Privacy Policy

1. Introduction

Welcome to Lastline's Privacy Policy. This policy describes how Lastline ("we," "us," or "our") collects, uses, and shares your personal information when you use our email signature management platform and related services (the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy applies to all information collected through our Service and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data Controller: Lastline as the data controller for the personal information we collect directly from you. For customer data processed through the Service, we act as a data processor on behalf of our customers (the data controllers).

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (account creation, service delivery)
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications, integrations)
• Legitimate Interests: Processing is necessary for our legitimate interests (service improvement, fraud prevention, analytics) unless overridden by your rights
• Legal Obligations: Processing is required to comply with legal requirements

3. Information We Collect

We collect several types of information to provide and improve our Service:

3.1 Information You Provide

• Account Information: Name, email address, password, and organization details
• Profile Information: Position, phone number, social media links, and profile photos
• Employee Data: Information about team members you add to your organization
• Signature Content: Text, images, and links you include in email signatures
• Payment Information: Billing details and payment method (processed securely by our payment processors)
• Communications: Messages you send to our support team

3.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the Service, click data
• Device Information: IP address, browser type and version, operating system, device identifiers
• Cookies and Similar Technologies: See Section 9 below
• Analytics Data: Signature deployment metrics, click-through rates, performance data

3.3 Information from Third-Party Integrations

When you connect third-party services, we may receive:

• Google Workspace: Email address, profile information, and directory data (with your explicit consent)
• Microsoft 365: Similar information when you connect your Microsoft account

4. Google API Services Disclosure

Lastline's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

When you authorize Lastline to access your Google Workspace account, we request access to:

• View and manage your Gmail settings (to deploy email signatures)
• View basic profile information (name, email, photo)
• Access directory information (for organization-wide deployments)

How We Use Google Data:

• We only use Google data to provide the signature deployment service you requested
• We do not share Google user data with third parties
• We do not use Google data for advertising or marketing purposes
• You can revoke access at any time through your Google Account settings

For more information about Google's privacy practices, please review Google's Privacy Policy.

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Deploy and update email signatures across your organization
• Process payments and send billing information
• Respond to your requests, questions, and provide customer support
• Send you technical notices, updates, and security alerts
• Send marketing communications (with your consent, where required)
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations and enforce our Terms of Service
• Conduct research and development to improve our products

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers (Subprocessors): Third-party vendors who perform services on our behalf (see Section 6.1 below)
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets
• Legal Requirements: When required by law, subpoena, or to protect our rights, property, or safety
• With Your Consent: When you explicitly authorize us to share your information
• Within Your Organization: Employee data may be visible to organization administrators and designated users
• Aggregated/Anonymized Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you

6.1 Subprocessors List

We use the following third-party service providers to process your data:

• Google Cloud Platform: Cloud hosting and infrastructure (United States)
• Stripe: Payment processing (United States)
• SendGrid: Transactional email delivery (United States)
• Google Analytics: Website analytics (United States)

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls, role-based permissions, and multi-factor authentication
• Secure data centers with physical access controls
• Regular security training for employees
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information using industry-standard practices, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active
• After Account Deletion: We delete or anonymize your information within 90 days, except where retention is required for legal, regulatory, or legitimate business purposes
• Backup Data: May be retained in backup systems for up to 90 days after deletion
• Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., tax records for 7 years)

9. Your Rights

9.1 GDPR Rights (EEA, UK, Switzerland Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR). You may exercise these rights at any time, to the extent permitted by law.

Your Rights

• Withdraw Consent: You can withdraw your consent to data processing at any time. This will not affect the lawfulness of any processing carried out before withdrawal.
• Access Your Data: You can request a copy of the personal data we hold about you and learn how we are using it.
• Correct Your Data: You can ask us to fix any inaccurate or incomplete information we have about you.
• Delete Your Data: You can request that we erase your personal data when it is no longer needed for its original purpose.
• Restrict Processing: You can ask us to limit how we use your data in certain circumstances. In this case, we will only store your data and not process it for any other purpose.
• Data Portability: You can receive your data in a structured, commonly used, and machine-readable format, and have it transferred to another service provider where technically feasible.
• Object to Processing: You can object to us processing your data when we process based on legitimate interests, public interest, or for direct marketing purposes.
• Lodge a Complaint: You can file a complaint with your local data protection authority if you believe your rights have been violated.

Right to Object — Details

When we process your personal data for public interest, in the exercise of official authority, or for our legitimate interests, you may object by providing a reason related to your particular situation.

For direct marketing, you can object at any time, free of charge and without providing any justification. Once you object, we will immediately stop processing your personal data for marketing purposes.

International Transfers

You have the right to know about any transfers of your data outside the EEA, including to international organizations governed by public international law, and the security measures we have in place to protect your data during such transfers.

9.2 CCPA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Do Not Sell My Personal Information: We do not sell personal information to third parties. We do not sell the personal information of minors under 16 years of age without affirmative authorization.

9.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@lastline.app. All requests are free of charge, and we will respond within 30 days (or as required by applicable law), providing you with the information required by law.

When we correct or delete your personal data, or restrict its processing, we will notify each recipient to whom your data has been disclosed, unless this proves impossible or involves disproportionate effort. Upon your request, we will inform you about those recipients.

You may also manage your account settings directly through the Service, including updating your profile information and deleting your account.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service. Types of cookies we use:

• Essential Cookies: Required for the Service to function properly (authentication, security)
• Analytics Cookies: Help us understand how users interact with the Service (Google Analytics)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Receive warnings before cookies are stored

Note that disabling cookies may affect the functionality of the Service.

11. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our servers and service providers are located. These countries may have data protection laws that differ from your country of residence.

For transfers from the EEA, UK, or Switzerland to countries without adequate data protection, we use appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Data Processing Agreements: Contractual commitments with service providers
• Additional Technical Measures: Encryption and access controls

For more information about our data transfer mechanisms, please contact our Data Protection Officer at dpo@lastline.app.

12. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@lastline.app, and we will delete it promptly.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. If you have questions about this Privacy Policy or how we handle your personal data, please contact our DPO:

• Email: dpo@lastline.app

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes that affect your rights)
• Requesting your consent where required by applicable law

We encourage you to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@lastline.app
• Data Protection Officer: dpo@lastline.app
• Mailing Address: Lastline, [Your Company Address]