Last updated effective November 2021
Telnyx is a next-generation communication cloud-based communication platform that provides carrier-grade services on a global, private IP voice network. By unlocking the power of intelligent connectivity, we’re laying the foundation for a future of endless innovation and interconnected technology, where communication flows seamlessly between people, devices and applications across the globe.
At Telnyx, we are committed to honoring the privacy of our customers and visitors to our website. We recognize the importance to you, our website customer or visitor, of maintaining an appropriate level of privacy and security for the personal information we collect from you through this website. We store your data safely and handle it with the utmost care and in accordance with applicable law.
Telnyx complies with all data privacy laws and directives, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
Since you as our customer integrate our products in your software applications, we don’t interact with your end users directly. However, when you, as a customer, do share your end user information with us, we always handle the data in accordance with agreed data processing terms, if any, and data protection regulations, including the GDPR. We don’t use that data for any purposes other than specifically issued by the customer who provides the data, or to the extent required under law.
You’ll encounter the terms “controller” and “processor” in this policy. By “controller”, we mean the company that an individual (“data subject”) provides their personal data to. The controller determines the purpose for the personal data and is responsible for the correct handling of the data subject’s data. By “processor”, we mean the company that provides part of the services to the controller, and needs specific personal data in control of the controller in order to do so.
When we collect personal information from you in connection with accessing our website, applications or services within the European Economic Area (EEA) and the United Kingdom (UK), our lawful basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal information from you where we need the personal information to provide services to you or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the personal information in question (i.e. traffic monitoring, service usage) or we may process your personal information where we have your consent to do so.
Moreover, if we collect and use your personal information in reliance on our or a third party's legitimate interests and those interests are not already listed below, we will make clear to you those legitimate interest at the relevant time.
What Kinds of Personal Information Does Telnyx Collect?
Telnyx may collect:
- Identifiers, your full name, address, email, company name, company website, telephone number, caller ID information, unique personal identifier, online identifier, Internet Protocol (“IP”) address, proof of address and ID of end users (where there is a regulatory requirement);
- Account Payment Information, your credit/debit card number, signature, bank wire transfer information;
- Commercial Information, records of products or services purchased, obtained, or considered or other purchasing or consuming histories or tendencies;
- Internet or Similar Network Activity, your browsing and search history, information on your interaction with our websites and advertisements, information about the communications delivered via our platform or applications;
- Metadata, information about the communications delivered via our platform such as source and destination information, IP address, completion status, time and duration of use;
- Geolocation Data, when you use our products or services, such as source and destination information about the communications delivered, real-time location information for emergency service via the Telnyx products or services;
- Cookies and other technologies, website cookies and similar technologies to distinguish you from other visitors and compile information about the usage of our websites. For further information, please see “Cookies” section below;
- Sensory Data, your interactions with our sales and customer support teams may be recorded for quality assurance, training and analysis purposes (consent will be recorded if required by applicable law). When you use our products or services, it may include text-to-speech transcriptions, DTMF tones, media in your voice calls and text messages;
- Personal information of end users in the course of providing voice and messaging communications services. This communications Information may include both the content of calls and messages sent or received via out platform (“Communications Content”) and information about the communications delivered via our platform such as source and destination information, IP address, completion status, time and duration of use, registered address and/or real-time location information for emergency services, and caller ID information (herein known as “Metadata”).
How Do We Collect Your Personal Data ?
We tend to use different methods when collecting your personal data from and about you which includes:
- Direct interactions with you. You may give us information about you by filling in forms, engaging in chat on our website, accessing or utilizing any of our websites, opening an account with us, requesting support, subscribing to our newsletters, requesting information or materials (e.g. whitepapers), registering for events or webinars, visiting our booth at a trade show or other event, participating in surveys or evaluations, accessing or utilizing any of our websites, submitting questions or comments, or by corresponding with us by phone, email, video, or otherwise;
- Automated technologies or interactions. As you interact with our websites, we may automatically collect technical data about your equipment, browsing actions, and patterns as specified above. See “Cookies” section for additional details;
- Third parties or publicly available sources. We may receive information about you if you visit other websites employing our cookies or from third parties including, for example, advertising networks, analytics providers, through publicly available data, such as social media (like LinkedIn, Facebook, and others) and websites;
- Indirectly. As a service provider in the course of providing voice and messaging communications services.
For avoidance of any doubt, will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you a notice. We would like to reassure you that legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it, including but not limited to: (a) performance of a contract; (b) legitimate interest; (c) necessary for compliance with a legal obligation; (d) consent to collect and process your Personal Data.
How Do We Use Your Personal Data?
