TheVoĉo
Privacy Policy
Your continued use of TheVoĉo means you are herein consenting to the following data procedures expressed within this agreement.
This policy only describes how TheVoĉo treats your information, not how other organizations treat your information. If you are using TheVoĉo services in a workplace or on a device or account issued to you by your employer or another organization, that company or organization likely has its own policies regarding storage, access, modification, deletion, and retention of communications and content which may apply to your use of any TheVoĉo service.
Nature and Purposes of Processing
TheVoĉo is a hosted telephony platform providing communication and collaboration services for customers. TheVoĉo processes the personal data of the individuals who participate in these communications.
Information We Process
Through your usage of TheVoĉo, we process different kinds of information. Some of it is personally identifiable and some are non-identifying or aggregated. Here are the types of information we collect or receive:
Personal Information
This includes all the information associated with your Extension. It includes names and full contact details for the individual or business that created the account. This is vital for PBX administrative purposes and basic call functions.
Trunk
This is the telephone numbers of the trunks you created and used by the system for basic call functions.
Call Detail Records (CDRs)
This is a record of the communication that has traversed the system. It typically includes source/destination name, source/destination number and other metrics. CDRs allow you to check call detail records.
Call Recordings
Call recordings are disabled by default and are opt-in only. The stored information includes phone numbers of the call parties, IP address, and all the recorded conversation. The system also supports uploading custom prompt to notify both parties that the call is being recorded. What's more, call parties can stop/interrupt a recorded call to protect personal data from being stored. The recording files are encrypted and stored in the TheVoĉo Central Management server but can only be accessed from the PBX Management Portal or via API.
Voicemail
This includes the called party's name, phone number, and all data left in the voicemail. This feature can be disabled if you do not want the system to store the above voicemail data. The system also supports uploading custom prompt to notify the party who left the voicemail about the personal data processing.
Voicemail Transcription
The feature requires authentication with Google Cloud Speech-to-Text API. When integrated, Google STT will be used to transcribe a voicemail to text.
Speed Dial
This includes the called party's phone number. You can choose not to use this feature.
Conferencing
This includes the name and phone number of all participants in the conference call. You can choose not to use this feature. If Call Recording is enabled and opted-in, all recorded conversation will also be included.
SMTP Server
An SMTP server is required for sending out email alerts as designated by PBX administrator and other emails as needed. TheVoĉo or the Service Provider provide a default SMTP server. The SMTP server will not store any email data. You can disable the default server or choose to use a Custom Email Server.
Event Alerts
When Event Alerting is enabled, the PBX will alert relevant contacts via email or phone number as designated by PBX administrator.
Call Reports
Based on call activities, agent activities (login/logout, pause/unpause), the PBX provides visual reports on the performance of your PBX system.
System Logs
When Debug log is enabled, System Log will capture call parties name and number for debugging purpose. Debug log is disabled by default.
Operation Logs
This includes all the operation performed in the Web Management Portal and the results.
Troubleshooting
When Ethernet Capture Tool is started, the tool will capture call parties name and number for debugging purpose.
Company Contacts
The feature Company Contacts includes no contacts by default. Administrator can add, edit and delete external contacts' information here, and grant privilege to extensions to view and manage the Company Contacts. Each Contact will include information like Name, Company, Email, Business Number, Fax Number, Mobile Number, Home Number, and Address.
Personal Contacts
The feature Personal Contacts includes no contacts by default. Extensions can add, edit, and delete external contacts' information here; the administrator and other extensions will have no access to the extensions' Personal Contacts. Each Contact will include information like Name, Company, Email, Business Number, Fax Number, Mobile Number, Home Number, and Address.
Instant Messaging Service
Instant Messaging Service (IM Service) is disabled by default. It includes messages, graphics, documents, or any other materials submitted by using this IM Service. All information is the sole responsibility of the person from whom such Data originated. You are wholly responsible for all download, uploaded or otherwise transmitted via the IM Service. TheVoĉo neither store nor is responsible for the Data that you submit to the IM Service.
Web Audio/Video Call
Based on WebRTC, the feature supports 1-to-1 audio or video call from a browser. All communication is transmitted over an encrypted connection (secure web traffic using HTTPS) and the transmitted media streams are encrypted via Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). The video communication is only visible to participants on the call, and is not recorded or stored on any server. Recording of the audio follows the Call Recordings privacy rule.
Video Conferencing
The feature is provided through TheVoĉo and is hosted by Agora who are compliant with GDPR. A unique URL will be generated for all participants to join the meeting via a browser. All communication is transmitted over an encrypted connection (secure web traffic using HTTPS) and the transmitted media streams are encrypted via Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Participants can choose whether to enable microphone and camera for the browser. Other information processed include Name (extension name for internal participant and display name generated by external participant), participant's microphone and camera information, and technical logs if the participant click Upload Log (will only contain information such as Log ID, UID, but no personal data). All communication is only visible to participants, and is not recorded or stored on any server.
API and Third-Party Integrations
Several features are disabled by default and require explicit authorization:
- Asterisk Manager Interface (AMI): With the AMI, 3rd-party Application with an authorized IP address and correct credentials will be able to access the call data, e.g. names and phone numbers.
- Application Programming Interface (API): With the API, authorized 3rd-party Application will be able to access the CDR and call recording files.
- Database Grant: 3rd-party Application with an authorized IP address and correct credentials will be able to access the CDR.
- CRM Integration: The feature requires authentication with the CRM. When a supported CRM (e.g. Zoho CRM) is integrated with the system, contact information will be displayed and recorded.
- Popup URL: When enabled, the incoming caller's name and number will be passed to the configured 3rd party popup URL.
The third-party Application is solely responsible for how the acquired data is secured, operated and stored.
How We Use Your Information
TheVoĉo uses your information for the following purposes:
Provide Communication Services
To deliver telephony and communication services, the processing of Personal Data constitutes a natural part of TheVoĉo.
Email Messages
TheVoĉo may send you alert and administrative emails, such as when you forgot your password, etc.
Data Retention
- Call Recordings: Call Recordings can be deleted permanently via the Web Management Portal.
- Call Detail Records (CDRs): CDRs can be deleted permanently via the Web Management Portal.
- Voicemail: Voicemails and transcribed text can be deleted permanently via the Web Management Portal.
Sharing and Disclosure
There are times when communications and related content and other user information may be shared by TheVoĉo. With consent, to comply with legal process, or to protect TheVoĉo and our users. When we have your consent or if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public, any person, or TheVoĉo; or to detect, prevent, or otherwise address fraud, security or technical issues.
If we receive a law enforcement or other third party request for information we will provide prior notice to the subject of the request where we are legally permitted to do so.
Security
TheVoĉo takes reasonable steps to protect the information you provide to us as part of your use of the TheVoĉo service from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store and the current state of technology.
When you enter sensitive information (such as sign-in credentials) we encrypt the transmission of that information using secure socket layer technology (SSL) and encrypt all data at rest. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it.
Changes to This Privacy Policy
TheVoĉo may change this policy from time to time. If you continue to use TheVoĉo after those changes are in effect, you agree to the revised policy. If the changes are material, we may provide more prominent notice or seek your consent to the new policy.
Questions about our Privacy Policy?
Our team is here to help you understand how we protect your data.