Supphone Privacy Policy

1. Introduction

Welcome to Supphone. This Privacy Policy explains how Supphone ("we," "us," or "our"), a sole proprietorship operated in New York, United States, collects, uses, discloses, and protects your personal information when you use our browser-based international calling service (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service.

2. Information We Collect

We collect several types of information from and about users of our Service.

2.1 Information You Provide Directly

Account Information:

• Full name
• Email address
• Password (encrypted)
• Account preferences and settings

Payment Information:

• Payment method details (processed through third-party payment processors)
• Billing address
• Transaction history

Communications:

• Messages you send to our customer support
• Feedback and survey responses
• Any other information you choose to provide

2.2 Information Collected Automatically

Call Data:

• Phone numbers you dial (destination numbers)
• Call duration and time
• Call quality metrics
• Connection status and errors

Usage Information:

• Device information (browser type, operating system, device model)
• IP address and general location information
• Pages visited within the Service
• Features used and frequency of use
• Time and date of access
• Referring website addresses

Cookies and Similar Technologies:

• Session cookies (to maintain your login session)
• Preference cookies (to remember your settings)
• Analytics cookies (to understand how you use the Service)

2.3 Information from Third Parties

Infrastructure Providers: We receive technical and call completion data from our telecommunications infrastructure provider, Twilio, including:

• Call routing information
• Call success/failure status
• Network performance data

Payment Processors: We receive confirmation of successful payments and transaction IDs from Stripe, our payment processor. Stripe processes all payment information in compliance with PCI-DSS standards.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account
• Process your calls through our infrastructure providers
• Process payments and manage credits
• Provide customer support
• Send service-related communications (confirmations, technical notices, security alerts)

3.2 To Improve and Optimize the Service

• Analyze usage patterns and trends
• Monitor and improve call quality
• Develop new features and functionality
• Troubleshoot technical issues
• Conduct research and analytics

3.3 To Protect and Secure

• Prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect the rights, property, or safety of Supphone, our users, or others

3.4 To Communicate with You

• Respond to your inquiries and requests
• Send you updates about the Service
• Notify you of changes to our policies
• Provide promotional communications (with your consent, where required)

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers and Business Partners

Telecommunications Infrastructure: We share necessary information with Twilio and other infrastructure providers to complete your calls, including:

• Destination phone numbers
• Call timing and duration
• Account identifiers

Payment Processors: We share payment information with Stripe, our payment processing partner, to process transactions. We do not store complete credit card information on our servers. All payment data is processed and stored securely by Stripe in compliance with PCI-DSS standards.

Analytics Providers: We may share usage data with analytics services to help us understand how users interact with our Service.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders or subpoenas
• Law enforcement requests
• Legal processes or government investigations
• Protection of our rights, property, or safety
• Prevention of fraud or security threats

4.3 Business Transfers

If Supphone is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Information: Retained while your account is active and for a reasonable period after account closure for legal, accounting, or dispute resolution purposes.

Call Records: Retained for 12 months for billing, customer support, and legal compliance purposes.

Payment Information: Retained as long as necessary to complete transactions and for tax and accounting purposes, typically 7 years.

Usage Data: Retained in aggregated or anonymized form for analytical purposes.

You may request deletion of your personal information by contacting us, subject to legal retention requirements.

6. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Security Measures Include:

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest using AES-256 encryption
• Secure password storage using bcrypt hashing algorithm with salt
• Regular security assessments and vulnerability testing
• Access controls and multi-factor authentication
• Monitoring for suspicious activity and unauthorized access
• Secure infrastructure provided by trusted third-party providers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to certain processing of your information
• Restriction: Request restriction of processing in certain circumstances

7.2 Marketing Communications

You can opt out of promotional emails by:

• Clicking the "unsubscribe" link in any marketing email
• Adjusting your account communication preferences
• Contacting us directly

Note: You cannot opt out of service-related communications (e.g., account notifications, security alerts).

8. State-Specific Privacy Rights

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale: We do not sell your personal information. If our practices change, we will update this policy and provide an opt-out mechanism.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Shine the Light: California residents can request information about personal information we disclose to third parties for their direct marketing purposes.

To Exercise Your Rights: Contact us at support@supphone.com. We will verify your identity before processing your request.

8.2 Virginia, Colorado, Connecticut, and Utah Residents

Residents of Virginia, Colorado, Connecticut, and Utah have rights similar to those provided under the CCPA, including:

• Right to confirm whether we process your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to delete your personal data
• Right to obtain a copy of your personal data
• Right to opt out of targeted advertising, sale of personal data, and profiling

8.3 Nevada Residents

Nevada residents have the right to opt out of the sale of their personal information. We do not currently sell personal information as defined by Nevada law. If our practices change, we will update this policy and provide an opt-out mechanism.

9. International Data Transfers

Supphone is based in the United States, and your information will be processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from someone under 18, we will delete that information promptly.

11. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

Third-Party Services We Use:

• Twilio: Our telecommunications infrastructure provider (see Twilio's Privacy Policy at https://www.twilio.com/legal/privacy)
• Stripe: Our payment processor (see Stripe's Privacy Policy at https://stripe.com/privacy)

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of the Service.

12.1 Types of Cookies We Use

Essential Cookies: Required for the Service to function properly. These cookies enable core functionality such as security, authentication, and session management. You cannot opt out of these cookies.

Preference Cookies: Remember your settings and preferences (e.g., language preference, display settings).

Analytics Cookies: Help us understand how users interact with our Service by collecting and reporting information anonymously.

12.2 Managing Cookies

You can control and manage cookies through your browser settings. However, disabling certain cookies may impact your ability to use some features of the Service.

Browser Controls:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Options > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Privacy, Search, and Services > Cookies

12.3 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals because there is no industry standard for compliance.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to the address associated with your account (for material changes)
• Displaying a notice when you log into the Service

Your continued use of the Service after such notice constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notification will be provided without undue delay and will include:

• The nature of the breach
• The types of information involved
• Steps we are taking to address the breach
• Recommended actions you can take to protect yourself

15. Your Responsibilities

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Ensuring the accuracy of information you provide
• Notifying us of any unauthorized access to your account
• Reviewing and understanding this Privacy Policy

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: support@supphone.com

We will respond to your inquiry within a reasonable timeframe, typically within 30 days for general inquiries and as required by applicable law for privacy rights requests.

17. Consent

By using the Service, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

For certain processing activities, we may seek your explicit consent, which you can withdraw at any time by contacting us.