Privacy Policy - 2023 11 03

Telnyx is a next-generation communication cloud-based communication platform that provides carrier-grade services on a global, private IP voice network. By unlocking the power of intelligent connectivity, we’re laying the foundation for a future of endless innovation and interconnected technology, where communication flows seamlessly between people, devices and applications across the globe.

At Telnyx, we are committed to honoring the privacy of our customers and visitors to our website. We recognize the importance to you, our website customer or visitor, of maintaining an appropriate level of privacy and security for the personal information we collect from you through this website. We store your data safely and handle it with the utmost care and in accordance with applicable law.

The following privacy policy (the "Privacy Policy") along with that certain data processing addendum (as may be updated from time to time and which is hereby incorporated by reference, the "DPA", available at https://telnyx.com/legal/data-processing-addendum) applies and governs personal data collected via our website https://telnyx.com, as well as, shared personal data through the services offered by Telnyx to the customers, website visitors and, where applicable, end-users of our services (collectively, "you" or "your"), including our gathering, use and disclosure practices with respect to your information that is collected by us or provided by you on and through this website. By accessing or using our website or services, you acknowledge that you have read and accepted the practices, procedures and terms and conditions of this policy and any other terms of use or policies posted by us.

Please note that this Privacy Policy applies only to the Telnyx website and services and does not cover handling and processing of your personal data used by the websites of our advertisers or of any other third parties to which we link and will also not cover handling of personal data of an employee, contractor, consultant, candidate or intern of Telnyx. All references to “Telnyx”, "we", "us" "our" throughout this policy statement include, unless otherwise stated, all Telnyx affiliate companies, subsidiaries, successors and assigns. By accessing or using Telnyx’s website and services, you consent to the use of your personal data and any other information in accordance with the terms of this Privacy Policy.

For the purposes of this Privacy Policy, the “personal data” or “personal information” means any information that relates to, describes, could be used to identify an individual, directly or indirectly. This does not include anonymous or de-identified data, which does not relate to an identified or identifiable natural person or cannot be linked to or identify an individual.

Policy Revisions

We may, from time to time, change this Privacy Policy with or without notice. If you have any questions or concerns regarding this Privacy Policy, you may email us at: [email protected].

Data Protection

Telnyx complies with all data privacy laws and directives, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Since you as our customer integrate our products in your software applications, we don’t interact with your end users directly. However, when you, as a customer, do share your end user information with us, we always handle the data in accordance with agreed data processing terms, if any, and data protection regulations, including the GDPR. We don’t use that data for any purposes other than specifically issued by the customer who provides the data, or to the extent required under law.

You’ll encounter the terms “controller” and “processor” in this policy. By “controller”, we mean the company that an individual (“data subject”) provides their personal data to. The controller determines the purpose for the personal data and is responsible for the correct handling of the data subject’s data. By “processor”, we mean the company that provides part of the services to the controller, and needs specific personal data in control of the controller in order to do so. In any such case where we act as a controller, such controller may be Telnyx LLC or Telnyx Ireland Limited, as applicable.

Depending on your relationship with Telnyx, we may both be a controller and/or a processor. When Telnyx processes any personal data or contents of communications provided by you as a customer, we will process such data as a processor. When Telnyx processes communications metadata, Telnyx is a processor in many respects, but may act as a controller in others. When Telnyx processes your personal data that you have provided to us through our portal, website or otherwise, Telnyx may be acting as a controller with respect to portion of such personal data, which may include billing and account data. When Telnyx is acting as a controller or as a processor, it always ensures that the parties we work with adhere to our Privacy Policy and applicable data protection legislation. Additionally, we ensure that another party will not use the data you have entrusted to us for any other purpose than delivering the services you have purchased.

When we collect personal information from you in connection with accessing our website, applications or services within the European Economic Area (EEA) and the United Kingdom (UK), our lawful basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

We will normally collect personal information from you where we need the personal information to provide services to you or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the personal information in question (i.e. traffic monitoring, service usage) or we may process your personal information where we have your consent to do so.

Moreover, if we collect and use your personal information in reliance on our or a third party's legitimate interests and those interests are not already listed below, we will make clear to you those legitimate interest at the relevant time.

What Kinds of Personal Information Does Telnyx Collect?

