Privacy Policy

This Privacy Policy explains how GraceMark ("we") collects and processes personal data when you use our email-signature management service (the "Service").

Who is responsible

For your account data we act as the data controller. For the directory and employee data you import and manage, you (our customer) are the controller and we act as your processor — see our Terms and Data Processing Agreement.

What we collect

• Account: your email address and password hash.
• Company: name, website, size, logo, chosen email platform.
• Employee directory: names, email addresses, job titles, departments, phone numbers, locations and photos — entered by you or synced from Microsoft Entra ID or Google Workspace.
• Click analytics: when signature links are clicked we record the timestamp, target URL, IP address, approximate location (derived via GeoIP) and device/browser (user-agent).
• Integration credentials: the secrets/keys you provide to connect Microsoft 365 or Google Workspace, stored encrypted at rest.

How we use it

• To render and deliver email signatures (via the Outlook add-in or the Gmail API).
• To sync your directory into segments and keep employee details current.
• To provide click analytics and reporting.
• To operate, secure and support the Service.

Sub-processors

We use a small number of vendors to run the Service (cloud hosting, email delivery, and a GeoIP database). Microsoft and Google are accessed only with the credentials you provide. A current list of sub-processors is available on request.

Retention

We keep data for as long as your account is active. When you delete an employee, segment or your account, the associated data is removed (cascade) shortly afterwards.

Your rights

Subject to applicable law (including the GDPR), you may request access, correction, deletion or export of your personal data. Employees whose data you manage should direct such requests to you as the controller; we will assist you in fulfilling them.

Contact

Questions about this policy: privacy@gracemark.io.