Email Security Policies and Privacy For Connected Email Accounts to Mediarails – Mediarails

Description

The below information outlines the security policies and faqs as it pertains to the Mediarails users' email accounts. Policies regarding email servers hosted by Mediarails and hosted by the customer will be outlined in this document.

Customer hosted email servers

Included with the standard license, users will have the option of integrating their corporate email accounts with the Mediarails CRM. The integration between Mediarails and the user's corporate email account will be proxied through the Nylas Email Service.

Access Control

Mediarails Employees

Access to the email account directly will restricted to only the owner of the email account. The Mediarails customer success and IT departments will be able to access the email stored in the Mediarails CRM for diagnostic purposes only.

Company Employees

Company employees with access to the Mediarails CRM will be able to see email communication between the owner of the email account andPartners the company is doing business with only.

Thirdparty Software Services

In order to track email communication between a CRM user and a Partner, Mediarails will grant access to Nylas corporation. Nylas's security and privacy policies are outlined here (Nylas Security and Privacy Architecture.pdf)

Mediarails Software

The Mediarails CRM will access the email account through Nylas only. Only email that is specifically related to the functions of the Mediarails CRM (Partner communication) will be stored in the company's Mediarails CRM account. The data will be isolated within it's own database and will be encrypted at rest.

Mediarails hosted email servers (not available on all accounts)

Option that is included with the enterprise license, users will have the option of using a Mediarails hosted email server if they have trouble using their own for whatever reason. The hosted email server will either exist as an isolated organization and sub domain within the Mediarails Corporate IT infrastructure. Or we may opt to purchase a separate domain to then host email addresses on that is more personalized. The naming convention of the sub domain may look like the following: companyname.mail.mediarails.com. Or we may agree on a slightly different setup depending on the scenario.

Access Control

Mediarails Employees

Rights to the subdomain and email accounts under that subdomain will be limited to the Director of Customer Success and the Director of IT within the Mediarails org. The rights are defined as follows.

Create/delete email accounts
Create/delete subdomains
Create/delete organizations

Access to the email within the account will be restricted to only the owner of the email account. Customer Success and IT will require written approval by the email owner or CRM admin before accessing any email accounts directly. Access will only be granted for resolving issues associated with the email account.

Company Employees

Users of the email account that is linked through the Mediarails CRM will have the following rights

Resetting the password of the email account
Administering email messages within the account
Controlling the level of security specific to the account; two factor auth, password complexity, etc.

Third-party Software Services

In order to track email communication between a CRM user and a Partner, Mediarails will grant access to the Nylas corporation. Nylas's security and privacy policies are outlined here (Nylas Security and Privacy Architecture.pdf)

Mediarails Software

For more information on SPAM in the United States, please see CAN-SPAM Act: A Compliance Guide for Business on the FTC's website.