Privacy Policy

In this policy, Caliopen refers to the web service of the Caliopen Project. This Privacy Policy explains (1) what information is collected when you access and use Caliopen (2) the use Caliopen makes of this information; and (3) the security applied to protect this information.

By using Caliopen, you consent to the terms outlined in this privacy policy.

Legal Framework

Caliopen is currently being built by Gandi. Gandi is located in France and all data storage are handled by Gandi under the french laws and regulations.

Any information provided to Caliopen is considered personal data as defined and protected by the french DPA (CNIL).

Such data will only be used to contact you with important notifications about Caliopen (to create your account, recover your password...). You are free, at any given time, to delete your account and all the information it holds through the account settings panel.

Service's user data collection is limited to the following:
Visiting or using our website: We employ a local installation of Matomo, an open source analytics tool. Analytics are anonymized whenever possible and stored locally.

Account creation: You have to provide an external email address for notification or password recovery purposes.

Account activity: Depending on the protocols used when you exchange with your contacts, Caliopen may have to process some metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. We do NOT have access to encrypted message content but unencrypted messages sent from external providers to Caliopen are scanned for spam and viruses for the protection of our users. We also have access to the following records of account activity: devices signatures and parameters, number of messages sent, amount of storage space used, total number of messages, last login time.

Communicating with Caliopen: Your communications, such as support requests, bug reports, or feature requests may be saved by our staff.

IP Logging: IP logs are kept for one year for statistics and to combat abuse and fraud, and your IP address may be retained if you are engaged in activities that breach our terms and conditions (spamming, DDoS attacks against Caliopen infrastructure, brute force attacks, etc).

We do NOT do any analysis on the limited data we do possess with two exceptions:
Emails sent unencrypted to Caliopen accounts are scanned automatically for spam so we can block IPs which are sending a lot of spam to Caliopen users and tag spam messages with a very low importance level.

Emails sent unencrypted to Caliopen accounts are also scanned automatically for "smart" tagging.

Data Storage

All servers used in connection with Caliopen are wholly owned and operated by Gandi. Only Gandi's employees have physical or other access to the servers. User credentials needed for remote mailbox or private communication source like Twitter DM, are stored in encrypted format on our vault servers.

Right to Access, Rectification, Erasure and Portability

Through your interface, you can directly access, edit, or delete personal data processed by Caliopen.

Data Retention

When a Caliopen account is closed, data is immediately deleted from production servers. Deleted messages are also permanently deleted from production servers.

Modifications to Privacy Policy

Caliopen reserves the right to periodically review and change this policy from time to time and will notify users when it does. Continued use of Caliopen will be deemed as acceptance of such changes.

Applicable Law

This Agreement shall be governed in all respects by french laws.