Effective Date: March 22, 2019
We know that your privacy is important to you. At Return Path (“Return Path”, “Company”, “We”, “Us” or “Our”), we’re committed to helping you understand how we manage and protect it. We take privacy seriously, and have taken many steps to help safeguard the information we collect and manage for you.
This policy discloses the information practices for Return Path and our affiliates’ Web sites, from what type of information about our Web sites’ users is gathered and tracked, how the information is used, shared or otherwise processed. It also describes how cookies, web beacons and other technologies may be used in our Software-as-a-Service (SaaS) offerings and products.
If you have questions or concerns regarding this policy, you may contact the Return Path Privacy Office by emailing us at firstname.lastname@example.org.
- The Organization Collecting Information at This Website
- The Information We Collect and Use
- Registration Information
- Service Usage Information
- Aggregate Information
- Where Your Information is Processed
- Information Sharing and Disclosure
- Agents and Third Party Service Providers
- Security and Information Protection
- Retention of Personal Information
- IP Addresses
- Cookies, Web Beacons, and Other Technologies
- Change of Control / Asset Transfer
- Legal Compliance
- Communications from the Sites
- Correcting, Updating, or Removing Your Personal Information
- Links to Other Sites
- Collection and Use of Third Party Personal Information
- Social Media Widgets
- Single Sign-On
- Changes to This Policy
- Contact Us
Thank you for visiting our websites and using our products and services.
Matt Blumberg, CEO
EU – U.S. Privacy Shield
Return Path participates in and has certified its compliance with the EU – U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Return Path is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
Return Path is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Return Path complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Return Path is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Return Path may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge).
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
The Organization Collecting Information at This Website
The mission of Return Path and its subsidiary companies is to make email better for everyone. For consumers, we provide products and services to make your inboxes a safe and manageable place filled with email you want to receive and nothing more. For businesses, our deliverability analytics help you understand how to optimize your email campaigns. For Security companies using email data, our Data Feed products help identify email-based bad actors, threats and compromises.
The products and services of Return Path and its subsidiaries include Context.IO, OtherInbox, and Switch Labs, Inc. We operate and own the websites (the “Sites”) located at:
The Information We Collect and Use
Registration for a Service may not be required to simply view a Site. If you elect to register for a Service, Return Path asks you for information that enables us to provide the Service. You will be registering with Return Path on the form provided and we may require you to provide contact information such as your name, username, password, and email address.
Service Usage Information
We collect non-personal information − data that does not permit direct association with any specific individual – and personal information when you use our Service.
Information Related to Data Collected through your use of Context.IO
- Service End-Users: If you are an email user using a third party mobile or email application powered by Context.IO, then with your permission at sign-up or use of the application, Return Path through Context.IO collects personal information from you and your email accounts connected to Context.IO. This includes but is not limited to your name, email address, username and password. This data is collected to provide the Context.IO-powered application access to your inbox.
Context.IO connects to your inbox over IMAP/API, and copies data from your inbox to secure, encrypted cloud instances controlled by Return Path for fulfillment of the Service.
- For paid Context.IO-powered applications, your applicable data is retained in our secure, encrypted cloud instance only for as long as it is needed for the Context.IO-powered application to render the Service. Return Path makes no use of your data other than by providing connectivity through Context.IO.
- If you are a free-of-charge subscriber to Context.IO-powered applications, we exercise our legitimate interest in operating the Context.IO API and retain some data from your inbox for up to six months. We are interested in understanding how you generally interact with your inbox (ex: how much time you spend in your email account, at what time you check your emails), which email campaigns (marketing, transactional, relationship-type messages) you engage with, and what that engagement was (ex: did you read/delete/mark as spam). We collect this data to help our clients adopt best email sending practices, optimize delivery of email marketing campaigns to you, help email and Internet service providers improve their spam filters, improve upon or develop a new Service, and help Internet security companies detect and stop phishing attacks. We will index and retain information from your email such as, but not limited to: Sending Domain and IP Address, Subject Line, Message Date, Message Body URLs, redacted and obfuscated non-personal message content, and engagement data points, including whether the email was opened, moved, forwarded, clicked, or marked as spam.
- We are not interested in personal correspondence, and immediately delete personal messages from the data we might retain, along with other emails which are not identified as commercial messages. The data we retain is de-identified or pseudonymised (ex: we remove your email address, street address, phone and account numbers, along with any of your other identifying information) before being included in our products or services.
- You may opt out of sharing information with Context.IO at any time by going to http://optout.context.io.
Context.IO may also collect personal information from visitors when you communicate with us about our services and products (ex: if you write to us with a question) or during other transactions or interactions on our websites (see more in the cookies section, below) required for the provision of the Service.
Information Related to Data Collected through your use of Return Path’s Consumer Applications
Return Path’s Consumer Applications (1) Whisker Widget, (2) Organizer, (3) Unsubscriber, and (4) Notifier for Outlook provide services such as (1, 2 and 3) organizing and categorizing email, unsubscribing you from email campaigns, and helping you manage your preferences for commercial emails and (4) helping you keep track of your unread email message count. When you sign up for any of these applications, we’ll collect your name, email address, and password to access your email account.
