CallOrbit Privacy Policy

Policy snapshot

• Effective date: May 17, 2026
• Review cadence: Reviewed at least annually and whenever product, telecom, vendor, or legal requirements materially change
• Contact: privacy@callorbit.tech

1. Who This Policy Covers

This Privacy Policy applies to personal data processed through CallOrbit websites, public forms, account registration, the customer portal, the agent workspace, number purchasing, support interactions, call center software, hosted PBX and cloud PBX features, virtual PBX features, SIP trunking workflows, browser phone calling, softphone use, business SMS, WhatsApp business calling, telecom API usage, programmable voice, DID number workflows, toll free numbers, local phone numbers, AI summaries, AI agent assist, recordings, transcripts, analytics, and related services.

CallOrbit acts as a controller for account, billing, website, sales, security, and direct customer relationship data. CallOrbit usually acts as a processor or operator for customer content that our customers submit to, route through, store in, or generate from the platform.

2. Personal Data We Collect

We collect the information needed to provide a secure cloud communications service, support customer operations, meet telecom requirements, prevent abuse, and maintain reliable platform performance.

• Account data: name, work email, company name, role, login identifiers, authentication events, workspace membership, and support preferences.
• Billing and order data: plan selections, product selections, number orders, payment status, invoices, tax or commercial records, and payment processor references.
• Telecom data: phone numbers, caller ID, called party number, DID numbers, toll free numbers, local phone numbers, SIP routing data, call duration, timestamps, call direction, call status, SIP response codes, queue events, routing configuration, voicemail, recordings, transcripts, and call detail records.
• Messaging data: SMS, WhatsApp, email, chat, delivery metadata, opt-out events, sender and recipient identifiers, message content, attachments, templates, and consent or suppression records.
• AI feature data: prompts, conversation context, generated summaries, suggested responses, quality insights, classification labels, and configuration choices used to provide AI phone system and agent assist features.
• Device and usage data: IP address, browser type, device type, operating system, session identifiers, feature usage, page views, referral source, error logs, security logs, and cookie or local storage identifiers.
• Support and sales data: form submissions, demos requested, support tickets, call notes, emails, chat messages, survey responses, and communications with CallOrbit staff.

3. How We Use Personal Data

• Provide, operate, secure, maintain, and improve CallOrbit services.
• Provision numbers, route calls, connect browser phone sessions, manage SIP trunking, support hosted PBX and cloud PBX functions, and operate call center software workflows.
• Deliver business SMS, WhatsApp business calling, email, voicemail, IVR, call queues, analytics, reporting, AI summaries, and quality management features.
• Authenticate users, manage roles and permissions, enforce account security, investigate suspicious behavior, and prevent telecom abuse.
• Process billing, plan changes, invoices, payment confirmations, tax records, refunds, number orders, and customer communications.
• Respond to support requests, provide product updates, send administrative notices, and communicate about service availability or policy changes.
• Comply with legal, regulatory, telecom, tax, fraud prevention, emergency service, law enforcement, and dispute resolution obligations.

4. Legal Bases For Processing

Where GDPR or similar laws apply, CallOrbit relies on the legal basis that fits the activity. This may include performance of a contract, legitimate interests, consent, compliance with legal obligations, protection of vital interests, or public interest where applicable.

For customer content processed on behalf of a customer, the customer determines the lawful basis for collecting and using the personal data it sends through CallOrbit. CallOrbit processes that data under customer instructions and the Data Processing Addendum where applicable.

5. Customer Responsibilities

Customers are responsible for the personal data they collect from callers, leads, agents, employees, end users, and contacts. Customers must have the rights, notices, consents, and lawful bases required to use CallOrbit for calling, messaging, recording, transcription, AI processing, analytics, business SMS, WhatsApp, and outbound campaigns.

• Provide required privacy notices to callers, message recipients, employees, and agents.
• Obtain legally required consent for call recording, automated calling, text messaging, WhatsApp messaging, marketing, AI-assisted processing, and cross-border data transfers.
• Honor opt-outs, Do Not Call rules, unsubscribe requests, suppression lists, revocations of consent, and applicable marketing restrictions.
• Use accurate caller ID and number information and avoid spoofing, deception, harassment, spam, or unauthorized traffic.
• Set retention, recording, access, routing, and export settings that match the customer's legal and operational requirements.

