Phonely Privacy Policy
Overview
This Privacy Policy (“Privacy Policy”) describes how we at Phonely, Inc. (“Phonely”, “we”, “our”, or “us”) collect, protect, and use the Personal Data (as defined below) you (“User”, “you”, or “your”) may provide via the Phonely.com website (“Website”) or by utilizing any of our software products (“Products”) or services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions (“Software”), or your desk phone (“Services”). Our Privacy Policy is available at phonely.ai/legal/ (and as amended from time to time and effective as of the date posted). Phonely uses a single Privacy Policy that addresses our treatment of Personal Data when you use our public-facing website or any of these Services, including through your mobile device, Phonely’s desktop applications, browser and/or extensions, or your desk phone. We commit ourselves to the highest standard for data protection and privacy. Due to our global footprint, we are subject to several data protection regulations and as a guiding principle, we apply the strictest regulation to protect your data and privacy globally. This results in a broad set of rights and choices made available to you.
Phonely is made up of various legal entities which we use as infrastructure to provide our Services and to comply with various local laws. However, the parent entity responsible for data protection across the organization is Phonely, Inc., a U.S. company with a registered address of 105 N 1st St #1710 SMB#62824 San Jose, CA 95113 US.
To exercise your data protection rights or for more information about Phonely’s data protection practices, please contact us at privacy@phonely.ai.
This Privacy Policy covers the following topics:
Your use of Phonely’s Services is also subject to the Terms of Service or the General Terms and Conditions associated with the Master Services Agreement that governs your account, each of which may be amended from time to time and are effective as of the date posted. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service or the Applicable Data Protection Laws.
“Applicable Data Protection Laws” means all laws and regulations that are applicable to the processing of Personal Data under the Agreement, including European Data Protection Laws and the CCPA, as well as any future amending acts of the above-mentioned data protection laws any other applicable international, federal, national and state privacy and data protection laws, rules, and regulations pertaining to privacy, data processing and use, data protection, data security, encryption, or confidentiality.
“Personal Data” means all data which is defined as ‘Personal Data’, ‘personal information’, or ‘personally identifiable information’ (or analogous terms) under the Applicable Data Protection Laws.
Types of Data We Collect
When and How Phonely Collects Data?
Phonely may collect Personal Data through our communications with you or through your use of the Services. Consequently, Personal Data can be directly provided by you or indirectly collected by us from, for example, user interactions and use of the Services. You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features within the Services.
All permanent data, such as contact lists, call records, recordings, and transcripts, are stored in the United States via Google Cloud Storage, unless your Phonely Services Administrator has selected a different region. Phonely may also temporarily process Personal Data in other regions for purposes such as technical support, customer support, and sales. In transit and temporary data associated with calls is processed through Phonely’s Data Centers and may be stored there for for no more than 72 hours.
How does Phonely use Personal Data?
We may anonymize, de-identify, and/or aggregate your Personal Data so that you are not individually identifiable (“De-Identified Personal Data”), and provide De-Identified Personal Data to certain of our partners to help us improve our Service, such as sending anonymized samples of audio or text to a third party to improve speech-to-text transcription and reading comprehension. We may also provide aggregate usage information to our partners to understand how often and in what ways people use our Services. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual. De-Identified Personal Data may be aggregated for system administration and to monitor usage of the Website. It may be utilized to measure the number of visits to our Website, average time spent, number of pages viewed and to monitor various other Website statistics. This monitoring helps us evaluate how visitors use and navigate our Website so we can improve the content. We may share De-Identified Personal Data or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties in any way we choose and for any purpose.
Data and AI Training
Phonely’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Phonely will not share any data with third party AI Models for training purposes”
Phonely Training
Phonely Training is a key part of how Phonely consistently improves its Services. As described below in the Section titled “Phonely as Data Controller and Processor,” where permitted by law and supported by an appropriate legal basis, Phonely acts as a controller for the data collected for Phonely Training. If you use Phonely, Personal data used for improving the services may include segments of call audio, video, or transcriptions. Training data saved by Phonely is used only for improving Phonely’s language models, and is processed primarily by automated systems. A small fraction of training data may be manually reviewed. You may opt out of manual review at any time by contacting privacy@phonely.ai. You can control what data is stored by choosing which Phonely features you use from the settings menu in the relevant Service, and you may also opt out entirely from the use of your data for training and improving Phonely’s Ai services by contacting privacy@phonely.ai.