Once access is established, we connect to your inbox over IMAP/API, and copy data from your inbox to secure, encrypted cloud instances controlled by Return Path. We then programmatically parse your data, indexing information including, but not limited to, Sending Domain and IP Address, Subject line, Message Date, Message Body URLs, redacted and obfuscated non-personal message content, and engagement data points, including whether the email was opened, moved, forwarded, clicked, or marked as spam.
Return Path previously hosted the Shopami service which received email address, correspondence metadata, and device identifying data of its users. We retired this service on May 25, 2018 and have deleted all related user data including any personal user data as it relates to this service. If you believe you were a Shopami user and need assistance or if you have any further questions, please email email@example.com.
In order to provide our Consumer Applications at no cost to you, we use some of the data we parse from your inbox for our legitimate business purposes. We are interested in understanding how you generally interact with your inbox (ex: how much time you spend in your email account, at what time you check your emails), which email campaigns (marketing, transactional, relationship-type messages) you engage with, and what that engagement was (ex: did you read/delete/mark as spam). We collect this data so we can help our clients adopt best email sending practices, optimize delivery of email marketing campaigns to you, help email and Internet service providers improve their spam filters, improve upon our existing Service or to develop a new Service, and help Internet security companies detect and stop phishing attacks.
We are not interested in personal correspondence, and immediately delete personal messages from the data we might retain, along with other emails which are not identified as commercial messages. The data we retain is de-identified or pseudonymised (ex: we remove your email address, street address, phone and account numbers, along with any of your other identifying information) before being included in our products or services.
You can opt-out of data sharing at any time by removing the corresponding app from your email account.
Information Related to Data Collected through your use of the Return Path Solutions (Email Optimization and Intelligence Suite, and Client Services)
Return Path collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by them, please contact them directly.
We retain personal data we process on behalf of our Clients for as long as needed to provide services to our Clients, and we may transfer personal information to companies that help us provide our services. Transfers to subsequent third parties are covered by the service agreements with our Clients. Return Path will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We acknowledge that you have the right to access your personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Return Path’s Client (the data controller). If requested to remove data we will respond within 30 days.
Information Related to Data Collected through your use of Feedback Loop Services
Return Path provides Feedback loop services to you on behalf of select Internet Service Providers (“ISPs”) partnered with us. In order to provide the Service to you we will make your registration information (first name, last name, email address, along with any domain or IP data you provide) available to our ISP partners. This information is provided so that they may evaluate, approve, and administer the Service for you. We provide your registration information to these partners but they are not permitted to retain or use your information for any other purpose other than administering this Service.
Information related to data Collected through your use of our Sender Score Services
The data you provide to us by registering for Sender Score (first name, last name, email address, phone number), or by making requests for information about our service, is retained and used solely for the purposes of fulfilling your request for information, fulfilling a request through a Site feature, performing and carrying out the terms of the Service, or communicating with you as a member of the Service.
Information related to data Collected through the Data Feed Services (ie. betterbounces.net)
We collect some information that can be used to identify you as an individual (“Personal Information”) only when you provide such information directly to us in connection with the Service. We ask for Personal Information such as your name and e-mail address when you register for an account with the Site, or if you correspond with us for information or support. We may also retain any messages you send to our through the Service, and may collect content and information you provide by posting to the Service (“User Content” ). We use this information to find malicious traffic which we provide to security companies to help them improve internet security efforts. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to betterbounces.net or threatwave.com website or Service.
We also collect and use information about your interactions with the Service in a manner and format that does not identify you as an individual (“Non-Personal Information”).
From time to time, we may collect general, non-personally identifiable, statistical information about the use of the Sites and the Services, such as how many visitors visit a specific page on the Sites, how long they stay on that page, and which hyperlinks, if any, they “click” on. We collect this information through the use of technologies such as “cookies” and “IP addresses”, which are discussed in greater detail below. We may group this information into aggregate visitor data to describe the use of the Sites and Service to our existing or potential business partners or other third parties (such as Google Analytics), or in response to a government request. However, we use industry best efforts to pseudonymize the data to prevent personally identifying you, other list members, or any other visitors to the Sites.
We may store your information on third-party servers such as Amazon Web Services; or we may use a third party analytics tool to learn how you are using our Sites.
In cases where you use a mobile device to access our Sites, we will receive information about the location of your device. In some cases, even if you are not using a mobile device, information about your general location may be discernible from your device’s IP address or the URLs we receive. If you access or use our Sites or Services with your mobile telephone, we may collect your telephone number.
Where Your Information is Processed
Information Sharing and Disclosure
Agents and Third Party Service Providers
To provide the Service to you, we may sometimes use approved third-party businesses or individuals to perform certain specialized services such as data processing, hosting, analysis or other technology services. Return Path may transfer personal information that we collect about you to affiliated entities or to other trusted third parties to perform services for us. These entities are not permitted to retain or use your information for any purpose other than to perform work for us.
