Email API
Calendar API
Scheduler
Contacts API
ExtractAI
Notetaker API
Google email & calendar integration
Outlook email & calendar integration
IMAP integration
Calendar management
Embedded contextual email
Scheduling automation
Automated outreach
Intelligent data extraction
Expense management
Customer relationship management
Applicant tracking system
Communications platform
Marketplaces
Document management
Docs
SDKs
Tutorials
API status
Changelog
Support
Blog
Events
Guides
Inspiration gallery
Partners
Build vs. buy
Customer stories
Security & Compliance
Why Nylas
NewsroomPrivacy Policy
Last Updated: May 3, 2024
This Privacy Policy is meant to help you understand how Nylas, Inc. (“Nylas”, “we”, “us”, or “our”) collects, uses, and shares Customer Data to operate, improve, develop, and protect Nylas’ Services. This Privacy Policy applies to Customer Data processed as a result of access to or use by our customers or developers, (“You”, or “your”) of the Nylas API, websites that link to this Privacy Policy (“Website”), dashboard (“Dashboard”), our API platform (“Platform”), related tools, and other products or services (collectively, the “Services”) provided by Nylas. All capitalized terms not defined in this Privacy Policy will have the meanings set forth in the Nylas Terms of Service.
Introduction
At Nylas, we value customer trust above all else. We strive to help our customers, our customers’ end-users, and our Website visitors maintain control of their personal information. Personal information, as used in this Privacy Policy, means information that identifies, relates to, or could reasonably be linked with you or your household. This Privacy Policy explains our information practices, the kinds of personal information we may collect, how we use and share that personal information, and how you can exercise the choices you may have.
Personal information does not include:
- Publicly available information from federal, state, or local government records.
- Deidentified or Aggregate Information. “Deidentified Information” means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual, and for which Nylas has implemented technical safeguards and business processes that prohibit reidentification of the individual. “Aggregate Information” means information that relates to a group or category of individuals, from which individual identities have been removed, that is not linked or reasonably linkable to any individual or household, including via a device.
Nylas processes three broad categories of personal information from its Customers, you, and/or your end users (known collectively as “Customer Data”):
- As a developer (or potential developer), you will need to provide us information to create an account and use the Services – we refer to this as “Customer Account Data.”
- As a developer, you may provide us with personal information of your end-users who use or interact with your Application (defined below) that you have built on Nylas’ Platform (“Customer End-User Data.”)
- “Restricted Customer End-User Data” is any Customer End-User Data that is synced through the following providers and syncing mechanisms, such as end-user emails, calendar events, and contacts:
- Gmail (non-G Suite) Microsoft, and other end-user accounts that have approved access to their email data through applicable APIs.
- Human resources data that may be collected in the context of an end-user’s employment relationship (“HR Data”), including email, title, employment contact information, and related metadata.
Nylas distinguishes between these categories of Customer Data because the direct relationship we have with you is different than the indirect relationship we have with your end-users.
How Nylas Processes Customer Account Data
We collect and process your Customer Account Data:
- When you visit a Nylas public-facing Website like nylas.com, sign up for a Nylas event, or make a request to receive information about Nylas or our products, like a Nylas white paper or a newsletter;
- When you request support from us, we process any personal information you provide;
- When you contact Nylas’ Sales Team or Customer Support Team; and
- When you sign up for a Nylas account and use our products and Services.
Except as stated in this Privacy Policy, neither Nylas nor our subprocessors view Restricted Customer End-User Data, such as the contents of the email, calendar invites, contacts, or other personal information processed through our Service APIs, which is encrypted in transit and at rest.
Broadly speaking, we use Customer Account Data to:
- Perform our contract with you;
- Pursue our legitimate interests to:
- understand who our customers and potential customers are and their interests in Nylas’ products and Services,
- manage our relationship with you and other customers,
- provide you with marketing materials,
- perform research (including marketing research),
- carry out core business operations such as accounting and filing taxes, and
- help detect, prevent, or investigate security incidents, fraud, and other abuse and/or misuse of our products and services;
- Comply with any legal obligations we may have; and
- Carry out other uses to which you have consented.