Phonely as Data Processor and Controller
When processing Personal Data for the provision of the Service, Phonely’s direct Customer acts as the Controller (or a Processor processing Personal Data on behalf of a third-party Controller), and Phonely acts as a Processor (or sub-Processor, as applicable). When acting as a Processor, Phonely shall only process Personal Data to provide the Service and in accordance with the Customer’s written instructions, and as required by applicable law. When processing Personal Data for the improvement of the Service, as described above in the Section titled “How Does Phonely Use Personal Data”, Phonely acts as a controller.
Automated Decision Making
Phonely does not use Personal Data to make automated decisions.
What is “Legal Basis”?
Under the GDPR, we only process Personal Data when there is a legal basis for doing so. For the Data Processing described in this policy, we rely on the following legal grounds:
Performance of a contract: when we rely on this basis the Data Processing is necessary for the performance of a contract with you or to take steps at your request before entering such a contract.
Consent: when we rely on this basis, we only process Personal Data about you for the specific purposes you expressly authorize. Where we process data based on your consent, you have the right to withdraw consent for processing at any time. This election will be effective going forward, but will not affect the lawfulness of processing based on consent before its withdrawal.
Substantial public interest: when we rely on this basis, we do it to prevent harm, fraud, money laundering, terrorist financing, child labor and to enable trust safety and compliance.
Compliance with a legal obligation: when we rely on this basis, we are obliged to process the relevant Personal Data to comply with the law.
Legitimate interests: when we rely on this basis, we process Personal Data as necessary in pursuit of our own or your legitimate interests. When we do this, we must ensure that the interests we pursue do not override your fundamental rights and freedoms. Specifically, the only processing that is solely justified by Legitimate Interests is processing required to improve our services. For more information on these Legitimate Interests, please see the Phonely Training Section below.
Privacy Choices
With Phonely, you are in control of your data and you can always restrict the collection of certain types of information.
Disable cookies: You can block cookies through your web browser settings. Please note that the restriction of cookies may impact the functionality of the Phonely website.
Don’t provide Personal Data: Certain personal data is needed in order to create an account and provide services to you. However, if you choose to not provide any personal data, you are still able to navigate our website.
Phonely Training: Phonely processes personal data to improve our Phonely systems and has implemented strict security measures to keep this data safe and secure. While we encourage all users to permit such data usage so we can provide a superior product, you have the right to opt-out of this type of processing. If you do not want Phonely to use your personal data for Phonely Training, please contact privacy@phonely.ai.
Direct Marketing: We endeavor to contact you with direct marketing only if you have given us your consent to do so. It is your right to withdraw this consent at any time. If you no longer wish to receive our marketing messages, simply click the unsubscribe link.
Data Subject Rights
You have various rights related to the Personal Data we process and may exercise those rights by utilizing our Data Subject Access Request (DSAR) Portal. Following the submission of your request, Phonely will verify your identity and respond to you within 30 days of the receipt of the request. When you update information, we may maintain a copy of the unrevised information in our records.
If you are under the jurisdiction of the GDPR, and if you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns, but we hope you will contact us first so that we may address any issues.
Below is a summary of rights for those individuals subject to the GDPR and guidance on how to exercise them:
Through your account settings, you may access, and, for some information, edit, or delete the following information you’ve provided to us:
name and password
email address
phone number(s)
location
time zone
place of employment
devices
recorded/transcribed messages and calls
call history including incoming/outgoing number and duration
user profile information, including images you have uploaded
billing information
contacts
other third-party account information you have linked to the site
To delete your accounts, please follow the instructions on How to Cancel Your Phonely Account. After deletion of your account, some information may remain in our records for a period that is consistent with the purpose it was collected for.
How We Keep Your Data Secure
A description of our data security practices is available on our Trust page and such security guarantees are incorporated into our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers).
Personal Data Disclosures
To provide, maintain, improve, secure, and promote our Services, Phonely needs to disclose certain Personal Data to third parties. We do not license or sell your Personal Data to third parties, including advertisers, without your consent. As described below, when we share any information about you with third parties, we pseudonymize and aggregate any information about you before we share it unless more detail is necessary to the function of the Services. Although our Privacy Policy does not apply to the practices of companies we don’t own or people that we don’t manage, our Data Processing Agreements define how these third parties can use and store your information, consistent with this Privacy Policy. This section provides further details about the specific disclosures we make to other third parties, such as vendors, governmental authorities, or because of corporate restructuring.
Disclosure With Your Consent
Where we are processing your information as a processor on behalf of a Customer, the Customer determines their own policies and practices for the sharing and disclosure of your information and Phonely does not control how a Customer or any other third parties choose to share or disclose information. Where we are processing your information on our own behalf as a controller, we may disclose your information with your consent, which we may obtain in several ways, including:
In writing;
Verbally;
Online, by clicking on a link or button; or,
Other mechanisms.
