This Privacy Policy (“Privacy Policy”) describes how we at Phonely, Inc. (“Phonely”, “we”, “our”, or “us”) collect, protect, and use the Personal Data (as defined below) you (“User”, “you”, or “your”) may provide via the Phonely.com website (“Website”) or by utilizing any of our software products (“Products”) or services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions (“Software”), or your desk phone (“Services”). Our Privacy Policy is available at phonely.ai/legal/ (and as amended from time to time and effective as of the date posted). Phonely uses a single Privacy Policy that addresses our treatment of Personal Data when you use our public-facing website or any of these Services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions, or your desk phone. We commit ourselves to the highest standard for data protection and privacy. Due to our global footprint, we are subject to several data protection regulations and as a guiding principle, we apply the strictest regulation to protect your data and privacy globally. This results in a broad set of rights and choices made available to you.
Phonely is made up of various legal entities which we use as infrastructure to provide our Services and to comply with various local laws. However, the parent entity responsible for data protection across the organization is Phonely, Inc., a U.S. company with a registered address of 105 N 1st St #1710 SMB#62824 San Jose, CA 95113 US.
To exercise your data protection rights or for more information about Phonely’s data protection practices, please contact us at [email protected].
Your use of Phonely’s Services is also subject to the Terms of Service or the General Terms and Conditions associated with the Master Services Agreement that governs your account, each of which may be amended from time to time and are effective as of the date posted. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service or the Applicable Data Protection Laws.
“Applicable Data Protection Laws” means all laws and regulations that are applicable to the processing of Personal Data under the Agreement, including European Data Protection Laws and the CCPA, as well as any future amending acts of the above-mentioned data protection laws any other applicable international, federal, national and state privacy and data protection laws, rules, and regulations pertaining to privacy, data processing and use, data protection, data security, encryption, or confidentiality.
“Personal Data” means all data which is defined as ‘Personal Data’, ‘personal information’, or ‘personally identifiable information’ (or analogous terms) under the Applicable Data Protection Laws.
| Category | Description |
|---|---|
| Contact Information that facilitates communication between you and Phonely, such as name, email and physical address, telephone number, and password | Billing Payment information |
| Location Information about a specific location, such as physical address or IP address | Identifiers Information that may tend to identify a specific individual, such as name, profile picture, birthdate. |
| Device and Session Information about your browser or device, which may include your IP address, device IDs, or other unique identifiers, cookie information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested | Telephony Information concerning customer call records such as time, duration, the number of the called party |
| Session audio, video and messaging The audio, video, and messaging (including SMS, in-app chat, and other messaging channels) that you send through Phonely, and the information contained therein, should you opt-in to recording or otherwise storing that information | Integrations Information regarding the integration of third-party services such as Google, Salesforce, Zendesk, HubSpot, and others, including credentialing information. |
Phonely may collect Personal Data through our communications with you or through your use of the Services. Consequently, Personal Data can be directly provided by you or indirectly collected by us from, for example, user interactions and use of the Services. You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features within the Services.
| Data You Provide | Data Phonely Collects | When is this data collected | Examples of Types of Data Collected |
|---|---|---|---|
| X | When you create an account with Phonely | Contact; Billing | |
| X | X | When you integrate with a third-party service | Integrations |
| X | When you use our Services | Device and session information; Telephony information; Session audio, video, and messaging; Location; Integrations | |
| X | When you use Phonely | Device and session information; Telephony information; Session audio, video, and messaging; Integrations | |
| X | When you browse pages of our website | Device and Session; Location | |
| X | When you request information from us | Contact | |
| X | When you opt-in for marketing messages | Contact, Identifying |
All permanent data, such as contact lists, call records, recordings, and transcripts, are stored in the United States via Google Cloud Storage, unless your Phonely Services Administrator has selected a different region. Phonely may also temporarily process Personal Data in other regions for purposes such as technical support, customer support, and sales. In transit and temporary data associated with calls is processed through Phonely’s Data Centers and may be stored there for for no more than 72 hours.
