Last Updated: 22 August, 2020
Our Service allows users to forward emails to our Service for the purpose of setting automated reminders associated with those emails. We recognize that your emails may be very private, and we take special care with them. For example, we encrypt the message body of these emails using industry-standard methodologies for long-term storage on our servers. We store the content of these emails for the period of time required in order to send you the requested reminder. After the requested reminder period has expired and the Service has sent the reminder, we delete the message body, message text and attachments after a "reminder retention period", when the user can choose to postpone the reminder until a later date. The retention period is variable based on the account level, ranging between 2 weeks (for free accounts) and 6 months for "Company" accounts. For example, if you are on the free plan and forward an email to email@example.com, we retain the complete email information for five (5) months plus six (2) weeks. Postponing the followup will extend the length of time the data persists in our system.
In the rare event that the content of an email interferes with the operation of the Service (ie, due to a bug), the problematic email may be temporarily logged in full or otherwise viewed for the purposes of debugging. With respect to other email-related information, we store the subject heading of these emails unencrypted the purpose of performing internal quality assurance and debugging, and for reference when a FollowUpThen user is browsing the activity history for a contact. We also retain certain non-personally identifiable information related to these emails (for example, date sent, email configuration, name of the email provider), for the purpose of improving our Services and as described below in the "Non-Identifiable Data" section.
When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:
The Service may allow users to enable reminders for the people with whom they communicate. As part of this Service, we will collect the email address(es) provided by our users in order to provide this feature. We use the email addresses of non-users only in connection with providing the requested feature (for example, to send the reminder as requested by one of our users). If a user chooses to connect other services with FollowUpThen such as their email inbox, CRM, address book, calendar, Twitter, Facebook, Slack, WhatsApp or other communication system, we may also store the contact details and the frequency of communication with a non-user. If a user chooses to connect a contact enrichment service (such as clearbit.com) this information is also stored. Non-user information is used only in the fulfillment of our Service's advertised purpose. If you are not a user of our Service and do not wish to receive a reminder or communication from the Services, please click the opt out link in the reminder email that you receive. If you do opt-out, we will keep your email address on file for the sole purpose of ensuring we never contact you without your permission. If you do not opt out from the reminder, then we will delete your email address and the applicable email within the time period described above in the Section called “A Note About Email Content.”
FollowUpThen stores the information of the contacts with whom a user has scheduled followups for the sole purpose of improving the timeliness, relevancy and utility of the Service. These contacts are listed under the "People" tab in the FollowUpThen web applicaiton.
FollowUpThen may gather information about your contacts from the following sources:
Unlike email information, which is periodically purged, contact data is stored indefinitely. This includes email, name, and the subject lines of previously scheduled followups with that contact. Contact data may optionally be augmented with information from connected address books, social media or other 3rd party systems, which is also stored indefinitely. Contacts can be permanently deleted at any time from the FollowUpThen web application. Deleting a contact permanently deletes the data associated the contact's record, but it will not delete the future followups relating to that contact. These can be deleted separately. Scheduling a new followup with a previously deleted contact adds the contact data back to FollowUpThen. FollowUpThen will never sell, transfer or otherwise distribute information about a user's contacts without permission. You can export your contacts at any time.
When you interact with FollowUpThen through the Services, we receive and store certain personally
non-identifiable information. Such information, which is collected passively using various technologies,
cannot presently be used to specifically identify you. FollowUpThen may store such information itself or
such information may be included in databases owned and maintained by FollowUpThen affiliates, agents or
service providers. The Services may use such information and pool it with other information to track,
for example, the total number of visitors to our Site, the languages of users, time zones, location,
name of the email client, the configuration of the email client, and the domain names of our visitors'
Internet service providers. It is important to note that no Personal Data is available or used in this
Our Service may collect and use your location information to provide certain functionality of our Service (for example, associating a reminder with a particular location). We may also use your location information in an aggregate way, as described below in the “Aggregated Personal Data” section.
In an ongoing effort to better understand and serve the users of the FollowUpThen Services, FollowUpThen often conducts research on its user demographics, interests and behavior based on the Personal Data and other information provided to us (with exceptions as noted in the “Data Exceptions” section below). This research may be compiled and analyzed on an aggregate basis, and FollowUpThen may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. FollowUpThen may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which
it was provided. For instance, if you contact us by e-mail, we will use the Personal Data you provide to send
you a reminder, answer your question or resolve your problem. Also, if you provide Personal Data in order to
obtain access to (for example, by accessing your account settings) or use (for example, by setting or modifying
reminders) the FollowUpThen Services, we will use your Personal Data to provide you with access to such services
and to monitor your use of such services. FollowUpThen may also use your Personal Data and other personally
non-identifiable information collected through the Services (with exceptions noted in the “Data Exceptions”
sections below) to help us improve the content and functionality of the Services, to better understand our
users and to improve the FollowUpThen Services. FollowUpThen may use this information to
contact you in the future to tell you about services we believe will be of interest to you, as well as
communications (such as newsletters) about FollowUpThen and the Service. If we do so, each marketing
communication we send you will contain instructions permitting you to "opt-out" of receiving future marketing
communications. In addition, if at any time you wish not to receive any future marketing communications or you
wish to have your name deleted from our mailing lists, please contact us as indicated below.