Telnyx may collect:

• Identifiers, your full name, address, email, company name, company website, telephone number, caller ID information, unique personal identifier, online identifier, Internet Protocol (“IP”) address, proof of address and ID of end users (where there is a regulatory requirement);
• Account Payment Information, your credit/debit card number, signature, bank wire transfer information;
• Commercial Information, records of products or services purchased, obtained, or considered or other purchasing or consuming histories or tendencies;
• Internet or Similar Network Activity, your browsing and search history, information on your interaction with our websites and advertisements, information about the communications delivered via our platform or applications;
• Metadata, information about the communications delivered via our platform such as source and destination information, IP address, completion status, time and duration of use;
• Geolocation Data, when you use our products or services, such as source and destination information about the communications delivered, real-time location information for emergency service via the Telnyx products or services;
• Cookies and other technologies, website cookies and similar technologies to distinguish you from other visitors and compile information about the usage of our websites. For further information, please see “Cookies” section below;
• Sensory Data, your interactions with our sales and customer support teams may be recorded for quality assurance, training and analysis purposes (consent will be recorded if required by applicable law). When you use our products or services, it may include text-to-speech transcriptions, DTMF tones, media in your voice calls and text messages;

How Do We Collect Your Personal Data ?

We tend to use different methods when collecting your personal data from and about you which includes:

• Direct interactions with you. You may give us information about you by filling in forms, engaging in chat on our website, accessing or utilizing any of our websites, opening an account with us, requesting support, subscribing to our newsletters, requesting information or materials (e.g. whitepapers), registering for events or webinars, visiting our booth at a trade show or other event, participating in surveys or evaluations, accessing or utilizing any of our websites, submitting questions or comments, or by corresponding with us by phone, email, video, or otherwise;
• Automated technologies or interactions. As you interact with our websites, we may automatically collect technical data about your equipment, browsing actions, and patterns as specified above. See “Cookies” section for additional details;
• Third parties or publicly available sources. We may receive information about you if you visit other websites employing our cookies or from third parties including, for example, advertising networks, analytics providers, through publicly available data, such as social media (like LinkedIn, Facebook, and others) and websites;
• Indirectly. As a service provider in the course of providing voice and messaging communications services.

For avoidance of any doubt, will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you a notice. We would like to reassure you that legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it, including but not limited to:

(a) performance of a contract; (b) legitimate interest; (c) necessary for compliance with a legal obligation; (d) consent to collect and process your Personal Data.

Why We Collect Your Information and How We Use It?

Telnyx may use your personal data collected in due course for one or more of the following purposes:

To provide Services to you, activities which may include:

• responding to your inquiry about our products and services, including to investigate and address your concerns and monitor and improve our responses; enable to you as our customer and where applicable to your end users, to send and receive communications via our platform and to bill, collect and remit taxes, fees and surcharges to the appropriate jurisdictions for those services; inform you of additional features, expanded coverage or other products or services offered by us;

• allowing you to interact with our systems, including our websites, to create, maintain, customize and secure your account with us, to process your requests, purchases, transactions and payment;
• personalizing your website experience and to deliver content and service information relevant to your interests, including targeted offers, marketing communications and ads through our websites, third-party sites and via email; to maintain the safety, security and integrity of our website, services, databases and other technology assets and business;
• testing, researching, developing, and analyzying; mitigation of fraud and spam (as applicable per specific product offering), unlawful or abusive activity, or violations of our acceptable use policy; perform quality control; gauge routing effectiveness and deliverability and product development, including developing and improving our websites and products and services. Specifically, with respect to MMS and SMS messaging, we may utilize industry-standard content-analysis software which may utilize electronic, algorithmic inspection of the originating telephone number and/or content of MMS and SMS messages for purposes of spam blocking;
• responding to law enforcement requests, as well as security and safety requirements, this may include: (i) responding to law enforcement requests (e.g. subpoena) and/or as required by applicable law, court order, governmental regulations, or other legal process where we believe in good faith that disclosure protects your safety or the safety of others, and allows us to enforce or protect our and your rights; and (ii) for safety and/or security purposes, we ask visitors to our offices to register and to manage non-disclosure agreements which may be required to sign, to the extent such processing is necessary for our legitimate interest and safety concerns such as protecting our offices and our confidential information against unauthorized access;

Who Has Access to Your Personal Data?