What Customer Account Data Nylas Processes When You Visit Our Website, Sign Up for a Nylas Event, or Make a Request for Information About Nylas and Why
When you visit our Website, sign up for a Nylas event, or request more information about Nylas, we will collect personal information that you submit to us (e.g., through a web form) and we will also collect information automatically using tracking technologies like cookies. We collect this information to fulfill your request, to learn more about who is interested in our products and services, to advertise to you, and to improve our Services.
Information You Share Directly: In some places on the Website, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a marketing or a newsletter, register for a Nylas event, request a demo, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may deliver marketing and communications to you across various platforms such as e-mail, text messaging, and direct mail. We also ask you for additional information to help us understand you better as a customer like your Nylas use case, your company’s name, or your role at your company. If you provide your email address through a form on our Website and give your consent, you will receive marketing emails from us about the services you requested and related Nylas products or services. In certain portions of the Service, you may choose which information Nylas can see. If you sign up to receive marketing communications from Nylas, like our newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from Nylas. You may also contact our Customer Support Team to communicate your choice to opt-out.
Information We Collect Automatically: When you visit a Website, including our web forms, we and service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our Websites are using them, which pages and features of the Websites are most popular, and to tailor and deliver advertisements. This helps us understand how we can improve our Websites and track performance of our advertisements. Read more in “Cookies and Other Technologies” below.
We use Google Analytics to collect information regarding visitor behavior and visitor demographics on our Website and Services. For more information about Google Analytics, please
visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by visiting https://tools.google.com/dlpage/gaoptout.
When you sign up for an account with Nylas (an “Account”), we automatically assign each of your applications on our Platform (each an “Application”) unique IDs and automatically generate API keys for each of your Applications. These are used like a username and password to authenticate end-user accounts onto the Platform. You can use these API keys to retrieve an access token for each end-user account. We keep a record of these access tokens to authenticate your Application’s requests to our API.
Note that we also collect the IP address of your devices or servers when you make requests to our Platform. When you use our Platform, we also collect and process the information contained in those interactions. For more information about how personal information is processed in that context, see our API Docs.
All information we collect when you sign up for a Nylas Account and interact with the Nylas Dashboard or our products and Services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our Platform and Services.
Information Collected When You Communicate with Us: If you contact our Sales or Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and Services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Support Teams. We will try to take appropriate measures to protect any sensitive information you share with us, but it is best to avoid sharing any personal or other sensitive information in these communications unless it is necessary for these teams to assist you.
Account Information:
When you sign up for an Account, we ask for certain personal information like your contact details and billing information so we can communicate with you, market to you using your email address as described above, and so you can pay for our products and Services. We also collect some information automatically, like your IP address, when you log into your account or when Your Application makes requests to our Platform. We use this to understand who is using our Services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
You can also name your Account (or accounts if you have more than one). We collect this information so we know who you are, can communicate with you about your account(s), and can recognize you when you communicate with us through the account portal or otherwise.
If you upgrade your trial account, we will ask you to provide our payment processor with your payment method information like a credit card and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and Services. Our payment processor will share your billing address with Nylas. Your billing address may also be used by Nylas for tax calculation and audit purposes.
Google API Services User Data Policy
Nylas’ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Nylas does not use Google Workspace APIs to develop, improve, or train generalized AI and/or ML models.
Other Customer Account Data We Collect and Why
We may collect personal information about you from publicly available sources so we can understand our customer base better. We may also obtain information about you or your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL. Specifically, third parties provide us with contact information and purchasing potential of customer leads, information on the creditworthiness of customers, and background information on job applicants. We also obtain information about you from data brokers to help us confirm your identity for marketing purposes.
How Long We Retain Your Customer Account Data
In general, Nylas will retain your Customer Account Data generally as long as needed to provide you with our Services, to operate our business, and comply with applicable laws. If you ask Nylas to delete specific Customer Account Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
Subject to the earlier exercise of your rights in your personal information, we will retain your Customer Account Data and Restricted Customer End-User Data for as long as you have an account with us, plus two months. We do not store your payment information. We keep your email if you do not revoke your consent to direct marketing. We will retain the rest of your personal information as long as we deem reasonably necessary to provide the Services, secure our systems, and protect ourselves from liability. We store log file information, which may contain personal information, for one year. We are developing ways to retain your data for shorter periods and will update this Privacy Policy accordingly.
How long we retain certain Customer End-User Data and options around Customer End-User Data will depend on which Nylas products and Services you are using, how you are using them, and the duration for which you use our Services. For that reason, our API docs for each of our products and Services are the best place to find more detailed information about managing your Customer End-User Data.
Please note that if you request that we delete your Customer End-User Data, it may take up to 30 calendar days from our response to you for Customer End-User Data to be completely removed from our systems. In some cases, a copy of those records, including the personal information contained in them, may be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Legal matters may also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we must do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain Customer End-User Data that has been de-identified or aggregated such that your end-user cannot be identified.
Your Choices
Nylas provides you with various choices regarding your Customer Account Data. If you log into your Account, you can use the Account portal to access, correct, delete Customer Account Data, opt out of sale and sharing, and/or update your preferences. Please contact Customer Support for any other requests about your Customer Account Data you cannot make through these self-service tools.
Closing Your Account and Deletion: To request closure or deletion of your Account, you can contact Customer Support. Within 30 days following your request, Nylas will either delete your Customer Account Data or de-identify it such that it can no longer be used to identify you. You should know that closure and/or deletion of your Account will result in you permanently losing access to your Account and Customer Data in the Account. Please note that certain information associated with your Account may nonetheless remain on Nylas’ servers in a de-identified or aggregated form that does not identify you or your end-users. Similarly, we are required to maintain Customer Account Data for legal purposes or for necessary business operations (see “How Long We Retain Your Customer Account Data” section above).
Promotional Communications: You can choose not to receive promotional emails from Nylas by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting Customer Support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages related to things like updates to our Terms of Use or Privacy Policy, security alerts, and other notices relating to your access to or use of our products and Services.
Cookies and Other Technologies:
We use strictly necessary cookies on the Website and Services. These cookies are strictly necessary to provide you with the Website and the Services available through our Website and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Website, you cannot refuse them without impacting how our Website functions. You may be able to block or delete essential cookies by changing your browser settings.
We also use performance and non-essential cookies to help us analyze how the Services are being accessed and used, enable us to track performance, and secure the Website. For example, we use cookies to get insights regarding users and Website performance, such as page speed or to help us customize our Website and services for you to enhance your experience.
In addition, we may use targeted advertising cookies to make advertising messages more relevant to you and your interests. We sometimes use cookies delivered by third parties to track the performance of our advertisements. For example, some cookies remember which browsers have visited our Website. This process helps us manage and track the effectiveness of our marketing efforts.
Finally, we use third party cookies from online data partners or vendors to associate your activity on our Website with other personal information that those third parties have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
For more information, see the Nylas Cookie Policy.
How do I manage cookies?
If you would like to remove or disable cookies via your browser, please see our Cookie Policy or click “Manage Preferences” in our cookie banner. PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE SITE. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.
Please note you must separately opt out in each browser and on each device.
Other Choices About Your Customer Account Data: In addition, you can exercise other choices about your Customer Account Data (e.g., accessing it, correcting or amending it, deleting it, restricting or objecting to its use, transporting it, opting out of sale or sharing, or withdrawing consent) by contacting us here. We will process such requests in accordance with applicable laws. To protect your privacy, Nylas will take steps to verify your identity before fulfilling your request.
Depending on where you live, you may have the right to opt out of targeted advertising through a Global Privacy Control (GPC) enabled browser setting. If you have this right, when you visit and log in to our websites in a GPC-enabled browser, we will treat our initial receipt of the GPC signal as a valid request to opt-out of targeted advertising, as defined by applicable U.S. privacy laws granting this right, for the device and, if linked to an individual, that individual. Other than GPC, we do not recognize any “do not track” signals.
If you are an end-user of an application built on Nylas’ Platform and not a direct customer of Nylas, you must direct any requests relating to your personal information to the relevant application provider in accordance with the application provider’s own privacy policy.
How Nylas Processes Customer End-User Data
As a customer, Customer End-User Data typically shows up on Nylas’ Platform in a few different ways:
- While using Your Application, end-users approve access to their data during an authentication process, and Nylas begins to sync that data into the Platform on your (our customer’s) behalf.
- Your end-users’ personal information may also be contained in the content of communications you (or your end-users) send or receive using Nylas products and Services.
- If you use the Nylas Scheduler, Customer End-User Data will be in calendar invites that your end users submit.
What Customer End-User Data Nylas Processes and Why
In addition to the uses set forth above in “Restricted Customer End-User Data”, we use Customer End-User Data to provide Services to you and your end-users and to carry out necessary functions of our business as a communications service provider.
The Customer End-User Data that Nylas processes when you, our customer, use our products and Services and the reason Nylas processes it depends on which Nylas products and Services you use and how you use those products and Services. For that reason, the API docs for each of our products and Services are the best place to find information about our processing of Customer End-User Data.
Records containing Customer End-User Data may also be used in debugging or troubleshooting or in connection with investigations of security incidents, bugs, as well as for the purposes of detecting and preventing spam or fraudulent activity and detecting and preventing network exploits and abuse.
When and Why We Share Customer Data
Below are the different scenarios under which we generally share Customer Data with third parties.
- Third-party service providers, Subprocessors, and Consultants: Nylas engages certain third-party service providers, subprocessors, and consultants to carry out certain data processing functions to provide the Services. These third parties are limited to only accessing or using Customer Data to provide services to us and must provide contractual assurances they will appropriately safeguard Customer Data. An up-to-date list of our subprocessors is located below. Certain subprocessors can see Customer End-User Data to provide the AI Products; those are noted in the subprocessor list.
- Compliance with Legal Obligations: We may disclose Customer Data to a third party (i) if we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing a death or serious bodily injury. If Nylas is required by law to disclose any personal information of you or your end-user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we may object to requests we do not believe to be valid.
- Affiliates: We may share Customer Data with an affiliate company, like a subsidiary. We and our subsidiaries will only use the personal information as described in this Privacy Policy.
- Business Transfers: If we go through a corporate sale, merger, reorganization, dissolution or similar event, Customer Data may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Nylas may continue to process Customer Data consistent with this Privacy Policy.
Aggregated or Deidentified Information: Except as necessary to provide the Services, Nylas does not share any Deidentified Information with third parties. However, Nylas may share or sell Aggregate Information with or to third parties for any legally permissible purpose, including research, internal analysis, analytics.
Subprocessors
Nylas uses subprocessors to assist in providing the Services. A full listing of subprocessors is located here.
Nylas customers may subscribe to updates at https://status.nylas.com/.
EEA Users
If you are a data subject of the European Economic Area (“EEA”), Switzerland, or the UK, you are the “controller” or “processor” of your personal information or your customer’s Customer End-User Data, and Nylas is the “processor” or “subprocessor” respectively. Nylas will only process Customer End-User Data at the instruction of our customers (i.e., the “controller”). We operate in and use service providers located in the United States. The U.S. does not provide the same legal protections guaranteed to personal data (as defined in the GDPR) in the EEA. When you create an account on a Service, you consent to your data being transferred, stored, and processed in the U.S; provided that EEA customers may select from UK or U.S. data centers for the storage of their Customer End-User Data.
The legal bases for our processing of your personal data are in the table below. If you have questions about our processing of your personal data, contact us here or at the address below.
| Processing purpose | Legal Basis |
|---|---|
| Use: Analytics, Marketing Communications, Targeted Advertising, Support, Cookies and Other Technologies Disclosure: Service Providers, Affiliates, Marketers, Corporate Transactions | These processing activities are within our legitimate interests, including without limitation: Direct marketingPersonalization and customization of the Services for individual usersDetermining the effectiveness of marketing campaignsLocalizing our ServicesCreating, supporting, providing, and supporting innovative Services; Securing our Services and network, investigating suspicious activity or violations of our Terms of Use or policies; and protecting the safety of personal data, including preventing exploitation or other harms to which users may be particularly vulnerable. We balance our interests with any potential impact on you when we process your personal data for our legitimate interests. You may object to this processing as permitted by applicable law.Additionally, for HR Data, we process such data strictly in accordance with the Principles and applicable legal obligations. |
| Disclosure: Legal Disclosures | Processing is necessary to comply with our legal obligations, for example, tax laws, governmental order, fraud reporting, employment law obligations, including processing of HR Data, etc. |
| Use: Consent Cookies and Similar Technologies | Where we rely on your consent, you have the right to withdraw it anytime in the manner indicated in the Services or by contacting us at support@nylas.com. We will not sell personal information of EEA Users without valid consent under the GDPR. |
As an EEA User, you have the following additional rights in your personal data in addition to the rights in your personal information described in the “Your Choices” section above:
Access:
You may receive a list of your personal data that we process to the extent required and permitted by law.
Rectification:
You may correct any personal data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly to the Service via your Account settings menu.
Regulator Contact:
If you are located in the EEA, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
You can reach Nylas’ EEA legal representative at:
Tim Haufe
RIVACY GmbH / Mexikoring 33 / 22297 Hamburg
Amtsgericht Hamburg/HRB 151916/Steuernummer 49/754/01672
Geschäftsführer: Tim Haufe // Tel.: +49 175 820 36 42
Transfers from the EEA, Switzerland, or UK
Nylas complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), Swiss-U.S. Data Privacy Principles, and the UK Extension to the EU-U.S. DPF. Nylas has self-certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) and Swiss-U.S. Data Privacy Principles (“Swiss-U.S. Principles“) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF Principles (together with the Swiss-U.S. Principles and the EU-U.S. DPF, the “Principles”). If there is any conflict between the terms in this privacy policy and the Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Nylas is responsible for the processing of personal data it receives or subsequently transfers to a third party acting as an agent on its behalf. Nylas has agreed to the onward transfer liability provisions in the Principles with respect to onward transfers to third parties.
With respect to personal data received or transferred pursuant to the Principles, Nylas is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and any other authorized U.S. statutory body. In certain situations, Nylas may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Principles, Nylas commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States pursuant to the Principles. EEA, Swiss, and United Kingdom individuals with DPF inquiries or complaints should first contact the Regulator Contact above.
Nylas has further committed to refer unresolved privacy complaints under the Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by the International Centre for Dispute Resolution, American Arbitration Association, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://go.adr.org/dpf_irm.html for more information and/or to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above independent recourse mechanism, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
Nylas further agrees to comply with the Principles’ requirements concerning the transfer of applicable HR Data in the context of the employment relationship. Accordingly, Nylas commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs); the UK Information Commissioner’s Office (ICO); the Gibraltar Regulatory Authority (GRA); the Swiss Federal Data Protection and Information Commissioner (FDPIC); and applicable local labor authorities of the jurisdictions of the EU, UK, Gibraltar, and Switzerland, and any of their authorized representatives, with regard to unresolved complaints concerning our handling of HR Data, and to adhere to the advice provided by these authorities concerning such data transfers.
You have the right to access, limit the use, and limit the disclosure of your personal data as set forth in the “Your Choices”, “Access” and “Rectification” sections above. If you have additional questions about our Data Privacy Framework certification, contact us at support@nylas.com.
Security of Customer Data
We take steps to ensure that Customer Data is treated securely and in accordance with this Privacy Policy. Unfortunately, the internet is not 100% secure and we cannot ensure or warrant the security of any information you provide to us. For more information on our security program, see here.
Third Party Websites/Applications
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Website or Services. These other domains and websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for the privacy practices or content of, such other websites or applications. Visiting these other websites or applications is at your own risk.
California Privacy Notice
This Supplemental California Privacy Notice only applies to our processing of Customer Account Data that is subject to the California Privacy Rights Act of 2020, as amended from time to time, and the regulations promulgated thereunder (collectively the “CPRA”). The CPRA provides California residents with the right to know what categories of personal information Nylas has collected about them and whether Nylas disclosed that personal information for a business purpose (e.g., to a service provider), or sold or shared that information, in the preceding twelve months. California residents can find this information below:
| Category of Personal Information | Business Purpose for Collection | Categories of Third Parties Personal Information is Disclosed to for a Business Purpose | Sold or Shared? |
| Individual Identifiers, such as name, email address, online identifier and phone number | To communicate with you and identify you in our Platform | ● Customer Support, Marketing, Product, and Sales service providers ● Advertising partners● AI Product service providers | No |
| Personal information categories listed in Cal. Civ. Code § 1798.80(e), such as payment information | To process payments to and from you | ● Payment and HR service providers | No |
| Commercial information, such as services viewed or purchased | To provide the appropriate service to you | ● Customer Support, Marketing, and Sales service providersAI Product service providers | Yes, to Advertising partners and Marketing service providers |
| Internet or other electronic network activity, as described in “Information We Collect Automatically” above | As described in “Information We Collect Automatically” above | ● Customer support, Engineering, IT, and Marketing service providers ● Advertising partners | Yes, to Advertising partners, Marketing service providers, and data brokers |
| Professional or employment-related information, such as your resume or employment history | To evaluate your application for employment and administer the same | ● Recruiting and HR service providersAI Product service providers | No |
| Inferences, such as whether you intend to put a certain event on your calendar | To inform our AI Products’ decision-making | ● Customer support, Engineering, and IT service providers ● AI Product service providers | No |
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above in the section entitled “What Customer Account Data Nylas Processes When You Visit Our Website, Sign Up for a Nylas Event, or Make a Request for Information About Nylas and Why”.
Additional Privacy Rights for California Residents
In addition to your rights in your personal information outlined above, California residents have additional rights:
How Personal Information is Disclosed, “Sold,” or Used for “Sharing”/“Targeted Advertising” “Internet or other electronic network activity” and “Commercial Information” as described in the “Category of Personal Information” section above was sold and shared for targeted advertising purposes in the 12 months preceding the “Last Updated” date of this Privacy Policy, for marketing, data enrichment, and internal improvement purposes
Subject to any opt-in required by applicable law, we sell, share (or have in the 12 months preceding the “Last Updated” date of this Privacy Policy) your personal information with third parties like in exchange for monetary or other valuable consideration, or process it for “targeted advertising” in the manner described in the section titled, “Cookies and Other Technologies,” each as further detailed in the table above. We do not knowingly “sell” or use for “sharing”/“targeted advertising” the personal information of consumers under 18 years of age. To exercise your right to opt out of “sales” or “sharing”/“targeted advertising,” see “Verification” below.
Non-Discrimination: California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CPRA.
Right to Limit: Under California law, you may request that we limit the processing of sensitive personal information if we are using or disclosing it for purposes other than those specified in Section 7027(m) of the CPRA Regulations. Currently, we are not using or disclosing any sensitive personal data for purposes other than those specified in Section 7027(m) of the CPRA Regulations.
Not be subject to automated decision making: You have the right to not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect. Nylas does not carry out this type of automated decision making in the Services.
Limit Processing of Sensitive Personal Information: We do not regularly collect or process sensitive personal information, as defined by the CPRA. However, if you provide or make it available to us for an explicit purpose and then wish to limit its use or disclosure, you may do so by contacting us as set forth below.
Correct Inaccurate Personal Information: If you believe we hold inaccurate personal information about you that you cannot correct through your account, you may contact us as set forth below.
Authorized Agent: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To designate an authorized agent, please contact us as set forth below.
Verification: When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include confirming the email address associated with any personal information we have about you.
If you are a California resident and would like to exercise any of your rights under the CPRA, please contact us here. We will process such requests in accordance with applicable laws.
Changes to Our Privacy Policy
We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.
Contact Us
If you have any questions about our privacy practices or this Privacy Policy, please contact us at:
Nylas, Inc.
2100 Geng Rd. #2100
Palo Alto, CA 94303