Our Services permit you to submit information which may be displayed to other authorized users in the same or different Customer Account. The sharing and other controls applied to such information may be determined by you, other users and/or an administrator of your Account.
Disclosure Without Your Consent
In general, we may disclose or transfer your information without your consent to disclosure when we reasonably believe disclosure is appropriate to:
Comply with the law (e.g., lawful subpoena or court order);
Cooperate with or report to law enforcement agencies in investigations that involve users who use our Service Offerings for activities that are or seem illegal or illegitimate activities;
Enforce or apply agreements for our Service Offerings; or
Protect our rights or property or that of our affiliates, including respective officers, directors, employees, agents, third party content providers, suppliers, sponsors, or licensors (e.g., to address allegations about fraudulent or unlawful activity related to a Miro account).
In connection with a merger, acquisition, public offering, sale of company assets, insolvency, bankruptcy, or receivership, subject to standard confidentiality requirements.
To defend Phonely and our affiliates, licensors, officers, agents and representatives from legal claims and processes brought to us by third parties (including takedown notices);
Use or disclose De-identified Personal Data in our sole discretion.
International Data Transfers
Phonely operates at a global level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected. In such a case, Phonely only makes such cross-border transfers according to applicable laws. For example, to transfer data outside of the EEA or the UK, our Data Processing Agreement (which is available for signature within the Admin Portal of existing customers) incorporates the EU and UK Standard Contractual Clauses and supporting documents, as applicable, or other inter-company agreements. For transfers out of other jurisdictions operating transfer restriction regimes, we take similar steps to ensure compliance with local law.
Data Retention
In accordance with applicable data protection laws, we do not store your Personal Data for longer than needed for the purposes of the respective processing activity. Phonely, by default, will retain your data for as long as your account is active. Upon closure of your account, Phonely will automatically delete your data within 180 days of account termination. You always have the right to implement a customizable retention policy that will delete data routinely based on your specific retention requests. For more information on how to set up a customizable retention policy, please visit our Help Center. This retention policy ensures that Phonely is completely deleting your data if it is no longer needed, unless its further temporary storage is still necessary to:
fulfill Phonely’s obligations pursuant to the agreement between Phonely and you;
establish, exercise, and defend a legal claim; or
fulfil statutory obligations to which Phonely is subject.
For more detailed information about the retention periods of the Personal Data, please contact us at privacy@phonely.ai.
Cookie Policy, Third Party Analytics, and Tracking
Phonely and third-party service providers of tracking technologies gather non-Personal Data about how users enter, navigate, and leave the website and Services, the frequency and length of visits to the Services or third party websites, application or device usage data, and your product or service preference indicated by the number of times and the length of time you view a product. Phonely gathers this data using cookies, web beacons, tags, and other similar techniques that deliver small files to your computer and which allow these networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Phonely uses certain third-party services that help us understand traffic on our website in various ways:
In general, it is important to note the following regarding the use of cookies:
Cookies cannot be used to run programs or deliver viruses to your computer.
Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
We may use cookies to collect, store, and track information for statistical purposes to operate our Website and Services. You can accept or decline cookies.
Most web browsers automatically accept cookies, but you can modify your browser settings to disable cookies if you prefer (check your browser’s Help page).
If you choose to decline cookies, you may not be able to experience all the features of the Website and Services.
For more information on cookies and how to manage them, please visit Internet Cookies. You may be able to opt out of tracking conducted by third parties through our Services by adjusting the Do Not Track settings on your browser; but we don’t control whether or how these third parties comply with Do Not Track requests. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services. For more information on how to manage or restrict the use of cookies and to opt-out of all interest-based advertising, please visit the Network Advertising Initiative or Your Ad Choices. For End Users located in European Territories, the EDAA opt-out page here: http://youronlinechoices.eu/.
Privacy Shield Framework
Phonely recognizes that the Privacy Shield is no longer a valid transfer mechanism for Personal Data from the European Union and its Member States, the European Economic Area, or Switzerland. However, we continue to comply with the requirements under Privacy Shield due to our commitment to the Privacy Shield Principles. Organizations’ continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect Personal Data in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for individuals. Phonely has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/ or visit our Privacy Shield Policy. Phonely commits to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable. Please find the contact details of the EU DPAs here. The Federal Trade Commission has jurisdiction over Phonely’s compliance with the Privacy Shield Principles. Failing to follow the Privacy Shield principles could result in U.S. FTC enforcement measures for Phonely.