| What We Do | Legal Basis for Processing (under GDPR) | Data Subjects | Personal Data | Dialapad’s Role |
|---|---|---|---|---|
| Deliver the Services, including placing and receiving voice and video calls, and providing recordings, transcriptions, and analytics of calls; determining your geographic location for efficient call routing, and organizing your contacts | Contract (Art. 6(1)(b)) | Customers End Users | Location Identifying Device and Session Telephony Session audio, video, and messaging Communication | Processor |
| Manage your account and billing, to enable secure login and single sign on, and allow third party integrations | Contract (Art. 6(1)(b)) | Customers | Contact Billing Integrations | Processor |
| Communication with You. If you do not want to receive communications from us, you can always opt out by unsubscribing through the link at the bottom of our emails. | Contract (Art. 6(1)(b)) Consent (Art. 6(1)(a)) | Customers | Contact Communications | Processor |
| Prevent, detect, and investigate potentially prohibited or illegal activities, including fraud and violations of our Terms of Service and Acceptable Use Policy | Compliance (Art. 6(1)(c)) Public Interest (Art. 6(1)(e)) | Customers End Users | Location Identifying Device and Session Telephony Session audio, video, and messaging Communication Billing | Processor |
| Perform backups, disaster recovery, and system status monitoring) | Contract (Art. 6(1)(b)) | Customers End Users | Telephony Session audio, video, and messaging | Processor |
| Direct Marketing | Consent (Art. 6(1)(a)) | Customers | Communication Identifying | Processor |
| Third Party Integrations We will share your Personal Data with affiliated businesses only if you or your Phonely Services administrator set up an integration, and we will only share your information to the extent that it is related to the transaction or service. | Contract (Art. 6(1)(b)) Consent (Art. 6(1)(a)) | Customers End Users | Integration | Processor |
| Improvement of the Service Such as A/B testing of new features, improvement of AI speech recognition and language processing, and performance monitoring | Legitimate Interest (Art. 6(1)(a)) Consent (Art. 6(1)(a)) | Customers End Users | Location Identifying Device and Session Telephony Session audio, video, and messaging Communication Billing | Controller |
We may anonymize, de-identify, and/or aggregate your Personal Data so that you are not individually identifiable (“De-Identified Personal Data”), and provide De-Identified Personal Data to certain of our partners to help us improve our Service, such as sending anonymized samples of audio or text to a third party to improve speech-to-text transcription and reading comprehension. We may also provide aggregate usage information to our partners to understand how often and in what ways people use our Services. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual. De-Identified Personal Data may be aggregated for system administration and to monitor usage of the Website. It may be utilized to measure the number of visits to our Website, average time spent, number of pages viewed and to monitor various other Website statistics. This monitoring helps us evaluate how visitors use and navigate our Website so we can improve the content. We may share De-Identified Personal Data or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties in any way we choose and for any purpose.
Phonely’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Phonely will not share any data with third party AI Models for training purposes”
Phonely Training is a key part of how Phonely consistently improves its Services. As described below in the Section titled “Phonely as Data Controller and Processor,” where permitted by law and supported by an appropriate legal basis, Phonely acts as a controller for the data collected for Phonely Training. If you use Phonely, Personal data used for improving the services may include segments of call audio, video, or transcriptions. Training data saved by Phonely is used only for improving Phonely’s language models, and is processed primarily by automated systems. A small fraction of training data may be manually reviewed. You may opt out of manual review at any time by contacting [email protected]. You can control what data is stored by choosing which Phonely features you use from the settings menu in the relevant Service, and you may also opt out entirely from the use of your data for training and improving Phonely’s Ai services by contacting [email protected].
When processing Personal Data for the provision of the Service, Phonely’s direct Customer acts as the Controller (or a Processor processing Personal Data on behalf of a third-party Controller), and Phonely acts as a Processor (or sub-Processor, as applicable). When acting as a Processor, Phonely shall only process Personal Data to provide the Service and in accordance with the Customer’s written instructions, and as required by applicable law. When processing Personal Data for the improvement of the Service, as described above in the Section titled “How Does Phonely Use Personal Data”, Phonely acts as a controller.
Phonely does not use Personal Data to make automated decisions.
Under the GDPR, we only process Personal Data when there is a legal basis for doing so. For the Data Processing described in this policy, we rely on the following legal grounds:
With Phonely, you are in control of your data and you can always restrict the collection of certain types of information.
You have various rights related to the Personal Data we process and may exercise those rights by utilizing our Data Subject Access Request (DSAR) Portal. Following the submission of your request, Phonely will verify your identity and respond to you within 30 days of the receipt of the request. When you update information, we may maintain a copy of the unrevised information in our records.
If you are under the jurisdiction of the GDPR, and if you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns, but we hope you will contact us first so that we may address any issues.
