Privacy Policy

Table of Contents

1. Introduction
2. Scope of this Privacy Notice
3. Personal data we collect
4. How we use your personal data
5. How we share your personal data
6. Your choices
7. Other sites and services
8. Security and Retention
9. International data transfers
10. Children
11. Changes to this Privacy Notice
12. How to contact us
13. California privacy notice
14. Notice to European users
15. Products and Services Privacy Notice
16. Google User Data Privacy Notice
17. Gmail API Integration and Data Access

1. Introduction

This Privacy Notice describes how we handle personal data that we collect through our websites and mobile applications that link to this Privacy Notice (collectively, the "Service"), as well as through our marketing and other activities described in this Privacy Notice. Use of the Service is subject to our Terms of Service.

California residents: See our California privacy notice for information about your personal information and privacy rights.

Individuals in the EEA/UK/Switzerland: See our Notice to European users for information about your personal data and data protection rights.

If you have any questions or concerns about our use of your personal data, please contact us.

2. Scope of this Privacy Notice

We provide businesses with a cloud-based communication hub that their teams use for customer-related communications. The Service is not intended for use by individuals for personal, family, household, or other consumer purposes, and the personal data covered by this Privacy Notice pertains to individuals acting in a business or commercial capacity. This Privacy Notice does not apply to personal data about our personnel or job candidates, or to personal data that we process on behalf of customers in our capacity as a processor or service provider.

3. Personal data we collect

The personal data we collect from you, either directly or indirectly, will depend on how you interact with us and with our Service. We collect personal data about you from the following sources:

Information you provide to us

Personal data you may provide to us through the Service includes:

• Contact data (name, email, phone number, etc.)
• Account data (profile information, preferences)
• Transaction data (payment information)
• Communications data (messages, feedback)
• Security data (when visiting our offices)
• Referral data (when you refer others)

Information automatically collected

As you navigate the Service, we automatically collect:

• Device data (browser type, operating system, etc.)
• Usage data (page views, time spent, etc.)
• Location data (general location based on IP)
• Cookies and similar technologies

Information from third parties

We may receive information about you from:

• Business partners and service providers
• Public sources and social media
• Authentication services (Google, Microsoft)
• Data brokers and analytics providers

4. How we use your personal data

We use your personal data for the following purposes:

• Service delivery and account management
• Business operations and system maintenance
• Research and development
• Marketing communications
• Targeted advertising
• Compliance and protection

5. How we share your personal data

We may share your personal data with:

• Our corporate affiliates
• Service providers and business partners
• Payment processors
• Authentication services
• Advertising partners
• Professional advisors
• Legal authorities when required

6. Your choices

You have certain rights regarding your personal data:

• Access and update your information
• Opt-out of marketing communications
• Request deletion of your data
• Control cookies and tracking
• Exercise your privacy rights under applicable laws

7. Other sites and services

The Service may contain links to or integrations of websites and online services operated by third parties. These links are not endorsements of any third party. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites or services you interact with.

8. Security and Retention

We implement appropriate technical and organizational security measures to protect your personal data. We retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for legal, accounting, or reporting requirements.

9. International data transfers

We are headquartered in the United States and may use service providers that operate in other countries. These countries may have different data protection laws than your country. We implement appropriate safeguards to protect your data when transferred internationally.

10. Children

Our Service is not intended for use by anyone under 16 years of age. We do not knowingly collect personal data from children under 16.

11. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page and updating the "Last updated" date.

12. California Privacy Notice

This section applies to California residents and describes our collection, use, and disclosure of personal information under the California Consumer Privacy Act ("CCPA").

Your California Privacy Rights

As a California resident, you have the right to:

• Know what personal information we collect
• Access your personal information
• Request deletion of your personal information
• Opt-out of the sale of your personal information
• Non-discrimination for exercising your rights

13. Notice to European Users

This section applies to users in the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland.

Your European Privacy Rights

Under the GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict processing of your data
• Data portability
• Object to processing
• Withdraw consent

14. Products and Services Privacy Notice

This section describes how we handle personal data as instructed by our customers in the course of providing certain features of our Services, including through cookies and similar technologies. We engage in the activities described here as a service provider to our customers and subject to our agreements with them.

