our rights and obligations under this Policy. Accordingly, we may share Personal Data in connection with any such transaction. Personal Data and other information may also be transferred as a business asset in the event of Akvelon’s insolvency, bankruptcy, or receivership.
  • Other Disclosures. Regardless of your choices regarding Personal Data, Akvelon may disclose your Personal Data (a) where required to comply with law enforcement directives, applicable laws or governmental orders; (b) if we believe in good faith that doing so is necessary to protect our rights or the Services.

LOG DATA NEEDED FOR SUPPORT TEAM

We collect information on client’s side about browser version you use for the Application, as well as your settings, browser information, connection type and CRM URL. Additionally, we log the date and time you access our services, as well as any error or crash data.

Your log data helps us troubleshoot errors on client side. We do not have access to this information until you send a request to Akvelon support team through the extension UI.

The information you provide to our team, including any troubleshooting documentation or screen shots, are saved as part of your support history.

We use this information to resolve any issues you are having, relay feedback to our team, respond to your comments and requests, and confirm your purchases and refunds.

PERSONAL DATA SECURITY

Akvelon takes data security very seriously and implements the industry’s best practices and policies. Company secures your personal information from unauthorized access, use, loss or disclosure. Company secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.

Akvelon uses Microsoft Azure platform and deploys some of the highest security measures to ensure data security; 256 Bit encryption for data in transit, AES for encrypting data at rest, and automated data masking to protect personally identifiable information. All interaction between the Application and CRM occurs over a secure HTTPS connection.

DATA RETENTION

Akvelon stores your information for as long as your account is active, and for a reasonable period thereafter, in case you decide to use our services again.

INTERNATIONAL DATA TRANSFERS

Akvelon collects information internationally, and uses hosting and cloud computing infrastructure located primarily in the United States to transfer, process and store information. We use robust physical, organizational, technical, and administrative measures to safeguard Personal Data, and we regularly re-assess and revise our policies and practices to improve security. While we go to great lengths to protect your Personal Data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of Personal Data in our control. If you believe your Personal Data may have been compromised by us or the use of the Services, please contact our help center immediately.

YOUR DATA RIGHTS AND CHOICES

The following is a summary of choices you can make to exercise your data rights.

Opt out of promotional communications You have the right to opt out of receiving any promotional communication. To unsubscribe from our newsletter, or other promotional emails, use the link at the bottom of the message. You can also contact us directly to have your information removed from our promotional contact list. Please note that, even if you unsubscribe, you will continue to receive non-promotional, transactional messages regarding your account and other essential services.

Right to be forgotten You have the right to be forgotten which means that, at any time, you can request that Akvelon permanently delete all applicable data records, including your profile information, both personal and financial, along with any user-created content. In some cases, we may need to retain partial information to fulfil our legal responsibilities, or to complete ongoing financial transactions.

Data portability You have the right, at any time, to request and receive the information that you have provided to Akvelon. We will provide you with your information, in a machine-readable format, so that you can make use of it in other contexts, or with other service providers.

Request that we stop using your information Even if you have previously consented to our Terms of Service and Privacy Policy, you have the right, at any time, to change your mind and object to the collection, use, and processing of your personal information. Additionally, you are under no contractual obligation to continue to provide any information to Akvelon. However, we require certain information in order to provide you with our services. Therefore, if you disagree with the terms of this Privacy Policy or our Terms of Service, you should stop using Akvelon, and contact us so that we may delete your information.

ACCOUNT DELETION

In order to comply with Art. 17 of GDPR (“Right to erasure”), we allow users to delete their account information. Please note that you will not be able to use the extension if you remove your account, however you can create your account later with the next log in to the extension. To remove your account, go to Settings => About => click “REMOVE YOUR ACCOUNT”).

VULNERABILITY DISCLOSURE POLICY

Akvelon welcomes its users and the public to report issues and security vulnerabilities in the company’s own code or within infrastructure. In order to report the problem, please send email to security@akvelon.com. Your report will be processed within 24 hours.

CHANGES

Akvelon Inc. may periodically update this Policy. The most current version of the policy will always be here

QUESTIONS

For more information on this or any other of our Policies, please contact us at:
gmail.support@akvelon.com
Akvelon, Inc.
3120 139th Avenue SE, Suite 100
Bellevue, WA 98005
Tel: +1 (206) 905-4626