Privacy Policy Summarize.One
Summarize.One is a privacy-by-design chat extension developed in Germany. As your service provider, we constantly work hard to protect your information: We are financially independent with source of revenue from our subscribers – we do not sell, rent, loan or lease ANY of your personal information. This Privacy Policy helps you understand what information we collect, why we use it and how you can manage and delete your information.
For purposes of this Privacy Policy, the terms “we”, “us” and “our” refer to Tasler IT Inh. Thomas Tasler. The terms “Summarize.One”, “service” and “software” refers to our chat summarization and transcription software Summarize.One. “You” refers to you, as a user of the Application or visitor to the website, as applicable.
This Privacy Policy is effective as of the date last modified, as listed at the bottom of the privacy policy.
1. Responsible Contact
The responsible contact according to the Federal Data Protection Act is Tasler IT Inh. Thomas Tasler. If you have any questions concerning privacy policy matters, please contact: [email protected]. By contacting this email address, you can inquire into privacy issues and review, change, or delete your personal information stored by us.
2. Reasons for collection of information
We may use the information we collect from Summarize.One and our website to provide, maintain, protect and improve Summarize.One and to communicate with you about your use of the Application.
3. Personal data
Personal data is any individual information about the personal or material circumstances of a specified or identifiable natural person. Personal data primarily includes details such as a person’s name, postal address or e-mail address.
4. Processing and use of personal data
4.1 Registration information
In order to register a Summarize.One account we require and store your email address and password.
4.2 Order and payment information
In order to process orders we require all relevant personal information, such as your name, address, email address, company name, VAT ID and information concerning the payment method you have chosen. Payments are handled securely by our payment providers Paypal and Stripe. These partner companies have their own data protection policies. We encourage you to read these policies thoroughly before using the Service, and check that you agree with them. To enable payments to be processed and invoiced, the partner company stores references to payment details. The actual payment details (including credit card and bank details) do not pass through Summarize.One servers and systems.
4.3 Summarize.One information
In order to guarantee full functionality of all Summarize.One features and to deliver high level of customer service for you we may collect and store
- (a) your e-mail address. We process this type of personal data in order to sell and market our Services to you, to create an account for you and to provide you our Services. We process this type of Personal Data based on the consent you expressly grant to us at the time we collect such personal data. We do not sell, rent, loan, or lease your contact information or any other data to others, unless we are required by law or litigation to disclose your personal information.
- (b) certain technical information about your device, including device hardware model, operating system details, unique device identifiers. We process this type of Personal Data in order to provide you our Services. We process this type of Personal Data for our legitimate interests in providing the Services.
- (c) certain information about your Summarize.One usage, including date and time when you used a Summarize.One feature. We process this type of data in order to show you usage analytics in your dashboard and to provide you our Services. We process this type of Personal Data for our legitimate interests in providing the Services.
- (d) certain information about the recipient ID (RFC 2392), recipient name, message content and message ID (RFC 2392) when you use the Summarize.One feature for summarization & transcriptions. We process this type of data in order to faciliate summarizations & transcriptions and display the recipient name next to it when enabling private summarizations. We don't allow message content of your chats to be read in any case by humans. Furthermore message content is never stored or collected by us - only temporarily cached soley for data processing purposes and never beyond your custom settings in the web interface of Summarize.One to enable the provision of our service. We process this type of Personal Data for our legitimate interests in providing the Services.
- (e) authentication information of your chat application when connecting Summarize.One. We use industry-standard session cookies for user authentication which gives us access to your account without letting us know your password. We only collect and store this information as long as this feature is active. We process this type of Personal Data in order to provide you our Services. We process this type of Personal Data for our legitimate interests in providing the Services.
5. Summarize.One’s Summarization & Transcription Features
5.1 How does Summarize.One’s Summarization & Transcription Features Work?
Summarize.One enables you to summarize & transcribe, your own, your contacts, your groups chat-/and voice messages based on configured settings concerning minimum length and extend. As soon as a message is received in your chat application, Summarize.One sends the Summarization or Transcription directly below the relevant message or in your private group chat - depending on the configured settings.
5.2 What data is collected?
In order to guarantee full functionality of Summarize.One’s Summarization & Transcription features, we may collect and process certain information about the recipient ID (RFC 2392), recipient name, message content and message ID (RFC 2392). We process this type of data in order to faciliate summarizations & transcriptions and display the recipient name next to it when enabling private summarizations. We don't allow message content of your chats to be read in any case by humans. Furthermore message content is never stored or collected by us - only temporarily cached soley for data processing purposes and never beyond your custom settings in the web interface of Summarize.One to enable the provision of our service. We process this type of Personal Data for our legitimate interests in providing the Services. Summarization & transcriptions are performed by artifical intelligence. For that we we may send relevant content from to the service OpenAI. This includes the contact's name and the relevant content of the message.
Summarize.One uses OpenAI’s artificial intelligence technology to help transcripe and summarize emails. By using our service, you acknowledge and agree that your email content and subject line may be shared with OpenAI to provide the service. OpenAI’s use of your data is subject to their own privacy policy, which you can review at https://openai.com/privacy-policy/.