Except as set forth in this policy or unless we specifically disclose it to you at the time of collection or subsequently obtain your approval, we will not make any personal data that is gathered on our site available to unaffiliated organizations for commercial purposes unrelated to the business of Telnyx. However, certain federal, state and local laws or government regulations may require us to disclose personal data about you. In these circumstances, we will use reasonable efforts to disclose only the information required by law, subpoena or court order to be disclosed.

Telnyx may share your personal data with some of the following third parties, for business purpose and where is legally necessary:

• Telecom operators and other communications and communications-related services providers for proper routing and connectivity;
• Third party service and technology providers who perform necessary actions on our behalf, such as payment processors and hosting service providers;
• Telnyx affiliates and subsidiaries, successors and assigns;
• Where we are legally obligated to do so to protect the confidentiality or security of your personal data or other personal records; and
• To our attorneys, accountants and regulators.

We don’t sell information to third parties for advertising, but we do use your personal data to inform our direct marketing efforts, such as through Google Adwords. You can learn more about managing your advertising preferences in our Cookie Policy.

We may also share aggregate anonymized data relating to the transactions on the site and use of our services for marketing, research and other purposes.

Data Subject Rights

Telnyx would like to make sure you are fully aware of all of your data protection rights. Under GDPR provisions (which for the purposes of this Privacy Policy also applies to Swiss and UK individuals), every data subject or user is entitled to the following rights:

• The right to be informed – you have the right to request that we inform you of what data is being collected, how it’s used, how long it’s kept and whether it will be shared with third parties.
• The right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.
• The right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
• The right to erasure – you have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The rights in relation to automated decision making and profiling – you have the right not to be subject to a decision based solely on automated processing.

At any time, you can make a request to exercise any above-listed rights. If you would like to exercise any of these rights, please contact us at our email: [email protected].

All of the above rights are subject to applicable exceptions and limitations under the GDPR and other applicable law. We may deny or limit a request where permitted by law, including where we are required to retain personal data to comply with legal obligations, regulatory requirements, or telecommunications industry mandates.

CCPA/CPRA Data Protection Rights

The California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act ("CCPA/CPRA") provides California residents with specific rights regarding their personal information. This section describes CCPA rights and explains how to exercise those rights.

• The right to access
• The right to opt out of the sale of personal information
• The right to deletion of a consumer’s personal information
• The right of data portability
• The right to correct inaccurate personal information • The right to opt out of the sharing of personal information • The right to limit use of sensitive personal information
• The right not to be discriminated against for exercising rights under the CCPA/CPRA

If you would like to exercise any of these rights, please contact us at our email: [email protected]

Only you, or someone legally authorized to act on your behalf (this includes an authorized agent), may make a verifiable consumer request (“request”) related to your personal information. You may only make a request for access or data portability twice within a 12-month period. An authorized agent making a request on your behalf must provide us with written authorization providing the agent with the ability to make a CCPA/CPRA request signed by you. Additionally, you will need to verify your identity directly with us. Please note that this authorized agent requirement is not applicable when the authorized agent has a power of attorney. The request must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (2) describes your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Any disclosures we provide will cover the 12-month period preceding receipt of the request. We will provide a response to a request within forty-five (45) days of its receipt. If we reasonably require an extension of time, we will notify you within the first forty-five (45) day period and such extension will not exceed an additional forty-five (45) days. We will not discriminate against you for exercising any of your CCPA/CPRA rights. Any personal information provided to us for verification and fraud-prevention purposes will only be used for that purpose and such information will be deleted as soon as practical after processing of your request.

Sensitive Personal Information: We may collect certain categories of sensitive personal information, including account login credentials, financial account information, and precise geolocation data (where applicable), and use such information as permitted under the CCPA/CPRA.

You may exercise your right to opt out of the sale or sharing of your personal information by contacting us at [email protected] or by using the opt-out mechanism on our website, if available.

Please Note, You will not have to pay a fee to access your Personal Data or to exercise any of your rights listed above. However, we may charge a reasonable fee if your request, in our sole opinion, is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may request additional information to verify your identity.

All rights are subject to applicable exceptions and limitations under the CCPA/CPRA and other applicable law. We may deny or limit a request where permitted by law, including where we are required to retain personal information to comply with legal obligations, regulatory requirements, or telecommunications industry mandates, or where the information is necessary to complete a transaction, detect security incidents, or exercise or defend legal claims.

