PRIVACY POLICY

1.1. This Privacy Policy (hereinafter referred to as the “Policy”) defines the procedure and conditions for processing the personal data of Users within the framework of the use of the Service.

1.2. The Policy applies to all personal data processed by the Contractor in connection with providing access to the Service, regardless of the method of the User’s interaction with the Service (via the Website, integrations, third-party platforms, or other technical means).

1.3. The processing of personal data is carried out by the Contractor in accordance with the TERMS OF SERVICE, this Policy, the Data Processing Agreement (DPA), and the requirements of applicable legislation in the field of personal data protection.

1.4. This Policy does not regulate the processing of personal data by third parties, including third-party platforms, messengers, payment services, or other service providers integrated with the Service by the User. The processing of such data is governed by the terms and policies of the relevant third parties.

1.5. In the event of any discrepancy between the provisions of this Policy and the terms of the TERMS OF SERVICE or Data Processing Agreement (DPA), the provisions of the relevant document shall apply, taking into account its subject matter.

2.1. As part of the provision of the Service and the processing of personal data, the User determines the purposes and methods of processing personal data that are processed when using the Service and acts as a personal data controller.

2.2. The Contractor processes personal data solely to ensure the functioning of the Service and the provision of Services and acts as a personal data processor, unless otherwise directly follows from the nature of the relevant data or the requirements of applicable law.

2.3. With regard to personal data that the Contractor processes independently for its own purposes (in particular, administration of the Service, payment accounting, user support, compliance with legal requirements), the Contractor acts as an independent controller of personal data.

2.4. To the extent that the Contractor acts as a controller of personal data, processing is carried out on the basis of the execution of the contract, execution by legal entities duties and/or legitimate interests of the Contractor in accordance with the applicable legislation.

2.5. The User guarantees that they have all the necessary legal grounds for collecting, using, and transferring personal data of third parties within the context of using the Service, including the use of the Voice Call Functionality and third-party integrations.

2.6. The relationship between the Parties to the processing of personal data in the capacity of controller and processor is additionally regulated by the Data Processing Agreement (DPA), which is an integral part of the contractual documentation.

3.1. As part of the provision of the Service, the Contractor may process the following categories of personal data of Users and third parties whose data is processed by the User when using the Service.

3.2. Account details:

• first and last name;
• email address;
• phone number;
• information about the account, user role, and Service settings.

3.3. Payment and financial details:

• information about the selected tariff plan;
• status and history of payments;
• transaction identifiers.

In this case, the Contractor does not save full payment details (payment card data), unless otherwise expressly provided by the terms of the payment service.

3.4. Technical and operational data:

• IP address;
• browser type, device and operating system;
• log files;
• data on the use of the functional capabilities of the Service;
• error, crash, and performance data.

3.5. Data processed within the Voice Call Functionality:

• voice call metadata (date, time, duration, status);
• audio data and related technical files, if created or made available through the use of third-party platforms or integrations.

The Contractor does not determine the content of voice calls and does not control their legality by the User.

3.6. Data related to the use of integrations and third-party services:

• account identifiers in third-party platforms;
• access tokens and technical keys (in encrypted or restricted form);
• data transferred between the Service and third-party systems at the initiative of the User.

3.7. Cookies and similar technologies data:

• session ID;
• user settings;
• analytical and technical data collected using cookies or similar technologies in accordance with the section of this Policy.

3.8. The Contractor does not intend to process special categories of personal data (sensitive data), unless otherwise directly follows from the User’s actions or legal requirements.

3.9. The User undertakes not to transfer to the Contractor personal data, the processing of which is prohibited or restricted by law, without the existence of appropriate legal grounds.

4.1. The Contractor processes personal data exclusively for specific, legitimate, and justified purposes within the limits necessary to provide and ensure the functioning of the Service.

4.2. Personal data is processed for the purpose of:

• User registration in the Service, account creation and administration;
• provision of Services and ensuring access to the functionality of the Service;
• fulfillment of the terms of the Agreement and related documents;
• payment processing, invoicing and tariff administration;
• providing technical support, troubleshooting and improving the quality of the Service;
• ensuring the security of the Service, preventing fraud, unauthorized access or abuse;
• compliance with legal requirements and legal requests of authorized bodies.