Privacy of Minors
Phonely does not provide services designed for use by children under the age of 18, nor does it knowingly collect or solicit Personal Data from anyone under the age of 18. If we learn that we have collected such information we will delete that information as quickly as possible. If you believe that a child under 18 has provided us Personal Data, please contact us at privacy@phonely.ai.
Changes and Amendments
We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well. We will alert you to changes by placing a notice on the Phonely website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.
Where can I ask questions about this policy?
You can always reach Phonely with questions or concerns regarding our Privacy Policy by sending an email to privacy@phonely.ai.
Acceptance of this Privacy Policy
By using the Website or its Services, you agree to be bound by this Privacy Policy. If you do not agree to abide by the terms of this Privacy Policy, you are not authorized to use or access the Website and its Services.
CCPA/CPRA – California Consumer Protection Act / California Privacy Rights Act (CPRA)
The California Consumer Privacy Act of 2018 (“CCPA”) and the subsequent California Privacy Rights Act (“CPRA”) requires businesses that collect personal data of California residents to make certain disclosures regarding how they collect, use and disclose such information. This CCPA/CPRA-specific section addresses those requirements.
Personal Data Collection and Sharing: Phonely collects the Personal Data as set forth in the Section titled “When and How Phonely Collects Personal Data” of the Privacy Policy. For the purposes of the CCPA/CPRA, the term “Personal Data” means “Personal Data,” as defined in the CCPA. For purposes of CCPA/CPRA, we collect the following categories of Personal Data from you when you Interact with us and we share that Personal Data for a business purpose as follows:
You can find the types of Personal Data we collect about you in the Section titled “Types of Data We Collect” of the Privacy Policy, but since California regulations have specific terms, please find below the correct applicable terms:
Identifiers (e.g., unique personal identifiers)
Any categories of Personal Data described in subdivision (e) of Section 1798.80. (e.g., name, address, telephone number, passport number, employment history, bank account number, etc.)
Characteristics of protected classifications under California or federal law (e.g., gender, marital status)
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding the interaction with the website, applications, or advertisements (e.g. email conversations).
Geolocation data (e.g., your location).
Professional or employment-related information.
Sources and Uses of Personal Data: The sources from which we collect Personal Data are described in the Sections titled “How Does Phonely Use Personal Data” and “Types of Data We Collect” of the Privacy Policy.
Purposes and Uses for Collecting Personal Data: We collect Personal Data identified in the list above to communicate with you, for marketing and promotional purposes, to provide and improve our services and other purposes set forth in the Section titled “How Does Phonely Use Personal Data” of the Privacy Policy.
Subprocessors. Our subprocessors have privacy and security practices in place to ensure compliance with the CCPA and have contractual requirements to protect the privacy and security of the personal data that they sub-process. As described in the Section titled “Personal Data Disclosures” of the Privacy Policy, we share some personal data with these sub-processors to help us provide, manage, secure, and improve the Services we provide. A current list of our third-party sub-processors is available here.
Sale or sharing of Personal Data. In this context, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer’s Personal Data by the business to another business or a third party, for monetary or other valuable consideration.” Similarly, the word “share” means the disclosure of Personal Data “for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.” Phonely does not sell or share your Personal Data as those terms are defined under California law. Phonely will only disclose your Personal Data as detailed in this Privacy Policy.
California Consumer Rights: California law gives California residents the right to make the following requests with regard to certain information we collect about them, at no charge, two times every 12 months:
Disclosure Right. The right to request disclosure of Phonely’s data collection and sales practices, including categories of information we have collected, the source of the information, our use of the information and, if the information was disclosed or sold to third parties, the categories of Personal Data disclosed or sold to third-parties and the categories of third-parties to whom such information was disclosed or sold.
Copy Right. The right to request a copy of the specific Personal Data we collected about you in the past 12 months.
Deletion Right. The right to request deletion of Personal Data we have collected, subject to certain exemptions (for example, where the information is used by us to detect security incidents, debugging or to comply with a legal obligation, and where the Personal Data is being used on an anonymized and aggregated basis consistent with the requirements of the CCPA/CPRA).
Opt-out Right. The right to opt-out of the sale or sharing of your Personal Data, if applicable. However, Phonely strictly does not sell or share, as defined by the CCPA and the CPRA, as applicable, your Personal Data.
Non-discrimination Right. The right not to be discriminated against when exercising any of these rights.
Exercising Your Rights: You may exercise those rights by utilizing our Data Subject Access Request (DSAR) Portal. Following the submission of your request, Phonely will verify your identity and respond to you within 30 days of the receipt of the request. When you update information, we may maintain a copy of the unrevised information in our records. Phonely does not and will not discriminate against you for exercising your rights under the CCPA/CPRA.