Below is a summary of rights for those individuals subject to the GDPR and guidance on how to exercise them:
| Right of Access | You can request access to the Personal Data we hold about you, including:
Upon request, we can either provide an overview of the data we hold or we can provide you with a copy of your Personal Data |
| Right to Rectification | If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly. |
| Right to Erasure | You may ask us to erase your Personal Data in the following circumstances:
If we share your Personal Data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly. |
| Right to Restrict Processing | You may ask us to restrict or ‘block’ the processing of your Personal Data in the following circumstances:
We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly. |
| Right to data portability | You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you where we process that Personal Data in an automated way. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere. |
| Right to object | You may ask us at any time to stop processing your Personal Data, and we will do so if we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing. If your objection is related to receiving marketing communications or our newsletter, please hit the unsubscribe link on the communication you no longer wish to receive. |
| Rights in relation to automated decision-making and profiling | You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use. Phonely does not perform automated decision-making. |
| Right to withdraw consent | If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place. |
Through your account settings, you may access, and, for some information, edit, or delete the following information you’ve provided to us:
To delete your accounts, please follow the instructions on How to Cancel Your Phonely Account. After deletion of your account, some information may remain in our records for a period that is consistent with the purpose it was collected for.
| Compliance | Phonely strives to comply with the controls set out in Applicable Data Protection Laws. |
| Infrastructure Security | Phonely has implemented appropriate technical and organizational security measures to protect your data, including:
|
| Internal Best Practices | Phonely has implemented practices in line with industry standards, including
|
A description of our data security practices is available on our Trust page and such security guarantees are incorporated into our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers).
To provide, maintain, improve, secure, and promote our Services, Phonely needs to disclose certain Personal Data to third parties. We do not license or sell your Personal Data to third parties, including advertisers, without your consent. As described below, when we share any information about you with third parties, we pseudonymize and aggregate any information about you before we share it unless more detail is necessary to the function of the Services. Although our Privacy Policy does not apply to the practices of companies we don’t own or people that we don’t manage, our Data Processing Agreements define how these third parties can use and store your information, consistent with this Privacy Policy. This section provides further details about the specific disclosures we make to other third parties, such as vendors, governmental authorities, or because of corporate restructuring.
| Sub-Processors (Processors) | Certain Personal Data may be disclosed to our vendors who are essential for the functioning of the Services. Vendors that have access to Personal Data are considered sub-processors and nearly all our sub-processors are categorized by law as processors. This means that these sub-processors may process Personal Data on our behalf solely in accordance with our instructions and pursuant to a written agreement. For example, we use suppliers for webhosting, secure cloud storage, analytics, email delivery, customer relationship management, and other services.
|
| Sub-Processors (Controllers) | In a few rare circumstances, our sub-processors may act as an independent controller of Personal Data. This means that these sub-processors process Personal Data in accordance with their own privacy policies; however, our contracts with such sub-processors require them to comply with applicable data protection law when processing any Personal Data they receive from us.
|
| Governmental Authorities | Various authorities such as regulators, tax authorities, law enforcement agencies, courts of law and others may legally require us to produce information that may include Personal Data, for example through a subpoena or warrant. If Phonely becomes aware of any government data demands requesting Personal Data, then Phonely, in accordance with its Government Data Demands Policy, will:
More information may be found on our Governmental Data Demand Page. |
| Corporate Restructuring | If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party. |
| Further Information | We would be happy to address any specific questions you may have about your Personal Data. This Privacy Policy is intended to provide as much relevant information as possible; however, if you need more specific information, please contact us at [email protected]. |
Where we are processing your information as a processor on behalf of a Customer, the Customer determines their own policies and practices for the sharing and disclosure of your information and Phonely does not control how a Customer or any other third parties choose to share or disclose information. Where we are processing your information on our own behalf as a controller, we may disclose your information with your consent, which we may obtain in several ways, including:
Our Services permit you to submit information which may be displayed to other authorized users in the same or different Customer Account. The sharing and other controls applied to such information may be determined by you, other users and/or an administrator of your Account.
In general, we may disclose or transfer your information without your consent to disclosure when we reasonably believe disclosure is appropriate to:
Phonely operates at a global level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected. In such a case, Phonely only makes such cross-border transfers according to applicable laws. For example, to transfer data outside of the EEA or the UK, our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers) incorporates the EU and UK Standard Contractual Clauses and supporting documents, as applicable, or other inter-company agreements. For transfers out of other jurisdictions operating transfer restriction regimes, we take similar steps to ensure compliance with local law.