Summarize.One uses the customers access to Whats App Web for the sole provison of Summarize.One's services. This is limited to sending summaries & transcriptions as well as reading incoming messages & voice messages restricted to the scope set in the settings. Whats App's use of your data is subject to their own privacy policy, which you can review at https://urlis.net/wmeen0my
8. Cookies
We use cookies on our website. These are small text files stored on your computer. We use both permanent cookies and session cookies so that we can offer you the best service possible. The data saved in the cookies make the use of our services as comfortable as possible for you, not only for your current use of the respective service but also beyond it. If you don’t want to allow permanent cookies, you can select the option to deactivate permanent cookies in your browser. The data stored in session cookies are only valid for the current visit to our online offers and serve to provide you with an unrestricted use of our services and to make the use of our offers and services as comfortable as possible for your current visit. If you deactivate session cookies, we cannot guarantee that you will be able to use all of our services without limitations.
9. Cookies of third party providers and tracking
We use the services of other companies to optimize our websites and our services. You will receive an overview of the services we use in the following section.
9.1 Matomo Analytics
We have integrated Matomo Analytics on our websites. Matomo Analytics is a web analytics service which provides us with usage data (see section III, 3). Matomo is a Google Analytics alternative that protects your data and privacy. By using Matomo instead of Google Analytics, we have 100% data ownership and the power to protect user’s privacy. Matomo runs locally on our servers (in this case in Germany) and the data is not shared with Matomo or to any third party without our direct intervention. We have configured Matomo Analytics in the way that it provides the IP address of visitors in an abridged and therefore anonymized form, in our case the recommended two last bytes. Matomo Analytics also places a cookie on your device. A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but you can set your browsers to decline them and can delete them whenever you like.The cookie enables Matomo to analyze the use of our websites. According to their website and wikipedia, it’s recommended and used by various public administrations including CNIL, the European Commission and the Italian government. You can prevent the setting or the use of cookies through the following means. Whenever you visit our websites, you have to expressly give us consent to use cookies. Until you do, any analytics will not be functional. Your browser allows you to delete cookies already on your system and allows you to configure your browser so that it prevents the setting and use of cookies.Further information as well as the data protection provisions of Matomo: https://matomo.org/100-data-ownership/?footer https://matomo.org/gdpr-analytics/?footer https://matomo.org/privacy-policy/?footer
9.2 Fonts - Bunny Fonts
Bunny Fonts wird über den Datenverarbeiter Bunny net dem CDN Dienst bunny.net mit Sitz in der Slowakei (EU) zur verfügung gestellt! Bunny Fonts sind von BunnyWay doo – einem in der EU ansässigen Unternehmen – entwickelt und gehostet und sind vollständig DSGVO-konform. Es werden keine Protokolle oder Daten gesammelt und an Dritte weitergegeben. Weitere Informationen zu Bunny Fonts finden Sie unter: Adresse BunnyWay doo, Cesta komandanta Staneta 4A, 1215 Medvode, Slowenien https://bunny.net/
9.3 Meta & TikTok Pixel
We use the "Meta Pixel" from the social network Meta (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, "Facebook") and the "TikTok Pixel" from the social network TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) in enhanced data matching mode. Based on your explicit consent under Art. 6(1) sentence 1 lit. a GDPR, when you click on an advertisement we run on Meta or TikTok, the URL of our linked page is appended with a suffix. This URL parameter is then stored in your browser via a cookie set by our linked page. Additionally, this cookie collects (personal) data such as your email address that we gather on our website during actions like purchases, account sign-ups, or registrations (enhanced data matching). This cookie is then read by the Meta Pixel or TikTok Pixel, allowing the data to be forwarded to Meta or TikTok. The information is typically transmitted to a Meta or TikTok server and stored there. This may involve transmission to Meta Platforms Inc. servers in the USA. To ensure an adequate level of data protection, Meta Platforms Inc. is certified under the EU-US Data Privacy Framework and has implemented Standard Contractual Clauses. Additionally, we conduct individual risk assessments to ensure maximum data protection. This process allows us to identify visitors to our online offerings as a target audience for personalized advertising. We ensure that you only see advertisements relevant to your interests in our online offerings or specific characteristics (e.g., interests in specific topics or products) that we transmit to Meta or TikTok ("Custom Audiences"). Furthermore, we can analyze the effectiveness of our advertisements for statistical and market research purposes by determining whether users were redirected to our website after clicking on an advertisement ("Conversion"). You can revoke your consent at any time by disabling Meta Pixel tracking or TikTok Pixel tracking. These opt-out cookies work only in this browser and only for this domain. If you delete your cookies in this browser, you must click the links again to reset the opt-out. For more detailed information on data processing by Facebook and TikTok, visit the following links: - Facebook: https://www.facebook.com/about/privacy/ - TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=de & https://www.tiktok.com/legal/new-privacy-policy
10. Third party websites and services
Our website and service provides links to other websites and services, we do not review these sites and services, and therefore this Privacy Policy does not apply to third party websites and services. Please read their Privacy Policy before submitting any private information.