Telnyx may use your personal data collected in due course for one or more of the following purposes:
To provide Services to you, activities which may include:
- responding to your inquiry about our products and services, including to investigate and address your concerns and monitor and improve our responses;
enable to you as our customer and where applicable to your end users, to send and receive communications via our platform and to bill, collect and remit taxes, fees and surcharges to the appropriate jurisdictions for those services; inform you of additional features, expanded coverage or other products or services offered by us;
- allowing you to interact with our systems, including our websites, to create, maintain, customize and secure your account with us, to process your requests, purchases, transactions and payment;
- personalizing your website experience and to deliver content and service information relevant to your interests, including targeted offers, marketing communications and ads through our websites, third-party sites and via email; to maintain the safety, security and integrity of our website, services, databases and other technology assets and business;
- testing, researching, developing, and analyzying; mitigation of fraud and spam (as applicable per specific product offering), unlawful or abusive activity, or violations of our acceptable use policy; perform quality control; gauge routing effectiveness and deliverability and product development, including developing and improving our websites and products and services. Specifically, with respect to MMS and SMS messaging, we may utilize industry-standard content-analysis software which may utilize electronic, algorithmic inspection of the originating telephone number and/or content of MMS and SMS messages for purposes of spam blocking;
- responding to the law enforcement requests, as well as security and safety requirements, this may include: (i) responding to law enforcement requests (e.g. subpoena) and/or as required by applicable law, court order, governmental regulations, or other legal process where we believe in good faith that disclosure protects your safety or the safety of others, and allows us to enforce or protect our and your rights; and (ii) for safety and/or security purposes, we ask visitors to our offices to register and to manage non-disclosure agreements which may be required to sign, to the extent such processing is necessary for our legitimate interest and safety concerns such as protecting our offices and our confidential information against unauthorized access.
Who Has Access to Your Personal Data?
Except as set forth in this policy or unless we specifically disclose it to you at the time of collection or subsequently obtain your approval, we will not make any personal data that is gathered on our site available to unaffiliated organizations for commercial purposes unrelated to the business of Telnyx. However, certain federal, state and local laws or government regulations may require us to disclose personal data about you. In these circumstances, we will use reasonable efforts to disclose only the information required by law, subpoena or court order to be disclosed.
Telnyx may share your personal data with some of the following third parties, for business purpose and where is legally necessary:
- Telecom operators and other communications and communications-related services providers for proper routing and connectivity;
- Third party service and technology providers who perform necessary actions on our behalf, such as payment processors and hosting service providers;
- Telnyx affiliates and subsidiaries, successors and assigns;
- Where we are legally obligated to do so to protect the confidentiality or security of your personal data or other personal records; and
- To our attorneys, accountants and regulators.
We may also share aggregate anonymized data relating to the transactions on the site and use of our services for marketing, research and other purposes.
Data Subject Rights
Telnyx would like to make sure you are fully aware of all of your data protection rights. Under GDPR provisions, every data subject or user is entitled to the following rights:
- The right to be informed – you have the right to request that we inform you of what data is being collected, how it’s used, how long it’s kept and whether it will be shared with third parties.
- The right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure – you have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The rights in relation to automated decision making and profiling – you have the right not to be subject to a decision based solely on automated processing.
At any time, you can make a request to exercise any above-listed rights. If you would like to exercise any of these rights, please contact us at our email: [email protected]
CCPA Data Protection Rights
The California Consumer Privacy Act (“CCPA”) provides California residents with specific rights regarding their personal information. This section describes CCPA rights and explains how to exercise those rights.
- The right to access
- The right to opt out of the sale of personal information
- The right to deletion of a consumer’s personal information
- The right of data portability
- The right not to be discriminated against for exercising rights under the CCPA
If you would like to exercise any of these rights, please contact us at our email: [email protected]
Only you, or someone legally authorized to act on your behalf (this includes an authorized agent), may make a verifiable consumer request (“request”) related to your personal information. You may only make a request for access or data portability twice within a 12-month period. An authorized agent making a request on your behalf must provide us with written authorization providing the agent with the ability to make a CCPA request signed by you. Additionally, you will need to verify your identity directly with us. Please note that this authorized agent requirement is not applicable when the authorized agent has a power of attorney. The request must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (2) describes your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Any disclosures we provide will cover the 12-month period preceding receipt of the request. We will provide a response to a request within forty-five (45) days of its receipt. If we reasonably require an extension of time, we will notify you within the first forty-five (45) day period and such extension will not exceed an additional forty-five (45) days. We will not discriminate against you for exercising any of your CCPA rights. Any personal information provided to us for verification and fraud-prevention purposes will only be used for that purpose and such information will be deleted as soon as practical after processing of your request. We will not sell (as defined under the CCPA) California resident personal information we collect.