In accordance with applicable data protection laws, we do not store your Personal Data for longer than needed for the purposes of the respective processing activity. Phonely, by default, will retain your data for as long as your account is active. Upon closure of your account, Phonely will automatically delete your data within 180 days of account termination. You always have the right to implement a customizable retention policy that will delete data routinely based on your specific retention requests. For more information on how to set up a customizable retention policy, please visit our Help Center. This retention policy ensures that Phonely is completely deleting your data if it is no longer needed, unless its further temporary storage is still necessary to:
For more detailed information about the retention periods of the Personal Data, please contact us at [email protected].
Phonely and third-party service providers of tracking technologies gather non-Personal Data about how users enter, navigate, and leave the website and Services, the frequency and length of visits to the Services or third party websites, application or device usage data, and your product or service preference indicated by the number of times and the length of time you view a product. Phonely gathers this data using cookies, web beacons, tags, and other similar techniques that deliver small files to your computer and which allow these networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Phonely uses certain third-party services that help us understand traffic on our website in various ways:
| Cookie Name | Description |
|---|---|
| Google Analytics and Google Adwords | These help Phonely understand who is visiting Phonely’s websites and to show relevant ads on other websites to people who have visited Phonely’s websites. You can control what ads you see through the Google Ad Settings Manager. More information on how Google uses information collected when you use Google’s partner sites is available at Google’s Partner Technologies page. |
| Marketo | Marketo is a marketing automation tool that handles various marketing tasks, such as contacting visitors who provide their contact information and requesting additional information. You can read more about Marketo’s Privacy Policy and opt-out options here via Marketo’s Privacy Notice. |
| Wistia | Wistia powers the videos on our site. Wistia tracks how you interact with these videos: how much of a video you watch, at what points in a video you pause or rewind, etc. In some videos, we pause the video and request that you provide your email address or name. You are under no obligation to provide this information, but we reserve the right to limit certain videos to identified users. Wistia aggregates the data collected through the videos here, including names and email addresses, and provides it to us. Wistia does not sell or provide the data it collects to third parties. |
| Nextroll | Nextroll is a marketing automation tool that handles various marketing tasks, such as contacting visitors who provide their contact information and requesting additional information. You can read more about Nextroll’s Privacy Policy and opt-out options here via Nextroll’s Privacy Policy |
In general, it is important to note the following regarding the use of cookies:
For more information on cookies and how to manage them, please visit Internet Cookies. You may be able to opt out of tracking conducted by third parties through our Services by adjusting the Do Not Track settings on your browser; but we don’t control whether or how these third parties comply with Do Not Track requests. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services. For more information on how to manage or restrict the use of cookies and to opt-out of all interest-based advertising, please visit the Network Advertising Initiative or Your Ad Choices. For End Users located in European Territories, the EDAA opt-out page here: http://youronlinechoices.eu/.
Phonely recognizes that the Privacy Shield is no longer a valid transfer mechanism for Personal Data from the European Union and its Member States, the European Economic Area, or Switzerland. However, we continue to comply with the requirements under Privacy Shield due to our commitment to the Privacy Shield Principles. Organizations’ continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect Personal Data in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for individuals. Phonely has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/ or visit our Privacy Shield Policy. Phonely commits to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable. Please find the contact details of the EU DPAs here. The Federal Trade Commission has jurisdiction over Phonely’s compliance with the Privacy Shield Principles. Failing to follow the Privacy Shield principles could result in U.S. FTC enforcement measures for Phonely.
Phonely does not provide services designed for use by children under the age of 18, nor does it knowingly collect or solicit Personal Data from anyone under the age of 18. If we learn that we have collected such information we will delete that information as quickly as possible. If you believe that a child under 18 has provided us Personal Data, please contact us at [email protected].
We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well. We will alert you to changes by placing a notice on the Phonely website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.
You can always reach Phonely with questions or concerns regarding our Privacy Policy by sending an email to [email protected].
By using the Website or its Services, you agree to be bound by this Privacy Policy. If you do not agree to abide by the terms of this Privacy Policy, you are not authorized to use or access the Website and its Services.
The California Consumer Privacy Act of 2018 (“CCPA”) and the subsequent California Privacy Rights Act (“CPRA”) requires businesses that collect personal data of California residents to make certain disclosures regarding how they collect, use and disclose such information. This CCPA/CPRA-specific section addresses those requirements.
Copyright Phonely 2024. All rights reserved.
Copyright Phonely 2024. All rights reserved.