Last updated: May 20, 2026
Heads up — this is a placeholder template. Replace with your actual Privacy Policy drafted or reviewed by an attorney familiar with applicable privacy law (CCPA/CPRA, GDPR, HIPAA where relevant).
We collect what we need to provide phone service to your business. We don't sell your data. We don't share it with advertisers. Call recordings and voicemails belong to you. You can export or delete your data at any time. Questions go to .
Your name, business name, email, phone number, billing address, and payment method. We need this to bill you and provide the service.
Call detail records (CDRs) — who called whom, when, and for how long. Voicemail audio and transcripts. SMS message content and metadata. Call recordings if you've enabled them.
How you use our apps and portal — feature usage, error logs, performance metrics. We use this to fix bugs and improve the product. We anonymize and aggregate this data where possible.
IP address, device type, browser, operating system. Standard logs needed to operate any modern internet service.
We share data only with: (a) sub-processors we use to deliver the service (cloud hosting, payment processing, telecom carriers, email delivery — full list on request); (b) authorities responding to valid legal process; (c) parties you explicitly direct us to share with (e.g., integrations you enable). We never share with advertisers.
Primary storage in US data centers. We are a US-based company governed by US law. EU data subjects: we provide a Data Processing Addendum (DPA) on request.
Account data: while your account is active, plus 90 days after closure for billing/dispute purposes. Call detail records: 7 years (regulatory). Voicemails and recordings: as long as you keep them in your account, then 30 days after deletion in our backups. HIPAA customers: retention per your signed BAA.
You can: access your data, correct it, delete it, export it in a portable format, or restrict our use of it. Request via your portal or email . We respond within 30 days.
California residents (CCPA/CPRA): You have additional rights including the right to know what we collect, request deletion, and opt-out of "sale" of personal information (note: we don't sell personal information).
EU/UK residents (GDPR): You have rights under GDPR including data portability, restriction, and objection. The legal basis for our processing is contract performance (providing the service to you) and legitimate interests (operating and improving our service).
Encryption in transit (TLS for control plane, SRTP for media) and at rest (AES-256). Role-based access controls. SOC 2 Type II audited annually. We document our security practices in detail for prospects on request.
For customers on the Pro plan handling Protected Health Information (PHI), we sign a Business Associate Agreement (BAA) before any PHI is transmitted. Contact to request a BAA.
Our website uses minimal cookies for essential functionality (signed-in sessions, language preference) and limited analytics (Plausible Analytics, privacy-friendly, no cookies). We don't use advertising trackers, Facebook Pixel, or similar.
The Service is for business use. We do not knowingly collect data from children under 16. If you believe we've inadvertently done so, contact us and we'll delete it.
We'll post material changes here and email account holders at least 30 days in advance.