Ukraine flag War in Ukraine. Here's what Ablebits is doing to make sure our team and projects are safe.

Privacy, security, and data safety

Shared Email Templates for Outlook

Updated on March 11, 2022

The protection of your personal information is our priority. We want you to feel safe while using our apps and add-ins. However, add-ins would not work if we didn't collect certain data. On this page, you can find detailed information on what data we collect, how we protect it, and where we store it.

What data we collect

Personal data

When you create an account, you enter your name, username, email address, password and subscription plans. We collect this information so that you could log in to your account.

Templates

While creating a template, you enter its name, description and contents. All this information is saved so you could use your templates.

Note. When you attach files from any cloud storage to your templates, we do not save your credentials for these storages, such as OneDrive or any other.

Teams

We save the names of your teams, descriptions, members, their email addresses and permissions.

Cookies

We use cookies to recognize you as a user and log you in automatically when you return to the Shared Email Templates app or the Shared Email Templates add-in.

Local log files

We collect log files only locally, on your computers. In the logs, we save only technical information that may help us provide you with technical support service or fix technical issues. We do not send these logs to any servers or services, but we may ask you to send your local logs to our technical specialists to help us reproduce or resolve your issue.

Communications

When you contact our customer support service, we keep all your email and chat messages.

Required permissions

Your use of our products does not give us access to any sensitive personal data stored in your Microsoft account, such as physical address or credit card details.

Working with Shared Email Templates, you may see the following permission requests:

Read or modify the contents of any item in your mailbox

Shared Email Templates can read or modify the contents of any item in your mailbox and create new items. It can access personal information, such as the body, subject, sender, recipients, or attachments, in any message or calendar item. It may send this data to a third-party service.

You can start Shared Email Templates only when composing or replying to a message. In this case, the add-in has access to reading or modifying the current opened message only. We do not do anything else with your Outlook data and do not need any other permissions, but unfortunately we cannot request only the permissions we need, this is technically impossible.

Note! The only third party here is Microsoft itself since Shared Email Templates is built on the Microsoft Office Extensibility technology and your account must be connected to Microsoft 365/Office 365, Exchange Online, Exchange or Outlook.com.
View and manage your files in OneDrive or SharePoint

If in your templates, you use files that are located in OneDrive or SharePoint, Shared Email Templates will need access to read them. If you upload your files via the add-in UI, we need access to write in them. All operations are performed within Microsoft Office Graph services, we do not collect or store any data from your files.

When you use macros that involve OneDrive or SharePoint files for the first time, you may see a consent screen with the permissions it requires to work:
Requested permissions.

Sign you in and read your profile

Allows Shared Email Templates to read basic information from your profile. The reason why we ask for this permission is that the other permissions (listed below) cannot be granted without it.

Have full access to all files you have access to

Allows Shared Email Templates to read files from your OneDrive and upload files from your local storage to your OneDrive.

Note! We use these permissions only to insert pictures and attach files that you store in your OneDrive. In fact, we need only the permission to read and create files, but we cannot request it without other permissions (update and delete) simply because there is no such possibility.
Edit or delete items in all site collections

Allows Shared Email Templates to read files from your SharePoint and upload files from your local storage to your SharePoint.

Note! We use these permissions only to insert pictures and attach files that you store in your SharePoint. In fact, we need only the permission to read and create files, but we cannot request it without other permissions (edit and delete) simply because there is no such possibility.
Maintain access to data you have given it access to

Allows Shared Email Templates to access data in your OneDrive or SharePoint. This permission must be requested according to Microsoft requirements although this permission itself is not necessary for Shared Email Templates.

A remark about Add-in Express PLLC

Initially, Shared Email Templates was developed by Add-in Express PLLC but now this product belongs to and is managed by Ablebits.com. We continue using the Add-in Express PLLC account in order not to interrupt our current users' work. Unfortunately, Microsoft does not provide an opportunity to transfer products between different vendors' accounts on Office Store.

Where we store the collected data

Your data in Shared Email Templates.
All your templates are stored in a cloud-based database hosted by Amazon Web Services. This is a protected storage inside an isolated private network. All data can only be accessed through the template sharing service, the core back-end service of Shared Email Templates.

When you create an encrypted team, you are the only person who knows the Team Password. Be sure to pass the password to your teammates in a safe way. In encrypted teams, all templates are encrypted with the SHA-256 symmetric algorithm before being saved to the cloud database.

Also, we store local copies of your templates (the local templates cache) in the following locations on your devices:

  • web browser local storage in case of the Shared Email Templates web app or the Shared Email Templates add-in running in Outlook on the web (Outlook Online);
  • Outlook cache in case of the Shared Email Templates add-in running in your desktop Outlook.

The local templates cache is isolated and not accessible by other browser extensions or Outlook add-ins. We store the local templates cache unencrypted because of the performance reasons - otherwise, we would have to decrypt templates each time you start Shared Email Templates, which would dramatically increase its startup time.

The local templates cache is refreshed with each change in templates, e.g. if your teammate creates a new template, the new template goes to the cache.

What data others collect, but we don't

We do not collect any analytics data and data about your devices and software. We do not track your actions by using tracking technologies or telemetry. Also, we do not sell or pass your personal data to any 3rd parties.

You may find that Microsoft Office telemetry is run together with the Shared Email Templates app and add-in. This is because we use Microsoft's office.js framework.

Who can access your data at our office

This clause refers your personal data, i.e. your name, username, email address, teams, subscriptions and orders.

We develop and test our products on specially created testing configurations, so access to your data is very limited and only a few people at our office have permissions.

Full access (provided on request) is given to a couple of our core developers and only in case they need to figure out some complex technical thing.

Read-only access is provided to our senior system administrator to perform online monitoring and periodic maintenance of our servers and services.

Read-only access is also given to our technical support engineers and sales specialists. They need your data to assist you when you contact us with related questions.

Note. No one has access to your templates, passwords and keys. So, please be prepared that our technical support team may ask you to send them the html code of your template if they think the problem is in it. However, we will never ask for your password or Team Passwords.

How we control accessing your data at our office

We make a lot of effort to keep your data safe. Firstly, we restrict physical access to our office and to our computers with door locking, access control systems, alarm system and surveillance facilities. Secondly, we restrict access to our systems by using central management of system access, no guest accounts policy, password and authentication policies.

Also, we control access to data with the help of differentiated access rights, access rights defined according to duties, measures to prevent the use of automated data-processing systems by unauthorized persons.

To prevent unauthorized access, data alteration and disclosure, all our communication channels are encrypted using virtual private networks for remote access, transport and communication of data. All our sub-networks are joined into a wholly-owned private network. Finally, all our computers are protected with antivirus software and firewall systems.

How to erase your data

To remove your data, simply delete all the teams where you are the administrator, and then remove your account in the Profile section. To have all your communications with us removed from our systems, please contact our technical support service.

How you can make sure that everything above is true

You can see all the information that is sent to our services and storages with your own eyes with the help of the Fiddler tool or your browser console. Also, you can inspect our client-side source code directly in your web browser.