11. Data Processing (GDPR / DSGVO)
For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. GDPR also requires compliance from companies that process the personal data of these European individuals. Ensuring our users’ data privacy and security has always been top priority to Summarize.One’s product development and business. As your service provider to enhance your email experience, we make sure to evaluate all our practices to safeguard your information as effectively as possible. As a German company, Summarize.One will be fully GDPR compliant. If you have any questions about GDPR or our data practices generally, please contact our data protection officer Tobias Knobl ([email protected]).
11.1 Authorized employees
We ensure that all authorized employees who can access personal data are made aware of the confidential nature of personal data and have executed confidentiality agreements that prevent them from disclosing or otherwise processing, both during and after their engagement with Summarize.One, any personal data except in accordance with their obligations in connection with the Services. We don’t allow humans to read message, voice, contact and non-public account data and any other user data created in Summarize.One unless doing so is necessary for security purposes such as investigating abuse or to comply with applicable law.
11.2 Authorized subcontractors
Summarize.One may engage authorized Subcontractors to access and process personal data in connection with the Services and from time to time engage additional third parties for the purpose of providing the Services, including without limitation the processing of personal data. At least ten (10) days before enabling any third party other than authorized subcontractors to access or participate in the processing of personal data, Summarize.One will add such third party to the List.
- OpenAI
- AWS Webservices
11.3 Duration of Processing
We retain personal data about you for as long as you have an open account with us. In some cases we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.
11.4 Security of personal data
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk of Processing Personal Data.
11.5 Access personal data
You can request more information about the personal data we hold about you and request a copy of such personal data by contacting us via email [email protected]
11.6 Erase personal data
You can request that we erase some or all of your personal data from our systems.
11.7 Portability of personal data
You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another service.
11.8 Data processing agreement
If you are using Summarize.One as a customer and have agreed to our terms of service, you do not need to sign an additional Data Protection Agreement. If you are a partner or a customer who needs further documentation of compliance with Summarize.One acting as a Processor, Summarize.One offers Data Processing Agreements (DPAs) to users upon request. Please email us for more information [email protected]
Please note that our DPA has been tailored to the way Summarize.One provides its service.
12. Protecting your information
We take the security of your personal information very seriously and have implemented policies and procedures, including technical measures, that are designed to help safeguard it. While we strive to use best practices to protect your personal information, the Internet and computer technology are not 100% secure and we cannot absolutely ensure the security of any personal information that you provide to us. In line with this philosophy, we try to get as little information from you as possible.
13. Reasons for information disclosure
We do not sell, rent, loan, or lease your contact information to others, unless we have your specific permission to do so or we are required by law or litigation to disclose your personal information. We may also find it necessary to disclose information about you if we determine that it is an issue concerning national security, law enforcement, or other issues of public importance.
14. Vulnerability Disclosure
If you have discovered an issue which you believe is an in-scope security vulnerability, please email [email protected] including:
The website or service in which the vulnerability exists. A brief description of the class (e.g. “XSS vulnerability”) of the vulnerability. Please avoid including any details which would allow reproduction of the issue at this stage. In accordance with industry convention, we ask that reporters provide a benign (i.e. non-destructive) proof of exploitation wherever possible. This helps to ensure that the report can be triaged quickly and accurately whilst also reducing the likelihood of duplicate reports and/or malicious exploitation for some vulnerability classes (e.g. sub-domain takeovers). Please ensure that you do not send your proof of exploit in the initial, plaintext email if the vulnerability is still exploitable. If you are in any doubt or have any question, please email [email protected] for advice. In response to your initial email to [email protected] you will receive an acknowledgement reply email from the Summarize.One Security Team, this is usually within 24 hours of your report being received. The acknowledgment email will include a ticket reference number which you can quote in any further communications with our Security Team. Following the initial contact, our Security Team will work to triage the reported vulnerability and will respond to you as soon as possible to confirm if further information is required. From this point, necessary remediation work will be assigned to the appropriate Summarize.One teams and/or supplier(s). Priority for bug fixes and/or mitigations will be assigned based on the severity of impact and complexity of exploitation. Vulnerability reports may take some time to triage and/or remediate. Our Security Team will notify you when the reported vulnerability is resolved and will ask you to confirm that the solution covers the vulnerability adequately.
15. Changes to this data protection policy
Summarize.One reserves the right to adapt its security and data protection measures, provided this is necessary as a result of technical or legal developments. In these cases, we will also update our data protection information accordingly. Please make sure, therefore, that you always use the latest version of our data protection declaration.
16. Privacy questions and contact
If you do not want us to keep you up to date with our news, you are free to contact us at any time and have your e-mail address removed from our mailing list. We do not target any information towards children. If you have any comments or concerns about our Privacy Policy, please contact us ([email protected]).
We reserve the right to change this policy, which we’ll do through online posting.
Last updated: 26th May, 2023