If you have concerns about our privacy practices, you may also contact the California Privacy Protection Agency at cppa.ca.gov.

If you would like to exercise any of these rights, please contact us at our email: [email protected].

Additional U.S. State Privacy Rights

Residents of certain other U.S. states may have additional rights under applicable state privacy laws, including but not limited to the laws of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states that have enacted comprehensive privacy legislation. These rights may include, depending on your state of residence:

The right to confirm whether we are processing your personal data; The right to access your personal data; The right to correct inaccuracies in your personal data; The right to delete your personal data; The right to obtain a copy of your personal data in a portable format; The right to opt out of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity before processing your request. If we decline your request, you may have the right to appeal our decision by contacting us at the same email address. If you are not satisfied with our response to your appeal, you may contact your state's attorney general or applicable data protection authority.

The rights described above are subject to applicable exceptions and limitations under each state's law. We may deny or limit a request where permitted by law, including where retention of personal data is required to comply with legal obligations, regulatory requirements, or telecommunications industry mandates.

How Long Do We Hold Your Personal Data?

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes to provide you with services, of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements. After expiration of the applicable retention periods, your personal data will be deleted or anonymized. If there is any personal data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such personal data. To improve our products and services, we may aggregate and anonymize your personal data (so that it can no longer be associated with you), in which case we may use such aggregated and anonymized information indefinitely without further notice to you.

Generally

We only ask for personal data when we need it for business purposes or to provide you with relevant information. You generally have the opportunity to agree to the collection, use, disclosure and sharing of the information you’ve provided. That applies whether you’re browsing our website, where you can manage your cookie preferences. For more information on how we use cookies, see our Cookie Policy.

Customer Proprietary Network Information (“CPNI”)

We also want you to be aware that certain information related to your telecommunications services account with us such as to whom, where and when you make calls is CPNI. CPNI is protected by specific federal laws and regulations and as such we are fully committed to comply with such laws and regulations, both through our website and in all other respects. Without your consent, we will only share or disclose your CPNI (i) to market to you services or products among the categories of services or products you currently subscribe, (ii) to initiate, render, bill and collect our telecommunications services, (ii) to protect you or other carriers from illegal or fraudulent use of, or subscription to, our services or to protect our rights or property, (iii) to provide your call location information in certain specified emergency situations, and (iv) for other legally permissible purposes.

Call Recording

Telnyx operates a telephone system which is capable of recording conversations for the achievement of various proper and lawful purposes, including (i) quality monitoring, (ii) training, (iii) compliance and (iv) safeguarding purposes. Calls, incoming or outgoing, may be recorded, retained and/or collected.

All calls, incoming and/or outgoing to and/or from Telnyx, can be recorded. Under normal circumstances, a call will not be retrieved or monitored unless:

1. It is necessary to investigate a complaint;
2. It is part of a management quality check that our standards are being met;
3. It provides assurance of Telnyx quality standards and policies.
4. There is a threat to the health and safety of staff and/or visitors and/or customers and/or vendors and/or for the prevention and/or detection of a crime;
5. It is necessary to check compliance with regulatory procedures;
6. It will aid Telnyx employees in call handling through use in training and coaching our staff;
7. It is for safeguarding purposes; or
8. It is for helping to protect employees from abusive or nuisance calls.

Personal data collected in the course of recording activities will be processed fairly and lawfully in accordance with the relevant legislation, including GDPR. Data collected shall be:

1. Adequate, relevant and not excessive;
2. Used for the purpose(s) stated in this policy only and not used for any other purposes;
3. Accessible only to managerial and/or senior staff such as our CEO, COO, legal department, accountants and specifically authorized IT representatives.
4. Handled and managed confidentially;
5. Kept and/or stored securely; and
6. Not kept for longer than necessary and will be securely destroyed thereafter.

Where possible, we will inform the caller and/or the receiver of the call that the call will be monitored/recorded for quality/training purposes so that they have the opportunity to consent by continuing with the call or hanging up.

By continuing a call and/or accepting the current policy you freely and unconditionally consent that when receiving a call from Telnyx and/or when you are calling Telnyx, the call may be monitored or recorded for the purpose(s) stated in this policy.

