Viantrix Logo Viantrix
Last updated: August 17, 2025 (IST) • Version: 1.0

Privacy & Policy

How {{COMPANY_NAME}} (“Viantrix”, “we”, “us”) collects, uses, protects, and retains personal data across voice, telephony, APIs, SDKs, integrations, and our websites—so you stay in control.

1. Who We Are & Scope

This Privacy Policy explains how we handle personal data across our Website, Console, APIs, SDKs, Telephony (PSTN/SIP), Webhooks, and integrations (e.g., WhatsApp, CRMs, calendars), and support channels. It applies to customers, admins, call recipients/end users, website visitors, and job applicants.

  • Roles: Typically, Customer = Data Controller; Viantrix = Processor/Service Provider (varies by region/use case).
  • Regional overlays: EU/EEA & UK (GDPR), India (DPDP 2023), US states (CCPA/CPRA).

2. Data We Collect

Category Examples Source Purpose Legal Basis Retention
Account & Billing Name, email, company, role, tenant ID, invoices, GST/VAT From you Provisioning, billing, support Contract; Legal obligation Contract term + statutory
Authentication & Access Login logs, session IDs, access scopes, MFA events From you / automated Security, audit, troubleshooting Legitimate interests; Contract {{RETENTION_AUTH}}
Usage & Telemetry API calls, latency, errors, SDK version, device meta, IP Automated Reliability, product improvement Legitimate interests {{RETENTION_TELEMETRY}}
Voice & Audio Call audio, transcripts (STT), TTS events, barge-ins Call participants Core service, QA, safety Consent; Contract Configurable (see Console)
Telephony Metadata (CDRs) Call ID, ANI/DNIS, caller ID branding payload, result, duration, routing hops Carriers/infra Routing, compliance, analytics Legitimate interests; Legal obligation {{RETENTION_CDR}}
Integrations WhatsApp template/meta, CRM lead IDs, Calendar IDs/availability From you / connectors Deliver features you enable Contract; Consent (where needed) Per integration settings
Support & Content Tickets, chat logs, diagnostic files From you Troubleshooting, service quality Legitimate interests; Contract {{RETENTION_SUPPORT}}
Cookies & Similar Tech Strictly necessary, functional, analytics, advertising Automated Site operation, insights Consent (non-essential) See Cookie List
Sensitive Data Not intended unless configured (e.g., clinical context) From you Only with lawful basis and safeguards Explicit consent / other legal basis Minimized; limited
Do not include special categories of data in prompts/transcripts unless your legal basis is established and safeguards are in place.

3. Why We Process (Purposes) & Legal Bases

  • Purposes: Provide core services (calling, transcription, analytics), security & fraud prevention, troubleshooting, improvement, billing, legal compliance, and marketing with consent.
  • GDPR legal bases: Contract, Legitimate Interests (e.g., security), Consent (e.g., recording/marketing), Legal Obligation.
  • US CCPA/CPRA: We do {{SALE_SHARE_STATUS}} personal information. If “share” applies for advertising, opt-out mechanisms are provided and GPC is honored where required.
  • India DPDP: Lawful purpose with notice & consent; duties of data fiduciaries and processors apply.

4. Voice, Recording & Telephony Specifics

  • Recording: Provide disclosure & obtain consent before recording; note one-party vs two-party consent jurisdictions.

Sample Recording Disclosure

announcement.txt
  • Caller ID Branding: Best-effort; not guaranteed across all carriers/devices; you are responsible for accuracy & lawful use.
  • Voicemail Detection: Best-effort classification; confirm outcomes before automated actions.
  • India (TRAI/DLT): Header/template registration, consent logging, opt-out handling.
  • US (TCPA/TSR): Prior express consent for marketing; internal & national DNC list compliance.

5. How We Use AI/Models

Outputs are probabilistic and may be incorrect or incomplete. For high-stakes use cases, implement human review.
  • Model improvement: {{MODEL_IMPROVEMENT_POLICY}}. Enterprise opt-out may be available.
  • Redaction: PII masking for transcripts is available where configured.
  • Training stance: We {{TRAINING_ON_CUSTOMER_INPUTS}} on customer inputs without explicit agreement.

6. Cookies & Similar Technologies

We use the following categories of cookies. Non-essential cookies are used with your consent. We honor Global Privacy Control (GPC) where required.

Name Provider Purpose Duration Type Category
vt_session Viantrix Session authentication Session 1st-party Strictly necessary
vt_prefs Viantrix UI preferences (theme, language) 6 months 1st-party Functional
vt_analytics {{ANALYTICS_VENDOR}} Aggregated product analytics 13 months 3rd-party Analytics
vt_ads {{ADS_VENDOR}} Ad measurement & reach 90 days 3rd-party Advertising
consent-banner.txt

7. Data Sharing & Subprocessors

We share data with trusted providers solely to deliver and support the Services. You control optional integrations you enable.