4.3. Data processed within the Voice Call Functionality may be used solely for technical purposes, in particular for:

• ensuring the operability of the relevant functions of the Service;
• diagnostics and troubleshooting of technical faults;
• analysis of incorrect operation of integrations or third-party platforms.

4.4. The Contractor does not use data to determine the content of communications of the User or third parties.

4.5. Technical data, cookies and similar technologies are used for the following purposes:

• ensuring the correct operation of the Service;
• saving user settings;
• analytics of the use of the Service and improvement of its functionality;
• ensuring information security.

4.6. Personal data shall not be processed by the Contractor in a manner incompatible with the stated purposes, unless otherwise provided by this Policy or the requirements of current legislation.

4.7. The Contractor may send the User informational messages related to the operation of the Service, updates, changes to terms, and new or improved functionality. Such messages do not constitute third-party advertising and are intended to inform the User about the use of the Service.

4.8. The processing of personal data is carried out on the grounds provided for by applicable law, in particular:

• to fulfill the Agreement and provide the Services;
• to fulfill the legal obligations imposed on the Contractor;
• within the framework of the legitimate interest of the Contractor, provided that such interest does not violate the rights and freedoms of personal data subjects;
• based on the consent of the personal data subject — in cases where such consent is directly required by law.

5.1. The Website and/or Service may use cookies and other similar technologies to collect technical information to ensure proper functioning, security and stable operation of the Service.

5.2. Cookies may be used to:

• ensure the correct operation of the Site and Service;
• save user technical settings;
• collect anonymized analytical and statistical data on the use of the Service;
• improve functionality and security.

5.3. The Website and Service may use web analytics services and other technical tools from third parties that process technical data in accordance with their own privacy policies and terms of use.

5.4. The User has the right to independently restrict or prohibit the use of cookies by changing the settings of the browser or device.

5.5. Where required by applicable law, non-essential cookies are used solely on the basis of user consent.

5.6. Restricting or disabling cookies may result in some functionality of the Site or Service not functioning properly.

5.7. Essential (technically necessary) cookies are used without receiving separate consent of the User, since it is necessary to ensure the operation of the Website and Service.

6.1. The Service may support voice calling functionality implemented using third-party messengers, platforms, or third-party software solutions.

6.2. The Contractor does not provide its own communication channel, does not operate as an operator or telecommunications provider, and does not determine the rules, conditions, or legality of making voice calls.

6.3. The User shall independently ensure compliance with the requirements of applicable legislation regarding the protection of personal data, confidentiality of communications, and the notification of participants in voice calls, including in cases where such calls may be recorded.

6.4. The Contractor does not control the content of voice calls, their participants, duration, or the procedure for storing or using audio data, unless otherwise expressly provided in the terms of the Service.

6.5. For purely technical purposes, in particular to ensure the operability of the Service, troubleshoot technical failures, or provide technical support, the Contractor may have limited technical access to audio data generated through the use of the Voice Call Functionality, provided that such data is accessible in accordance with the architecture of the Service or the integrations used.

6.6. When processing such data, the Contractor acts in accordance with the Privacy Policy and Data Processing Agreement (DPA).

7.1. General Provisions

7.2. Categories of third parties

7.3. Status of third parties

7.4. Transfer of data at the initiative of the User

7.5. Cross-border transfer of personal data

7.6. The Contractor does not sell Users’ personal data or transfer it to third parties for marketing purposes other than those intended for or incompatible with the Service’s purposes.

8.1. The Contractor implements appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction, modification, disclosure, or other illegal processing.

8.2. The safeguards are determined taking into account the nature, scope, context and purposes of processing personal data, as well as potential risks to the rights and freedoms of personal data subjects.

8.3. In particular, the Contractor may apply the following measures:

• control of access to systems and data;
• authentication and authorization of users and personnel;
• data encryption or other cryptographic protection methods where technically feasible;
• logging and monitoring of technical events;
• regular updating of software and security components.