Artificial Intelligence and Machine Learning

Telnyx offers a range of AI and machine learning products and services, including but not limited to Voice AI Agents, large language model (LLM) inference, an open-source LLM library, text-to-speech, speech-to-text, and an Embeddings API (collectively, "AI Services"). This section describes how we handle data in connection with these AI Services.

When you use our AI Services, you may submit inputs such as text prompts, voice audio, documents, or other content ("AI Inputs"), and receive generated outputs such as text responses, synthesized speech, embeddings, or other results ("AI Outputs," and together with AI Inputs, "AI Content").

We process your AI Content to provide, maintain, and improve our AI Services. This may include using AI Content for service delivery, quality assurance, safety and abuse prevention, and service improvement. Our use of AI Content is further governed by your service agreement and applicable data processing terms.

We may retain metadata about AI Service requests (such as timestamps, token counts, model identifiers, and error codes) for service operations, billing, and compliance purposes.

Certain AI Services allow you to enable features such as conversation logs, transcription storage, or call recordings within your account. When you enable these features, the resulting data is stored on your behalf and is subject to the retention periods you configure or as set forth in your service agreement.

Our AI Services may use third-party artificial intelligence or machine learning technology to process your AI Content. Your use of AI Services that involve third-party technology is subject to the applicable terms set forth in your service agreement. If you use our platform with your own API keys for third-party model providers, your AI Content may also be transmitted to those providers in accordance with their respective terms and privacy policies.

Telnyx AI Services are tools that operate under your direction. If you deploy AI Services in a manner that involves automated decision-making affecting individuals, you are responsible for ensuring compliance with applicable laws, including providing appropriate notice and offering individuals the right to contest such decisions where required.

Certain AI Services may process voice recordings or voice characteristics that may be considered biometric data under applicable laws. If you use AI Services to process voice data or other data that may constitute biometric data, you are responsible for compliance with all applicable biometric data laws, including obtaining any required consents from individuals whose data is processed.

International Data Transfer

Telnyx complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Telnyx has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Telnyx has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”, together with the EU-U.S. DPF Principles, the “DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension, and the Swiss-U.S. DPF, Telnyx commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension and the Swiss-U.S. DPF.

Your personal data may be transferred and processed outside your jurisdiction (this may include US) and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (“EEA”). As set forth by the U.S. Department of Commerce, Telnyx is officially certified under the EU-U.S. DPF, the UK Extension, and Swiss-U.S. DPF and relies on these certifications as its primary transfer mechanisms for transfers of personal data from the EU and Switzerland to the U.S. Where neither the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, nor the Swiss-EU DPF apply, and where applicable law requires us to utilize a data transfer mechanism, we rely on adequacy decisions as adopted by the applicable jurisdiction; standard contractual clauses issued by the European Commission or pursuant to established derogations for specific situations.

Moreover, we have employees located outside the European Economic Area ("EEA") that may access certain personal data, only on a need-to-know basis, for the performance of the service we offer you (e.g. account management, technical support, legal compliance). However, all employees are trained in the same way in order to be compliant with the GDPR, regardless of the country they are based in. Therefore, you don’t have to worry, your data will always be in good hands.

We may also share data with third parties outside the EEA whenever it is absolutely necessary to render our services. In all cases, sub-processors will agree to data processing obligation with us and/or relevant European Commission’s Model Clauses.

The Federal Trade Commission has jurisdiction over Telnyx’s compliance with the EU-U.S. DPF and the UK Extension, and the Swiss-U.S. DPF.

In connection with the EU-U.S. DPF Principles, an individual has the right, under certain conditions, to invoke binding arbitration as set forth in Annex 1 of the EU-U.S. DPF Principles, provided such individual has invoked such right by delivering notice thereof. Telnyx adheres to the DPF Principles for onward transfers of personal data to third parties and remains liable for damages caused by third parties under the EU-U.S. DPF unless Telnyx did not cause the event giving rise to damage.

Third Party Sub-Processors

Telnyx currently works with third party sub-processors in order to:

A. provide infrastructure and storage services; B. help us provide customer support and commercial communications and C. help us render our services to you as a customer.

For all sub-processors Telnyx performs a privacy and security due diligence to evaluate the sub-processor’s privacy and security standards and executes a data processing agreement.

You may request for the most up to date list of sub-processors we work with and who may have access to certain Personal Data.

