Skip to content
DialPhone
Start free trial

Privacy Policy

Effective: April 1, 2026

1. Overview

DialPhone Inc. ("DialPhone," "we," "us") operates the DialPhone communications platform. This policy explains what personal data we collect, how we use it, and the rights you have. Customer data is the customer's data — we process it to deliver the service, not for our own marketing.

2. Data we collect

From customers (businesses on the platform)

  • Account data: company name, billing address, admin contact, payment method
  • Configuration data: phone numbers, call flows, IVR menus, integrations
  • Usage data: minutes consumed, messages sent, storage used, feature adoption
  • Support interactions: tickets, chats, emails with our support team

From end users (calls/messages processed by the platform)

  • Communications content: call audio, recordings, transcripts, SMS/MMS, fax images, meeting recordings
  • Call metadata: phone numbers, timestamps, duration, caller ID, routing data
  • Optional enrichment: CRM context when integrations are enabled by the customer

From website visitors

  • Analytics: pages visited, referrer, session duration, browser/OS (pseudonymized)
  • Form submissions: demo requests, trial signups, contact forms
  • Cookies: essential session cookies always; analytics cookies only with consent in GDPR regions

3. How we use data

  • Deliver the service: route calls, store recordings, enforce access controls
  • Bill customers: calculate usage and process payments
  • Support customers: troubleshoot with break-glass access under strict controls
  • Improve the service: aggregate, de-identified usage metrics only
  • Security: detect fraud, abuse, spam
  • Legal compliance: respond to lawful government requests

We do not train foundation AI models on customer conversations. We do not sell customer data. We do not share with third parties for advertising.

4. Legal bases (GDPR)

  • Contract: processing to deliver the service
  • Legitimate interest: security, fraud prevention, service improvement
  • Consent: optional analytics, marketing communications
  • Legal obligation: tax, records, lawful requests

5. Data sharing

  • Subprocessors: infrastructure (AWS, Google Cloud), payment (Stripe), email delivery, SMS carriers. Full list at /company/subprocessors.
  • Customer direction: when a customer enables an integration (Salesforce, HubSpot, etc.), data flows per the customer's instructions.
  • Legal: responses to valid subpoenas, court orders, and lawful law enforcement requests. We notify customers unless prohibited.

6. Data residency

US customers: primary storage in US regions (Virginia, Oregon). EU customers: EU residency available (Frankfurt, Dublin). Data does not cross regions unless the customer explicitly enables cross-region replication.

7. Retention

  • Recordings, transcripts, SMS: customer-configurable default 2 years, 30 days to 10 years allowed
  • Audit logs: 6 years (HIPAA minimum)
  • Account records post-cancellation: 30 days primary, 90 days backups
  • Certificates of destruction available on request

8. Your rights

  • GDPR (EU/UK): access, rectify, erase, restrict, portability, object. Contact privacy@dialphone.com.
  • CCPA/CPRA (California): know, delete, correct, opt-out of sale. We don't sell data.
  • Other states: Virginia, Colorado, Connecticut, Utah — comparable rights honored.
  • End users (people on calls with our customers) should contact the customer directly; we process on their behalf under a Data Processing Agreement.

9. Security

AES-256 encryption at rest, TLS 1.3 in transit, SOC 2 Type II audited, HIPAA BAA available, annual third-party penetration tests. Full details at the Trust Center.

10. International transfers

Standard Contractual Clauses (SCCs) govern EU-to-US transfers. UK IDTA extension applies for UK-to-non-adequacy transfers. Data Processing Agreement (DPA) is signed at customer onboarding.

11. Children

DialPhone is a B2B platform; not directed at children under 16. We do not knowingly collect data from children.

12. Changes

Material changes announced 30 days in advance via the admin portal and email to account admins.

13. Contact

Privacy inquiries: privacy@dialphone.com.
EU/UK Representative: appointed per GDPR Article 27, details on request.
Data Protection Officer: dpo@dialphone.com.
Postal: DialPhone Inc., Legal Department, Belmont, CA, USA.

This policy is maintained by the DialPhone Legal and Privacy Office and is reviewed quarterly. For the Data Processing Agreement, see /legal/dpa.

Call sales Start free trial