Name Purpose Data Categories Region/Hosting Safeguard DPA
ExampleCloud Compute & storage Account, logs, audio/transcripts (encrypted) {{REGION_OPTIONS}} SCCs/IDTA (as applicable) Link
ExampleSTT/TTS Speech processing Audio snippets, transcripts, metadata {{REGION_OPTIONS}} Processor terms Link
ExampleTelecom PSTN/SIP connectivity CDRs, routing metadata Multi-region Carrier agreements Link
A current list of subprocessors is maintained in the Console; material changes are notified.

8. International Transfers & Data Residency

Project-level regional hosting (e.g., India/EU/US) may be available. Telephony routing may transiently traverse other regions due to carrier interconnects. Transfers are protected by SCCs/UK IDTA/adequacy where applicable.

9. Security

  • Encryption in transit/at rest; tenant isolation; RBAC; audit logs; least privilege; periodic assessments.
  • Your responsibilities: secure API keys, rotate credentials, configure admin roles.
  • Incident response: timely notices consistent with law/contract.

10. Retention & Deletion

Data Type Default Retention Customer-Configurable? Deletion SLA
Voice audio {{RETENTION_AUDIO_DEFAULT}} Yes {{DELETION_SLA}}
Transcripts {{RETENTION_TRANSCRIPTS}} Yes {{DELETION_SLA}}
CDRs/telephony metadata {{RETENTION_CDR}} Limited {{DELETION_SLA}}
Logs & telemetry {{RETENTION_LOGS}} Partial {{DELETION_SLA}}
Billing & invoices Per law No N/A
Support attachments {{RETENTION_SUPPORT}} No {{DELETION_SLA}}

Upon termination, access ends and deletion follows configured schedules and backup lifecycles.

11. Your Rights

Response timelines vary by region (typically 30–45 days). We may need to verify your identity to process requests.

EU/EEA & UK (GDPR)

Access, Rectification, Erasure, Restriction, Portability, Objection, Withdraw Consent.

US (CCPA/CPRA)

Know, Delete, Correct, Opt-out of Sale/Share, Limit Sensitive PI, Non-discrimination.

India (DPDP)

Access, Correction, Erasure, Grievance redressal; duties of data principals apply.

12. Automated Decision-Making & Profiling

We use automated classifications (e.g., voicemail detection) to improve call handling. We do not use automated decisions to make legal or similarly significant effects without human oversight. You can request human review where applicable.

13. Children’s Privacy

Our services are not directed to children. We do not knowingly collect children’s data. If we learn this occurred, we will delete it.

15. How to Exercise Your Rights (DSAR)

  • Email: {{PRIVACY_EMAIL}}
  • Web form: {{DSAR_FORM_URL}}
  • Postal: {{REGISTERED_ADDRESS}}
  • Verification: reasonable steps to verify identity and authority (for enterprise tenants, admin confirmation may be required).
  • Appeal process: provided where required by law.
dsar-request.json 
{
  "subject": "john.doe@example.com",
  "exports": ["profile", "usage", "telephony", "transcripts", "integrations"],
  "generatedAt": "2025-08-17T12:00:00Z"
}

16. Changes to This Policy

We may update this policy. Material changes will be notified via Console or email. The Effective Date appears at the top. Continued use after the Effective Date indicates acceptance.

Change Log

2025-08-17
Initial
  • Initial publication of Privacy Policy (v1.0).

17. Contact Details & DPO/Grievance Officer

Controller: {{LEGAL_ENTITY}} — {{REGISTERED_ADDRESS}}
DPO / Grievance Officer (India): {{DPO_NAME}} — {{PRIVACY_EMAIL}}
Status page: {{STATUS_PAGE_URL}}

Addenda — GDPR / CCPA / DPDP

A. EU/EEA & UK GDPR Addendum

  • Controller/Processor roles & legal bases.
  • International transfers via SCCs/UK IDTA or adequacy.
  • DPO details; right to lodge a complaint with a supervisory authority.
  • DPIA considerations for high-risk processing where applicable.

B. California (CCPA/CPRA) Notice

  • Categories collected; purposes; sources; disclosures.
  • Sale/Share status; Sensitive PI handling; GPC signal and opt-out links.

C. India DPDP 2023 Notice

  • Notice & consent; duties of data fiduciaries & processors.
  • Data principal rights & grievance redressal.
  • Cross-border considerations and any notified restrictions.

D. Canada (PIPEDA) & Australia (Privacy Act)

High-level rights and local contact points.

Appendices

Appendix A — Data Dictionary (Expanded)

Field-level mapping of data elements to purpose, legal basis, retention, and region. See Console export for the latest.

Appendix B — Subprocessor Registry

A current list is maintained in the Console with notifications for material changes.

Appendix C — Retention Schedule

Per data type: voice audio, transcripts, CDR, logs, billing, support attachments.

Appendix D — Notices & Scripts

  • Recording disclosure templates (voice)
  • WhatsApp template compliance notes
  • Opt-out microcopy (e.g., “Text STOP to opt out.”)

Appendix E — Cookie List

An up-to-date inventory of cookie names, providers, purposes, durations, and categories.

This policy is a template and may require jurisdiction-specific legal review. Nothing here is legal advice.