Please bear in mind that, in order to render our services, we work with partners whose names may not be disclosed due to confidentiality obligations. However, we make sure that, in cases where they might need to process your data, they do so under the same privacy and security standards as we do.

Know-Your-Customer

In order to provide the Services and/or to comply with applicable law, rule or regulation, we may require you to submit certain identification verification information, including, without limitation, personal identifiable information and biometric information to Telnyx or certain third-parties.

Cookies

Our site may make use of cookies (or a similar technology) to better manage our sites and to assist us in providing you with tailored information and services. A cookie is a tiny element of data that a website can send to your browser, which is stored on your hard drive so that we can do things such as better serve you as you navigate through our site or when you return. You may set your browser to notify you or decline the receipt of a cookie; however, certain features of our sites or services may not function properly or be available if your browser is configured to disable cookies. You can learn more about managing your advertising preferences in our Cookie Policy.

Email

Telnyx’s policy is not to read or disclose private e-mail communications that are transmitted using Telnyx services except to respond, if directed to us, or as required to operate the service, as set forth in the terms of use and policies established from time to time governing the service, or for other legally permissible purposes.

Security

Telnyx maintains physical, electronic and procedural safeguards designed to protect the confidentiality of personal data provided by you on and through our website. For example, unique passwords or user identifications are required to access a number of our website services. In addition to requiring the use of a unique password or user identification, all payments processed through our website require certain personal data provided by you to be sent in a “Secure Session” using Secure Socket Layer encryption technology. This technology is designed to encrypt—or scramble—your financial or credit card account information to help prevent unauthorized parties from reading it. We seek to regularly test and update our technology to help protect your personal data. However, such precautions do not guarantee that our website is invulnerable to all security breaches. Telnyx makes no warranty, guarantee, or representation that use of our website is protected from all viruses, security threats or other vulnerabilities and that your information will always be secure. When doing business with others, such as advertisers to whom you can link from our site, you should consider the separate security and privacy policies of those other sites.

Your Use of Passwords or User Identifications

Except as specifically permitted by this privacy policy or other instructions regarding the online services you may not, and will ensure that you do not, lend, give, or otherwise disclose any passwords or user identifications to any unauthorized person, or permit any unauthorized person to use your accounts or related passwords or user identifications. Any loss of control of passwords or user identifications may result in the loss of control over personal data. You will be responsible for any actions taken on your behalf or any person using your passwords or user identifications. If passwords or user identifications have been compromised for any reason, then you should immediately change such password or user identification or notify us so that we may issue a new password or user identification.

Discussion Areas

This site may provide discussion areas so that customers and visitors can communicate freely and share ideas. Please remember that any information that is disclosed in these areas becomes public information and you should exercise caution when disclosing such information. These discussion areas may be monitored by us or law enforcement officials as appropriate occasionally in order to enhance the safety and respect for all of our customers and visitors, and off-topic, unlawful or otherwise inappropriate content of materials of which we become aware may or may not be removed from the site during the course of such monitoring. However, Telnyx is not responsible for any information posted or remaining on these discussion areas.

Links to Other Sites

For the convenience of our visitors and customers, this website may contain links to other sites. While we generally try to link only to sites that share similar high standards and respect for privacy, we have no responsibility or liability for the content, products or services offered, independent actions, or the privacy and security practices employed by these other independent sites. We encourage you to ask questions and review the applicable privacy policies before disclosing information to third parties on these independent sites.

Updates or Revisions to Personally Identifiable Information

Your use of certain of our online services may permit you to update personal data from our database by accessing our website. If you remove certain information from your account, we will only retain copies of such information as are necessary for us to comply with governmental orders, resolve disputes, troubleshoot problems, enforce any agreement you have entered into with us and as otherwise reasonably necessary.

If You Do Not Wish to Disclose Your Information

Even though we collect your data to conduct business, your data stays your own. You stay in control of your personal data and can at any time choose what you want us do with it. You can at any time:

Change your cookie settings.

When you visit our website for the first time, you can decide to accept all cookies or accept specific cookies using your browser tools or deny all our cookies. You can always change your preferences in your browser settings.

Withdraw consent to our processing of your data.

If for whatever reason you no longer want us to use your personal data, you’re free to change your mind. We will always comply with your request, unless we're legally required to keep your data. Which basically means that if there is any legal dispute, about for example outstanding invoices, we can keep your information until it’s resolved.