Hour Block Knowledge Base

Our Knowledge Base employs cookies and browser storage technologies to help customers analyze visitor usage. Examples include:

• Cookie: _ga – Distinguishes one visitor from another when customers integrate Google Analytics (13 months, served by Google).
• Cookie: _ga_<id> – Identifies and tracks an individual session (13 months, served by Google).
• Local storage: _hourblock_kb_visitor_id – Establishes unique visitor IDs for Knowledge Base Analytics (perpetual, served by Hour Block).
• Cookie: hourblock-customer-portal-session-cookie – Set when a visitor verifies their email to access past conversations (4 days, served by Hour Block).

Customers can integrate third-party services (for example, embedded YouTube or Vimeo videos) into their Knowledge Base which may place additional cookies. Visitors can reject or clear cookies in their browser settings, though some features may not function if cookies are disabled.

Hour Block Chat

Our Chat product uses the following cookies:

• Cookie: fccid – Distinguishes chat visitors; produces analytics metrics (7 days, Hour Block).
• Cookie: fcaid – Distinguishes unique conversations; produces analytics metrics (7 days, Hour Block).
• Cookie: fcuid – Associates a visitor and their conversations with a specific Hour Block application (7 days, Hour Block).
• Cookie: hourblockChatChannelToken – Authenticates visitors and restricts access to their conversations (7 days, Hour Block).

Most browsers allow chat visitors to reject or clear cookies, but certain features may not function without them.

Changes

The technologies we use may change from time to time and this section is subject to change at any time. We encourage visitors and customers to review it periodically.

15. Google User Data Privacy Notice

Certain features of the Service (for example, Omnichannel Inbox, Collaboration, and Workflow Automation) require access to Google Workspace APIs such as Gmail and Calendar. Information obtained from these APIs ("Google User Data") is Customer Data that we process on behalf of our customers and is restricted by Google’s API Terms of Service and Google User Data Policy (the "Google Requirements").

We access, use, store, and share Google User Data only as necessary to provide and improve the relevant features, and never to develop, improve, or train generalized AI or ML models. We do not sell Google User Data. We share Google User Data only with:

• Service providers that help us deliver the Service;
• As required for security purposes (e.g., investigating abuse);
• To comply with applicable laws;
• As part of a merger, acquisition, or sale of assets, after obtaining explicit prior consent from the user.

We use technical, organizational, and physical safeguards designed to protect Google User Data and we retain and delete it in accordance with customer instructions and the Google Requirements.

16. Gmail API Integration and Data Access

Our email client integration feature requires access to Gmail APIs to provide seamless email management capabilities within our platform. This section specifically addresses how we handle Gmail data access and usage.

Gmail Data Access and Scope

We request access to Gmail data only to the minimum extent necessary to provide our email client functionality. The specific Gmail scopes we request are:

• https://www.googleapis.com/auth/gmail.readonly - Read access to Gmail messages and settings
• https://www.googleapis.com/auth/gmail.send - Send emails on behalf of the user
• https://www.googleapis.com/auth/gmail.modify - Modify Gmail labels and threads

How We Use Gmail Data

We use Gmail data exclusively for the following purposes:

• Display email messages in our unified inbox interface
• Send emails through our platform
• Organize and categorize emails using labels
• Provide email search and filtering capabilities
• Enable email collaboration and team workflows
• Generate email analytics and reporting for business purposes

Data Security and Protection

We implement industry-standard security measures to protect Gmail data:

• End-to-end encryption for data in transit and at rest
• Access controls and authentication requirements
• Regular security audits and penetration testing
• Employee training on data protection and privacy
• Incident response procedures for data breaches

Data Retention and Deletion

Gmail data is retained only as long as necessary to provide our services:

• Email content is cached temporarily for display purposes
• Metadata is stored for analytics and functionality
• Data is automatically deleted when users revoke access
• Backup data is retained for up to 30 days for disaster recovery
• Users can request immediate deletion of their data at any time

User Control and Consent

Users maintain full control over their Gmail data:

• Explicit consent is required before accessing Gmail data
• Users can revoke access at any time through their Google account settings
• Users can view and manage what data we have access to
• Users can export their data or request deletion
• Users can limit the scope of data access granted to our application

Third-Party Access and Sharing

We do not share Gmail data with third parties except:

• Service providers who assist in delivering our email functionality (under strict data protection agreements)
• Legal authorities when required by law or to protect our rights
• As part of a business transfer, with explicit user consent

We never sell, rent, or monetize Gmail data. All data access is strictly for providing the email client functionality requested by our users.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: