Privacy Policy

This privacy policy sets forth the principles that we, Fookes Software Ltd, located at La Petite Fin 27, CH-1637 Charmey, Switzerland, follow concerning personal data we process about you if you visit our websites aid4mail.com, aid4mail.ch, fookes.com, fookes-software.ch, notetab.com, order our services or products, or provide us with personal data by other means. We may amend this policy consistent with the requirements of applicable law. Any changes will be posted immediately on our websites, and we will notify you of significant changes by email or by placing a prominent notice on our website.

Protecting your privacy is an essential concern to which we pay special attention in all our business processes. Accordingly, we process personal data collected during your website visit confidentially and solely in compliance with legal provisions.

Our websites are not intended for children under 16 years of age (or the applicable age of consent in your jurisdiction), and no one under this age may provide us with information. We kindly ask you to contact us at helpdesk@fookes.net if you believe that we might have any information from or about a child under this age. If we discover that we have collected personal information from a child under 16, we will delete that information immediately.

1. How We Handle Your Personal Data

1.1 How We Collect and Process Data About You

Before we collect personal data from you, we will inform you about the purposes for which it is collected and used, the legal basis of such data processing, the types of non-agent third parties to which we may disclose that information, the duration of data retention, and the choices and means we offer you for limiting the use and disclosure of your personal data.

Common purposes for data processing include:

• Fulfilling orders and providing our services
• Improving our products and websites
• Sending you important updates and notifications
• Responding to your inquiries and providing customer support

We process your personal data only in ways compatible with the purposes for which it was collected or subsequently authorized by you. We do not sell, trade, or transfer your personally identifiable information to outside parties. However, your data may be transferred to trusted third parties who assist us in operating our websites, conducting our business, or servicing you, subject to a strict data processing agreement.

1.2 What We Do for the Security of Your Data

We have implemented technical and organizational measures designed to secure your personal data from accidental loss and unauthorized access, use, alteration, and disclosure. All personal data you provide to us is stored on secure third-party servers or our own encrypted storage media. We will also take reasonable steps to ensure that personal data processed by us is relevant to its intended use, accurate, and complete.

Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our websites. Any transmission of personal information is at your own risk. Note that we use the secure HTTPS transmission method at all times.

1.3 How Long We Process Your Personal Data

We retain your personal data only as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law. Specifically:

• Correspondence, account, usage, and transaction data: 10 years from submission date, to comply with legal obligations and for business continuity purposes.
• Email communication data: If you do not interact with our email communications, you will automatically be removed from our database after two years.

You have the right to request deletion of your personal data at any time, subject to legal obligations that may require us to retain certain information.

2. Personal Data We Process About You

2.1 Usage Data Regarding Our Websites

We process personal data about your use of our websites, including:

• IP address (converted to country code)
• Browser type and version
• Operating system
• Referral source
• Length of visit
• Page views
• Website navigation paths

For visitors from regions outside the EU and Switzerland, we also use Google Analytics, Microsoft Clarity, and a Botsonic AI ChatBot. These tools help us analyze website usage and improve our services. Here’s a brief description of how each service interacts with user data:

• Google Analytics: Tracks anonymous visitor behavior for website optimization.
• Microsoft Clarity: Provides heatmaps and session recordings to understand user interactions.
• Botsonic AI ChatBot: Processes user queries to provide automated customer support.

These services are disabled for visitors from the EU and Switzerland to avoid the use of non-essential cookies and the need for explicit consent requests.

We use a session cookie to store your country code, which determines the displayed product pricing and currency, and whether certain services can be used. For visitors from the EU and Switzerland, this is the only cookie we use.

The legal basis for this processing is our legitimate interest in operating, providing, securing, monitoring, and improving our services, products, and websites.

2.2 Notifications and Correspondence Data

If you voluntarily subscribe to our email notifications and newsletters, we will use the personal data provided to send you the relevant communications. You may unsubscribe from this service at any time by clicking a link at the bottom of each notification and newsletter.

The legal basis for this processing is your consent or the performance of a contract between you and us.

2.3 Ordering and Sales Data

When you order our software, we receive your name, contact details, and transaction details from our trusted third-party provider, cleverbridge. We do not receive or store any credit card, bank account, or other specific payment details. All payment transactions are handled securely by cleverbridge.

The legal basis for this processing is the performance of a contract between you and us.

2.4 Other Information You Provide to Us

We may process personal data you voluntarily provide for various purposes, such as user account registration, customer support, or participation in surveys. The legal basis for this processing is your consent or the performance of a contract between you and us.

3. Aid4Mail Software and Data Processing

3.1 Overview of Aid4Mail

Aid4Mail is a specialized email tool designed for Windows, and runs directly on the client’s laptop, desktop PC, or server. It serves primarily IT professionals, forensic investigators, and eDiscovery specialists, and can also be used by businesses and other organizations for email migration and archiving.

3.2 Data Access and Control

Aid4Mail integrates with the Microsoft Graph API, Google API, and IMAP, utilizing OAuth2 authentication to collect email messages, metadata, and cloud attachments. The software ensures that all data remains entirely under the control of the account owner or investigator. Fookes Software Ltd, as the developer, only accesses user data if the owner explicitly shares it to resolve technical issues, typically as PST, mbox, or EML files.

Aid4Mail allows users to select specific mailboxes, folders, or date ranges for processing, giving them control over which data is accessed. This granular control ensures that only the necessary data is processed, respecting user privacy and data minimization principles.

Aid4Mail employs strong encryption to protect your account access credentials and user data during transfer via the HTTPS method. This ensures that your sensitive information remains secure throughout the entire process, from authentication to data retrieval and processing.

Encryption Standards: Aid4Mail uses AES-256 encryption for storing OAuth2 tokens and any sensitive data like passwords. Data in transit is protected using TLS 1.2 or higher protocols to ensure end-to-end encryption between Aid4Mail and Google/Microsoft servers.

Access Controls: Access to OAuth2 tokens and user data within Aid4Mail is restricted to the application processes and is not accessible by any other applications or users on the system.

Temporary Data: Aid4Mail may generate temporary files during the processing of your data. These files are stored locally on your system and are automatically deleted upon completion of the process or when the application is closed.

User-Initiated Deletion: You have full control to delete any files, logs, or data generated by Aid4Mail at any time. Instructions for locating and deleting these files are provided within the application or in our user documentation.

3.3 Aid4Mail Remote Authenticator

To facilitate secure access, Aid4Mail provides a tool called Aid4Mail Remote Authenticator. Investigators can send this tool to custodians to generate an encrypted OAuth2 token, enabling access to the custodian’s account for analysis in a lab environment.

3.4 Google API Access

Aid4Mail uses Google APIs to access Gmail and Google Drive data for specific purposes such as forensic preservation, email migration, and archiving. All Google API data is processed locally on your computer and remains under your control. This Privacy Policy page provides a summary of our data usage. For more detailed information about how we handle Google API data, including specific scopes, data usage, security measures, and user controls, please see our Google API Data Usage and Privacy Policy (PDF).

Aid4Mail accesses Google data only for essential functions through the following scopes:

(a) Non-sensitive Scopes

• Labels (To create new labels during email migration to a Gmail account):
  • https://www.googleapis.com/auth/gmail.labels

(b) Restricted Scopes

• Drive Scopes (To access cloud attachments, their metadata, and revisions):
  • https://www.googleapis.com/auth/drive.readonly
  • https://www.googleapis.com/auth/drive.metadata.readonly
• Gmail Scopes (To interact with email content via the Google API or IMAP):
  • https://mail.google.com/
  • https://www.googleapis.com/auth/gmail.insert
  • https://www.googleapis.com/auth/gmail.readonly

Google User Data Handling

• Access: Aid4Mail accesses your Gmail and Google Drive data for forensic preservation, email migration, and archiving purposes. Our software does not modify your Google user data; it only reads it. Or, in the case of a migration to your Gmail account, it only adds to it.
• Storage: During the forensic preservation, your acquired Google user data is stored on your computer system in the output folder that you designate and remains under your control. Or, in the case of a migration to your Gmail account, it is added to it.
• Use: Aid4Mail uses your Google user data solely for the purposes of forensic acquisition, email migration, and archiving as directed by you. We do not use your Google user data for any other purpose.
  No Advertising or Profiling: Aid4Mail does not use your Google user data for advertising purposes, profiling, or any purpose other than those explicitly stated.
• Sharing: Aid4Mail does not share your Google user data with Fookes Software Ltd or any third party.
  Third-Party Sharing: Aid4Mail does not share your Google user data with any third parties.

Google User Data Protection and Retention

• You retain control of your Google user data at all times. Fookes Software Ltd does not have access to your Google user data unless you explicitly share it in file format for technical support purposes.
• Fookes Software Ltd does not retain or store your Google user data. While using Aid4Mail, your Google user data remains under your control, and you can choose to delete it at any time by removing it from your own computer systems.

3.5 Microsoft Graph API Access

Aid4Mail uses Microsoft Graph APIs to access email accounts and OneDrive/SharePoint data for specific purposes such as forensic preservation, email migration, and archiving. All Graph API data is processed locally on your computer and remains under your control. This Privacy Policy page provides a summary of our data usage. For more detailed information about how we handle Graph API data, including specific scopes, data usage, security measures, and user controls, please see our Microsoft Graph API Data Usage and Privacy Policy (PDF)

Aid4Mail supports accessing Microsoft email accounts and cloud storage (OneDrive and SharePoint) using these scopes:

• email, openid, profile, offline_access
• https://graph.microsoft.com/Files.Read
• https://graph.microsoft.com/Files.Read.All
• https://graph.microsoft.com/Mail.Read
• https://graph.microsoft.com/Mail.Read.Shared
• https://graph.microsoft.com/Sites.Read.All

For IMAP access to Microsoft accounts, Aid4Mail uses:

• https://outlook.office.com/IMAP.AccessAsUser.All

Microsoft User Data Handling

• Access: Aid4Mail accesses your Microsoft email, OneDrive, and SharePoint data for forensic preservation, email migration, and archiving purposes. Our software does not modify your Microsoft user data; it only reads it. Or, in the case of a migration to your Microsoft account, it only adds to it.
• Storage: During the forensic preservation or migration process, your acquired Microsoft user data is stored on your computer system in the output folder that you designate and remains under your control. Or, in the case of a migration to your Microsoft account, it is added to it.
• Use: Aid4Mail uses your Microsoft user data solely for the purposes of forensic acquisition, email migration, and archiving as directed by you. We do not use your Microsoft user data for any other purpose.
  No Advertising or Profiling: Aid4Mail does not use your Microsoft user data for advertising purposes, profiling, or any purpose other than those explicitly stated.
• Sharing: Aid4Mail does not share your Microsoft user data with Fookes Software Ltd or any third party.
  Third-Party Sharing: Aid4Mail does not share your Microsoft user data with any third parties.

Microsoft User Data Protection and Retention

• You retain control of your Microsoft user data at all times. Fookes Software Ltd does not have access to your Microsoft user data unless you explicitly share it for technical support purposes.
• Fookes Software Ltd does not retain or store your Microsoft user data. While using Aid4Mail, your Microsoft user data remains under your control, and you can choose to delete it at any time by removing it from your own computer systems.

3.6 OAuth2 Token Handling and Security

• Storage: Aid4Mail stores OAuth2 tokens securely on your local machine. The tokens are encrypted using AES-256 encryption to prevent unauthorized access.
• Use: The tokens are used solely to authenticate with Google and Microsoft APIs to access user data as explicitly authorized by you. They are not used for any other purposes.
• Deletion and Revocation:
  • Deletion: Tokens are stored only as long as necessary for the operation of the software. You can delete the tokens at any time by removing them from your system. Instructions for deleting tokens are provided within the application or in our user documentation.
  • Revocation: You can revoke Aid4Mail’s access to your Google or Microsoft accounts at any time through your account settings:
    • For Google Accounts: Visit Google’s security settings to manage app permissions.
    • For Microsoft Accounts: Visit Microsoft’s app permissions to manage connected applications.
• Security Measures: Aid4Mail employs robust security practices, including encryption at rest and in transit, to protect OAuth2 tokens from unauthorized access or disclosure.

3.7 Compliance with Microsoft and Google’s API Services User Data Policy

Fookes Software Ltd is committed to complying with Microsoft and Google’s API Services User Data Policy, ensuring the responsible and ethical handling of user data. This commitment includes:

(a) Transparency: We clearly communicate how Aid4Mail accesses and uses Microsoft and Google user data.

(b) Limited Use: We only access and use Microsoft and Google user data for the specific purposes outlined in this Privacy Policy and authorized by the user.

(c) Data Security: We implement robust security measures to protect Microsoft and Google user data from unauthorized access, use, or disclosure.

(d) User Control: We provide users with control over their data, including the ability to select specific data for processing and to delete their data.

(e) Prohibited Practices: We do not sell Microsoft or Google user data, use it for advertising purposes, or engage in any practices prohibited by Microsoft and Google’s API Services User Data Policy.

Our adherence to these principles ensures that your Microsoft and Google user data is handled with the utmost care and respect for your privacy rights.

4. International Data Transfers

Our primary websites (aid4mail.com, fookes.com, notetab.com) are hosted in the United States. When you visit these websites, standard web server logs are created, which may include your IP address, browser type, and other basic access information.

Our .ch domains (e.g., fookes-software.ch) are hosted in Switzerland and are primarily used for storing sales data from our payment processor (based in Germany) and license information for our Aid4Mail software.

By using our services and websites, you acknowledge that some of your data may be transferred to and stored in countries outside your own, including the United States and Switzerland. We ensure that any such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your personal data.

If you have any questions or concerns about international data transfers, please contact us at helpdesk@fookes.net.

5. Your Rights with Regards to Your Personal Data

Depending on your jurisdiction, you may have the following rights:

• Right to access your personal data
• Right to correct inaccurate or incomplete data
• Right to delete your personal data
• Right to restrict processing of your personal data
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent (where processing is based on consent)
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at helpdesk@fookes.net. We will respond to your request within 30 days.

6. Third-Party Service Providers

We use trusted third-party service providers to assist us in operating our websites, conducting our business, and servicing you. These providers have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. Our current list of third-party service providers includes:

• Liquid Web: Our web hosting company for fookes.com, aid4mail.com, and notetab.com. Standard web server logs, which may include visitor IP addresses and other access information, are stored on their servers as part of normal website operations. Privacy Policy
• Infomaniak: Our Swiss-based web hosting company for www.fookes-software.ch and www.aid4mail.ch, where we store client purchase data received from cleverbridge, and Aid4Mail license information. Privacy Policy
• cleverbridge: Provides e-commerce solutions for our customers, resellers, and affiliates to purchase and resell our products. Privacy Policy
• SoftWORKZ: Used as part of our licensing platform for Aid4Mail 4 and earlier versions. Privacy Policy
• Freshdesk: Our customer support solution provider, managing our support portal and forms via help.fookes.com. Privacy Policy
• Google Workspace: Used for internal administration and email communication (fookes.net domain). Privacy Policy
• Google Analytics: Web analytics service for tracking website traffic and user behavior. Disabled for visitors from the EU and Switzerland. Privacy Policy
• Microsoft 365: Used for internal administration and communication, including our public Skype phone number. Privacy Policy
• Microsoft Clarity: Analytics tool for understanding user behavior through heatmaps and session recordings. Disabled for visitors from the EU and Switzerland. Privacy Policy
• Botsonic AI ChatBot: AI chatbot used as part of our helpdesk service to answer questions about our Aid4Mail software. Disabled for visitors from the EU and Switzerland. Privacy Policy

Please note that services like Google Analytics, Microsoft Clarity, and Botsonic AI ChatBot use cookies for their operations and are disabled for visitors from the EU and Switzerland.

7. Contact Information and Dispute Resolution

For any questions or concerns regarding this Privacy Policy or our data practices, please contact our designated privacy contact:

Fookes Software Ltd
La Petite Fin 27
CH-1637 Charmey
Switzerland
Email: helpdesk@fookes.net

We will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of personal information in accordance with the principles contained in this Policy within 30 days of receiving your complaint.

For unresolved complaints, you may file a complaint with your country’s supervisory data protection authorities. For EU residents, you can find your data protection authority here: https://edpb.europa.eu/about-edpb/board/members_en

8. Small Business Considerations

As a small business, we strive to comply with all relevant data protection regulations. However, please note that due to our limited resources:

• We do not have a dedicated Data Protection Officer (DPO).
• Some aspects of our data processing may be limited compared to larger organizations.
• We may rely more heavily on third-party services for certain operations.

Despite these limitations, we are committed to protecting your privacy and handling your data responsibly.

9. Updates to the Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

• Posting a notice on our website
• Sending an email to the address associated with your account

We consider significant changes to include:

• Changes to data-sharing practices
• New types of data collection
• Changes to data retention periods
• Changes to your rights or how to exercise them

 

This policy was last modified on October 17, 2024