Control and review your data.

You can always view, amend, delete, and transfer your personal data. If you want to edit your information, you can do so on our portal where you can find an overview of your personal data. When you choose to delete your personal data, we hold the right to hold onto anonymised and aggregated data. If we do so, nothing will be able to identify you as a person in any way. If we’re required to retain your information for legal reasons, we will let you know in response to your request.

Object to and restrict the processing of data.

When your personal data is being processed to fulfill a legitimate interest to us, such as marketing, you’re able to object and unsubscribe by sending an email to [email protected]. You can always exercise your right to restrict processing, and we’ll make sure to process your data in the way you specify. We will assess each request on a case-by-case basis according to the rules set out by the GDPR. If we override your request, we need to demonstrate that we have compelling grounds to do so, or that there’s a legal claim which allows us to retain personal data. If you don’t agree with how we’ve handled your request, you can file a complaint with the authority related to the member state you live or work in, or the country in which the suspected infringement has taken place.

Additional Notices for Residents of Australia

For customers in Australia wishing to procure prepaid mobile services, Telnyx uses a secure online identification service provided by its subcontractor, Onfido UK Limited and its affiliates (together “Onfido”).

Telnyx and/or Onfido collect and hold certain personal information (including sensitive information) about you when you register on Telnyx’s website and purchase a prepaid mobile number service. The kinds of information may include facial biometrics, identity documents, personal details, images/videos, and device data. The information is collected via direct interactions with you and through the use of the website and services. The purpose of collecting this information is to provide you with access to our portal, verify your identity, and to comply with our regulatory obligations. We may disclose your biometric data and other personal data to overseas recipients. Information held by Onfido relating to you is stored in the United States of America. More information can be located in our Privacy Notice (which is made available at the time of collection).

In addition to the above, Telnyx handles personal information of Australian customers and end users in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"). This includes personal information collected in connection with all Telnyx services, not only prepaid mobile services.

We collect and use your personal information for the purposes described in this Privacy Policy. We will not use or disclose your personal information for a purpose other than the purpose for which it was collected (a "primary purpose"), unless: (a) you would reasonably expect us to use or disclose the information for a related "secondary purpose" and, in the case of sensitive information, that secondary purpose is directly related to the primary purpose; (b) you have consented; or (c) we are required or authorized by law to do so. Where we disclose personal information to overseas recipients (including to our affiliates and sub-processors in the United States and other countries), we take reasonable steps to ensure that the overseas recipient handles your personal information in accordance with the APPs.

If you wish to complain about a breach of Australia’s privacy laws (including the Australian Privacy Principles) or have any other concerns or questions, please contact us at [email protected]. We will investigate and try to resolve the complaint in a fair and efficient manner. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

Children’s Privacy

We do not intend for this site to be used by children under the age of 13, nor do we seek to collect information about children under the age of 13. If you are under the age of 13, please do not provide us with information and promptly exit this site. We encourage parents or legal guardians to talk with their children about the potential risks of providing information over the Internet.

ACH Functionality

Solely with respect to those Customers approved by Telnyx for use of the ACH payment functionality within the Portal, the following shall apply: In order to use the payment functionality of our application, you must open a “Dwolla Account” provided by Dwolla, Inc. and you must accept the Dwolla Terms of Service and Privacy Policy. Any funds held in or transferred through your Dwolla Account are held or transferred by Dwolla’s . You must be at least 18 years old to create a Dwolla Account. You authorize us to collect and share with Dwolla your personal information including full name, [date of birth, social security number, physical address,] email address and financial information, and you are responsible for the accuracy and completeness of that data. You understand that you will access and manage your Dwolla Account through our application, and Dwolla account notifications will be sent by us, not Dwolla. We will provide customer support for your Dwolla Account activity, and can be reached at .

Changes to this Privacy Policy

We reserve the right to make corrections or updates to this Privacy Policy at our sole discretion from time to time. When we do so, we will post the updated Privacy Notice on our website and update the Privacy Policy effective date. We encourage you to periodically review this Privacy Policy published on our website.

The Australian Privacy Principals (AAP) 5 Privacy Notice can be found here.

How to Contact Us

If you have questions about this Privacy Notice, concerns or questions, please contact [email protected]

Or write to us via post to: Telnyx LLC 600 Congress Avenue 14th Floor Austin, TX 78701