Please Note, You will not have to pay a fee to access your Personal Data or to exercise any of your rights listed above. However, we may charge a reasonable fee if your request, in our sole opinion, is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. Also, to help us to progress your request, we may need to request specific information from you to confirm your identity and ensure your right to access your Personal Data or to exercise any of your above listed rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We will try to respond to all legitimate requests within one month of receipt of the request. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests, in which case, we will notify you and keep you updated on progress made.
If you would like to exercise any of these rights, please contact us at our email: [email protected].
How Long Do We Hold Your Personal Data?
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes to provide you with services, of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements. After expiration of the applicable retention periods, your personal data will be deleted or anonymized. If there is any personal data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such personal data. To improve our products and services, we may aggregate and anonymize your personal data (so that it can no longer be associated with you), in which case we may use such aggregated and anonymized information indefinitely without further notice to you.
Visiting Our Website
Except as otherwise provided in this policy or in other written documentation or policies that may be provided to you regarding the services or website, the only personal data that we collect about visitors to our website is that which is provided to us voluntarily by you. “Personal data” is information that tells us specifically who you are, such as your name, street address, email address, billing address, social security number, credit card number, other service account information, and certain other financial information. In general, you can visit our website without telling us who you are or revealing any personal data about yourself. Our Web servers may use “Cookies” (described below) to collect information about visitors such as your domain name, host from which you access the Internet, the IP address of your computer, and your browser software and operating system. This information may be aggregated to measure such things as the number of visits, average time spent on the site, number of pages viewed, and methods by which our site was found. Telnyx may use such information to evaluate the use of our site and to continuously improve the content and services being provided.
Using Our Web Site Services
Customer Proprietary Network Information (“CPNI”)
We also want you to be aware that certain information related to your telecommunications services account with us such as to whom, where and when you make calls is CPNI. CPNI is protected by specific federal laws and regulations and as such we are fully committed to comply with such laws and regulations, both through our website and in all other respects. Without your consent, we will only share or disclose your CPNI (i) to market to you services or products among the categories of services or products you currently subscribe, (ii) to initiate, render, bill and collect our telecommunications services, (ii) to protect you or other carriers from illegal or fraudulent use of, or subscription to, our services or to protect our rights or property, (iii) to provide your call location information in certain specified emergency situations, and (iv) for other legally permissible purposes.
Telnyx operates a telephone system which is capable of recording conversations for the achievement of various proper and lawful purposes, including (i) quality monitoring, (ii) training, (iii) compliance and (iv) safeguarding purposes. Calls, incoming or outgoing, may be recorded, retained and/or collected.
All calls, incoming and/or outgoing to and/or from Telnyx, can be recorded. Under normal circumstances, a call will not be retrieved or monitored unless:
- It is necessary to investigate a complaint;
- It is part of a management quality check that our standards are being met;
- It provides assurance of Telnyx quality standards and policies.
- There is a threat to the health and safety of staff and/or visitors and/or customers and/or vendors and/or for the prevention and/or detection of a crime;
- It is necessary to check compliance with regulatory procedures;
- It will aid Telnyx employees in call handling through use in training and coaching our staff;
- It is for safeguarding purposes; or
- It is for helping to protect employees from abusive or nuisance calls.
Personal data collected in the course of recording activities will be processed fairly and lawfully in accordance with the relevant legislation, including GDPR. Data collected shall be:
- Adequate, relevant and not excessive;
- Used for the purpose(s) stated in this policy only and not used for any other purposes;
- Accessible only to managerial and/or senior staff such as our CEO, COO, legal department, accountants and specifically authorized IT representatives.
- Handled and managed confidentially;
- Kept and/or stored securely; and
- Not kept for longer than necessary and will be securely destroyed thereafter.
Where possible, we will inform the caller and/or the receiver of the call that the call will be monitored/recorded for quality/training purposes so that they have the opportunity to consent by continuing with the call or hanging up.
By continuing a call and/or accepting the current policy you freely and unconditionally consent that when receiving a call from Telnyx and/or when you are calling Telnyx, the call may be monitored or recorded for the purpose(s) stated in this policy.
International Data Transfer
Your personal data may be transferred and processed outside your jurisdiction (this may include US) and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (“EEA”). Where applicable law requires us to utilize a data transfer mechanism, we rely on adequacy decisions as adopted by the European Commission; standard contractual clauses issued by the European Commission or pursuant to established derogations for specific situations.
Moreover, we have employees located outside the EEA that may access certain personal data, only on a need-to-know basis, for the performance of the service we offer you (e.g. account management, technical support, legal compliance). However, all employees are trained in the same way in order to be compliant with the GDPR, regardless of the country they are based in. Therefore, you don’t have to worry, your data will always be in good hands.