As previously mentioned, email body content is encrypted in our database, however, in the course of providing system administration, debugging and support, it may be necessary for a FollowUpThen staff member to view unencrypted content or login under a user's account to provide this support. Such interactions are limited to only technical support and system administration instances.
If your Personal Data is provided by others using the Service, your Personal Data is used only in connection with the Services (for example, to provide you with the reminders others schedule for you).
Information obtained from your connected Google Services is specifically excluded from research activities, other than its secondary effects on your FollowUpThen data (for example, if a reply to an email cancels a followup). Your Google Data will never be shared with a 3rd party, other than for purposes necessary to operate the core FollowUpThen services (for example, logging and infrastructure providers).
FollowUpThen's use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
FollowUpThen provides a link for you to delete your account. This action permanently removes your data from our database including your tasks, account information and data stored with 3rd party vendors, for example our credit card processor. Your account will remain in archival database backups, used only for disaster recovery scenarios, until the backup has been purged as a natural part of our backup retention policy. Logs, which contain ip addresses and email headers (including to, cc, bcc and subject fields) are purged 4 weeks after deleting your account.
FollowUpThen a link in your account settings to export your followups as portable, open CSV file. We respect your right to choose the best tool for email reminders.
FollowUpThen is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets. One important factor in any such transaction would be the degree to which the receiving party shares similar values regarding the treatment of your Personal Data.
FollowUpThen, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function. FollowUpThen, employees and contractors that are required to have full access to the system (ie, DevOps) are carefully interviewed and vetted over a period of time before they are permitted access.
FollowUpThen may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of FollowUpThen, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
All information submitted to FollowUpThen as an employee account is owned by the company account administrator who has permission to view, change or delete information within the account.
You can visit the Services without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain FollowUpThen Services.
The Service may allow you to send SMS (text message) reminders to your own mobile device using the Service. Please report any SMS or other abuse related to the Service to firstname.lastname@example.org.
To provide additional functionality (such as response detection) while maintaining the security and privacy of your email data we have created a stand-alone service called the Inbox Event Emitter (IEE). The IEE securely connects to an email account in order to provide specific productivity features without exposing unnecessary personal information. This allows a connected service such as the FollowUpThen main app to, for example, request the IEE to send a generic notification when a response is received to a specific email. Isolating inbox data within the IEE enables specific FollowUpThen features without requiring visibility into the contents of your inbox.
To facilitate this limited access to your inbox, the Inbox Event Emitter internally stores potentially sensitive information including authorization tokens, usernames and passwords of email accounts. This information is encrypted with per-user authentication keys which are, themselves, encrypted using a key that is not physically present on the server.
When an email arrives in your inbox, IEE requires ephemeral access to the incoming email message to determine if it meets a "subscription" criteria as noted above. Email content obtained through this connection is neither stored, logged nor shared with any other party (even the FollowUpThen main app) and is immediately discarded after evaluation. If a subscription criteria is met by a new message, a notification is sent to the main FollowUpThen app without including any information obtained from the incoming message.
We do not share your email information with 3rd parties or use it for marketing, market research, email campaign tracking or purposes other than enabling the features of FollowUpThen as advertised. If you chooses to integrate your FollowUpThen account with another 3rd party system (for example, a CRM or project management system), a 3rd party may gain visibility into the state of your followups, but never information from your email account. Note that a subscription event can change the state of a followup (for example, causing it to become due, completed or cancelled). The change of state is visible to the 3rd party system, not the underlying subscription event.
Your private information is your property. If you choose to delete your FollowUpThen account your personal information is also permanently deleted. FollowUpThen's Inbox Event Emitter service will permanently delete all connection information (OAuth keys, usernames, passwords, and per-user encryption keys) to all of your email accounts. Subscription criteria is deleted as well.
Google and Microsoft Information FollowUpThen uses secure APIs to access your Google and Microsoft accounts. FollowUpThen's Inbox Event Emitter requests the minimum permissions necessary to perform the productivity features as described in product documentation.
FollowUpThen takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to FollowUpThen via the Internet.
We also offer a vulnerability disclosure program to security researchers and anyone who would like to help us make FollowUpThen even more secure.
To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take
reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the
You may contact us as follows:
23 E. San Carlos Ave #1461
San Jose CA 95112