8.4. Access to personal data is granted exclusively to employees, contractors or authorized persons of the Contractor for whom such access is necessary in view of the performance of their functions, and who are obliged to comply with confidentiality requirements.

8.5. In the event of a personal data security breach, the Contractor shall take reasonable measures to minimize possible negative consequences and act in accordance with the requirements of applicable law and the provisions of the Data Processing Agreement (DPA), if applicable.

8.6. The User acknowledges that no method of transmitting or storing data on the Internet can guarantee absolute security and agrees that the Contractor cannot guarantee complete protection of personal data from all possible threats not under its reasonable control.

9.1. Personal data is stored by the Contractor in a form that allows identification of the subjects of personal data, no longer than necessary to achieve the processing purposes defined by this Policy, the Agreement and the Data Processing Agreement (DPA), unless otherwise required by applicable law.

9.2. The storage periods for personal data are determined taking into account:

• the nature and purposes of processing;
• contractual obligations between the Parties;
• legal requirements for storing accounting, financial or technical information;
• the need to protect the rights and legitimate interests of the Contractor.

9.3. Personal data processed by the Contractor in its capacity as a personal data processor shall be stored in accordance with the User’s instructions and the terms of the Data Processing Agreement (DPA), unless otherwise provided by law.

9.4. After the processing purposes have been achieved or upon termination of contractual relations, personal data shall be subject to deletion, anonymization, or other means of cessation of processing, unless their further storage is required by law.

9.5. Technical logs, backups, and system data may be retained for a limited period of time to ensure the stability, security, and recovery of the Service, subject to appropriate security measures.

9.6. Data stored in third-party services or platforms as part of integrations is stored in accordance with the policies and terms of those third parties, for which the Contractor is not responsible.

10.1. Personal data subjects have the rights provided for by applicable legislation in the field of personal data protection, in particular the right to:

• receive information about the processing of their personal data;
• access their personal data;
• request correction of inaccurate or outdated personal data;
• demand the deletion of personal data or restriction of their processing in cases provided for by law;
• object to the processing of personal data on the grounds specified by law;
• revoke the consent provided to the processing of personal data if the processing is carried out on the basis of consent;
• file complaints with authorized bodies for the protection of personal data.

10.2. The rights of personal data subjects are exercised taking into account the roles of the Parties:

• if the Contractor acts as a processor of personal data, requests from personal data subjects are processed in accordance with the User’s instructions and the terms of the Data Processing Agreement (DPA);
• if the Contractor acts as a personal data controller, it independently reviews and processes relevant requests within the framework of the requirements of applicable legislation.

10.3. Requests for the exercise of rights of personal data subjects may be sent to the Contractor via the contact information specified in the Agreement or the Website, or by other available means determined by the Contractor. The Contractor may request additional information to confirm the applicant’s identity if necessary to protect personal data.

10.4. The Contractor shall consider requests from personal data subjects within a reasonable timeframe and in the manner prescribed by applicable law, taking into account the nature of the request and the Contractor’s role in the processing.

10.5. The exercise of the rights of personal data subjects may be limited in cases and to the extent expressly provided for by applicable law, in particular to ensure security, fulfill legal obligations, or protect the rights and legitimate interests of the Contractor and third parties.

11.1. The Contractor reserves the right to unilaterally amend and supplement this Privacy Policy for the purpose of updating it, in particular in connection with changes in the functionality of the Service, the requirements of applicable legislation, or personal data processing practices.

11.2. The updated version of the Privacy Policy comes into force from the moment it is posted on the Website, unless otherwise expressly provided by the terms of the version or the requirements of applicable law.

11.3. In the event of significant changes affecting the rights and obligations of Users or the nature of the processing of personal data, the Contractor may notify Users by publishing a message on the Service, the Website, or by sending an informational message through available communication channels.

11.4. Continued use of the Service after the entry into force of the updated version of the Privacy Policy shall be deemed confirmation of the User’s familiarization with such changes and their acceptance to the extent permitted by applicable law.