Security and Information Protection
The security of your information is important to us. When you enter personal information (such as your name, email address, and other registration information) we encrypt that information using Secure Socket Layer (SSL) technology. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You should always use caution when submitting personal information online. If you have any questions about security on our website or products, you can contact the Return Path Privacy Office by emailing us at firstname.lastname@example.org.
Protecting the security of your personal information is very important to us. When we store information that you have provided to us when registering for the Service, that information is protected by security measures that include “firewalls” (a combination of computer hardware and software that helps keep unauthorized visitors from accessing information within our computer network), “intrusion detection systems” (a combination of computer hardware and software that helps detect any unauthorized visitors) and other tools such as data encryption and physical security, where appropriate. Unfortunately, no data transmission over the Internet or data repository can be guaranteed to be 100% secure. As a result, while Company strives to protect your personal information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your personal information.
Retention of Personal Information
An IP address is a number that is automatically assigned to your computer whenever you’re surfing the web. Web servers, the computers that “serve” web pages, automatically identify your computer by its IP address. We collect IP addresses for purposes of system administration, to report aggregate information to third parties and to track the use of the Site. When visitors request pages from the Site or click on a link in a mailing sent through the Service our servers log the visitors’ IP addresses. We reserve the right to use IP addresses to identify a visitor or list member when it will enhance the user’s experience, is necessary to perform a contract we have with our Clients, or if we feel it is necessary to enforce compliance with the Site’s policies or to protect Company, the Site, its visitors, the Service, our Internet Service Provider partners, the list members or others.
Change of Control / Asset Transfer
As the Company develops, we may buy other businesses or their assets or sell all or parts of our business assets. Customer information is generally one of the business assets involved in such transactions. Thus, in the event that the assets of the Company in whole or in parts are acquired by a third-party, customer information, including any visitor information collected through the Sites or the Service, would be one of the transferred assets. In the event of a corporate change in control or sale of all or parts of our business assets our users will be notified in accordance with the “Changes to this Policy” section of the policy if their personal information is provided to the new corporate entity or asset purchaser.
Return Path values our relationships with our Users and are committed to respecting and protecting your Usage Information. Return Path can however disclose Users’ Usage Information for legal or regulatory reasons, including in response to subpoenas, bankruptcy proceedings, and court orders. Return Path can also use Usage Information to investigate fraud and to prevent violation of our Terms of Service and unlawful use of our network, services and other Users.
Return Path also reserves the right to disclose member information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) Return Path’s rights or property, other visitors, list members, or anyone else that could be harmed by such activities. Return Path also reserves the right to disclose visitor or list member information when we believe in good faith that the law requires it.
Communications from the Sites
As someone with an active Service account, we may send you service-related email messages, which are not promotional in nature, on occasions and when it is necessary. Similarly, if you request assistance with a Site or one of our products or services, we will communicate with you through email until we have addressed your questions.
Based upon the information you provide us, we will communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We may communicate with you by email or telephone.
Newsletters and Promotions
We may provide you the opportunity to opt-in to additional newsletters or promotional communications sent by email. If you have opted in or otherwise qualify to receive these forms of communication, we will use your name and email address to communicate with you. Out of respect for your privacy, we provide you a way to unsubscribe by following the instructions included in each communication.
We may occasionally send you push notifications through our consumer applications to send you application updates and other service related notifications that may be of importance to you. You may at any time opt-out from receiving these types of communications by turning them off in the device settings.
Correcting, Updating, or Removing Your Personal Information
Upon request Return Path will provide you with information about whether we hold any of your personal information. Return Path will make commercially reasonable efforts to provide you reasonable access to any of your personal information we maintain within 30 days of your access request. We provide this access so you can review it, make corrections or request deletion of your data. If we cannot honor your request within the 30-day period, we will tell you when we will provide access. In the unlikely event that we cannot provide you access to this information, we will explain why we cannot do so. To review and update your personal information to ensure it is accurate, contact the Return Path Privacy Office by emailing us at email@example.com.
Collection and Use of Third Party Personal Information
You may provide personal information about other people, such as their name and email address. This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided.
You can apply for employment at Return Path using sign-in services such as Linkedin or an Open ID provider. These services will authenticate your identity, provide you the option to share certain personal information (such as your name and email address) with us, and to pre-populate our sign up form. Services like LinkedIn give you the option to post information about your activities on this site to your profile page to share with others within your network.
We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the Return Path Privacy Office by emailing us at firstname.lastname@example.org.
We do not knowingly collect information from children under the age of 13 on the Site or through the Service. If you are under the age of 13, please do not provide any information to us. If we become aware that we have collected information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
Changes to This Policy
Return Path, Inc.
3 Park Avenue, 41st Floor
New York, New York 10016
Attn: Chief Privacy Officer
Phone: (212) 905-5500
Fax: (212) 905-5501