6. Sharing And Subprocessors

We share personal data only as needed to operate the service, provide requested features, maintain security, process payments, comply with law, enforce our agreements, or support customer-selected integrations.

Subprocessors and providers may include hosting and storage providers, communications carriers, SMS and WhatsApp providers, payment processors such as Stripe or PayPal when used, authentication providers such as Google or Microsoft when configured, email and support providers, analytics providers, security tools, and professional advisers. We require providers to process data for limited purposes and protect it with appropriate safeguards.

7. International Data Transfers

CallOrbit is a cloud communications platform and may process personal data in countries where CallOrbit, its infrastructure providers, carriers, subprocessors, support providers, or customer-selected integrations operate.

Where law requires a transfer mechanism, CallOrbit uses appropriate safeguards such as contractual commitments, data processing terms, standard contractual clauses, adequacy decisions, or equivalent lawful transfer mechanisms. Customers are responsible for confirming that their own use of CallOrbit is lawful for the countries where they operate and where their callers, agents, or contacts are located.

8. Security

CallOrbit uses administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, misuse, loss, alteration, and disclosure. These controls include role-based access, authentication controls, audit logging, encryption in transit, encryption at rest where supported, vulnerability management, provider due diligence, limited staff access, and operational monitoring.

No internet, telecom, or cloud service can guarantee perfect security. Customers must protect their own credentials, configure roles carefully, use strong authentication, limit exports, protect recordings, and notify CallOrbit promptly about suspected compromise.

9. Retention

We retain personal data for as long as needed to provide services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, and support legitimate business purposes. Retention periods vary by data type, account status, customer settings, telecom requirements, billing requirements, and applicable law.

Customers control many workspace retention choices, including whether call recordings, transcripts, voicemail, messages, exports, and analytics are enabled or deleted. Deletion may not immediately remove backups, logs, billing records, security records, abuse records, or records we must retain by law.

10. Your Privacy Rights

Depending on your location, you may have the right to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, opt-out from marketing, or information about how your data is processed.

If your data was processed by a CallOrbit customer, we may direct your request to that customer because the customer controls the underlying relationship and instructions. To submit a request to CallOrbit, email privacy@callorbit.tech. We may need to verify your identity and may refuse or limit requests where law permits, including where a request affects another person's rights, telecom integrity, security, fraud prevention, legal claims, or required records.

11. Cookies And Similar Technologies

We use cookies, local storage, session storage, pixels, and similar technologies for site operation, account security, preferences, analytics, performance, form protection, reCAPTCHA, and product improvement. Non-essential cookies are handled according to our Cookie Policy and your available consent choices.

We use Microsoft Clarity (clarity.ms) to collect behavioral analytics data including session recordings, heatmaps, and user interaction tracking. Clarity data is used to understand user behavior, improve product performance, and identify usability issues. Clarity may process personal data including IP address, device information, browsing behavior, and session recordings. You can manage Clarity preferences through your browser's privacy settings.

12. Children

CallOrbit is a business communications platform and is not directed to children. Customers may not knowingly use CallOrbit to collect personal data from children unless they have all required legal authority, parental consent, and safeguards for their jurisdiction and use case.

13. Changes To This Policy

We may update this Privacy Policy to reflect product changes, telecom requirements, legal developments, provider changes, or operational needs. Material changes will be posted on this page with a new effective date. Continued use of the service after an update means the updated policy applies from the effective date.

Quick answers

• Does CallOrbit sell personal data? - No. CallOrbit does not sell personal data. We use data to operate, secure, support, and improve the platform and to provide customer-selected communications features.
• Who is responsible for call recording consent? - The customer that enables or uses recording is responsible for giving required notice and obtaining consent. CallOrbit provides recording tools and platform controls but does not replace jurisdiction-specific legal compliance.
• Can users request deletion or export? - Yes, where applicable law gives that right and the request can be verified. Some records may be retained for billing, security, telecom integrity, abuse prevention, dispute resolution, or legal compliance.
• Does this policy cover AI phone system features? - Yes. It covers AI summaries, suggested responses, classification, transcription, and agent assist workflows used inside the CallOrbit platform.