We may also share data with third parties outside the EEA whenever it is absolutely necessary to render our services. In all cases, sub-processors will sign a data processing agreement with us as well as relevant European Commission’s Model Clauses.
Third Party Sub-Processors
Telnyx currently works with third party sub-processors in order to: A. provide infrastructure and storage services; B. help us provide customer support and commercial communications and C. help us render our services to you as a customer.
For all sub-processors Telnyx performs a privacy and security due diligence to evaluate the sub-processor’s privacy and security standards and executes a data processing agreement.
You may request for the most up to date list of sub-processors we work with and who may have access to certain Personal Data.
Please bear in mind that, in order to render our services, we work with partners whose names may not be disclosed due to confidentiality obligations. However, we make sure that, in cases where they might need to process your data, they do so under the same privacy and security standards as we do.
Telnyx maintains physical, electronic and procedural safeguards designed to protect the confidentiality of personal data provided by you on and through our website. For example, unique passwords or user identifications are required to access a number of our website services. In addition to requiring the use of a unique password or user identification, all payments processed through our website require certain personal data provided by you to be sent in a “Secure Session” using Secure Socket Layer encryption technology. This technology is designed to encrypt—or scramble—your financial or credit card account information to help prevent unauthorized parties from reading it. We seek to regularly test and update our technology to help protect your personal data. However, such precautions do not guarantee that our website is invulnerable to all security breaches. Telnyx makes no warranty, guarantee, or representation that use of our website is protected from all viruses, security threats or other vulnerabilities and that your information will always be secure. When doing business with others, such as advertisers to whom you can link from our site, you should consider the separate security and privacy policies of those other sites.
Your Use of Passwords or User Identifications
This site may provide discussion areas so that customers and visitors can communicate freely and share ideas. Please remember that any information that is disclosed in these areas becomes public information and you should exercise caution when disclosing such information. These discussion areas may be monitored by us or law enforcement officials as appropriate occasionally in order to enhance the safety and respect for all of our customers and visitors, and off-topic, unlawful or otherwise inappropriate content of materials of which we become aware may or may not be removed from the site during the course of such monitoring. However, Telnyx is not responsible for any information posted or remaining on these discussion areas.
Links to Other Sites
For the convenience of our visitors and customers, this website may contain links to other sites. While we generally try to link only to sites that share similar high standards and respect for privacy, we have no responsibility or liability for the content, products or services offered, independent actions, or the privacy and security practices employed by these other independent sites. We encourage you to ask questions and review the applicable privacy policies before disclosing information to third parties on these independent sites.
Updates or Revisions to Personally Identifiable Information
Your use of certain of our online services may permit you to update personal data from our database by accessing our website. If you remove certain information from your account, we will only retain copies of such information as are necessary for us to comply with governmental orders, resolve disputes, troubleshoot problems, enforce any agreement you have entered into with us and as otherwise reasonably necessary.
If You Do Not Wish to Disclose Your Information
Even though we collect your data to conduct business, your data stays your own. You stay in control of your personal data and can at any time choose what you want us do with it. You can at any time:
Change your cookie settings.
When you visit our website for the first time, you can decide to accept all cookies or accept specific cookies using your browser tools or deny all our cookies. You can always change your preferences in your browser settings.
Withdraw consent to our processing of your data.
If for whatever reason you no longer want us to use your personal data, you’re free to change your mind. We will always comply with your request, unless we're legally required to keep your data. Which basically means that if there is any legal dispute, about for example outstanding invoices, we can keep your information until it’s resolved.
Control and review your data.
You can always view, amend, delete, and transfer your personal data. If you want to edit your information, you can do so on our portal where you can find an overview of your personal data. When you choose to delete your personal data, we hold the right to hold onto anonymised and aggregated data. If we do so, nothing will be able to identify you as a person in any way. If we’re required to retain your information for legal reasons, we will let you know in response to your request.
Object to and restrict the processing of data.
When your personal data is being processed to fulfill a legitimate interest to us, such as marketing, you’re able to object and unsubscribe by sending an email to [email protected]. You can always exercise your right to restrict processing, and we’ll make sure to process your data in the way you specify. We will assess each request on a case-by-case basis according to the rules set out by the GDPR. If we override your request, we need to demonstrate that we have compelling grounds to do so, or that there’s a legal claim which allows us to retain personal data. If you don’t agree with how we’ve handled your request, you can file a complaint with the authority related to the member state you live or work in, or the country in which the suspected infringement has taken place.
We do not intend for this site to be used by children under the age of 13, nor do we seek to collect information about children under the age of 13. If you are under the age of 13, please do not provide us with information and promptly exit this site. We encourage parents or legal guardians to talk with their children about the potential risks of providing information over the Internet.
How to Contact Us
If you have questions about this Privacy Notice, concerns or questions, please contact [email protected].