Effective Date: 27th May 2025
Last Updated: 27th May 2025
Nubitel Technology (“Nubitel,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal data we collect, process, and store in connection with our cloud contact center solutions, CRM platform, and related services (collectively, the “Services”). This Privacy Policy outlines our global data handling practices, including our engagement with third-party providers (e.g., AI, TTS, ASR, and LLM partners) to deliver these Services.
This policy applies to all users of our Services, including customers, agents, administrators, and website visitors. By using our Services, you acknowledge the practices described herein. For jurisdiction-specific terms (e.g., GDPR, CCPA), refer to the relevant sections below.
1. Scope and Definitions
- Personal Data: Information relating to an identified or identifiable natural person, as defined under applicable law.
- Data Controller: Your organization (when using our Services), which determines the purposes and means of processing personal data.
- Data Processor: Nubitel, which processes data on behalf of the Data Controller.
- Third-Party Sub-Processors: External providers (e.g., AI, cloud infrastructure, TTS/ASR partners) that assist in delivering our Services.
2. Information We Collect
2.1 Data Provided Directly by You
We collect personal data when you:
- Create an Account: Name, email, phone number, company name, job title.
- Use the Services: Customer records, call recordings, chat transcripts, CRM entries, and metadata (e.g., timestamps, call durations).
- Submit Payment Details: Credit card information, billing addresses, and transaction histories (processed via PCI-compliant third-party gateways).
2.2 Data Collected Automatically
- Usage Data: IP addresses, device identifiers, browser type, OS, and usage patterns (e.g., feature interactions, session lengths).
- Cookies and Tracking Technologies: Used to analyze traffic, personalize content, and improve Services (see our Cookie Policy).
2.3 Data from Third Parties
- Integration Partners: Data imported from connected platforms (e.g., CRM systems, email providers).
- Publicly Available Sources: Business contact information for lead generation (collected lawfully).
3. How We Use Personal Data
We process personal data based on lawful grounds, including contractual necessity, legitimate interests, consent, and legal obligations.
Purpose | Lawful Basis |
Delivering, maintaining, and improving Services | Contractual necessity, Legitimate Interests |
Training AI/ML models (e.g., sentiment analysis) | Legitimate Interests, Consent (where required) |
Processing payments and invoices | Contractual necessity, Legal obligation |
Sending service updates and security alerts | Legitimate Interests, Legal obligation |
Marketing communications | Consent (opt-in required where mandated by law) |
4. Data Sharing and Third-Party Disclosures
4.1 Sub-Processors
We engage the following categories of sub-processors:
- AI/LLM Providers: For natural language processing and predictive analytics.
- TTS/ASR Providers: For voice interaction features and speech-to-text transcription.
- Cloud Infrastructure Providers: Hosting services (e.g., AWS, Azure).
- Customer Support Tools: Ticketing systems and CRM integrations.
Sub-processors are contractually bound to:
- Process data only per our instructions.
- Implement GDPR/CCPA-compliant safeguards.
- Notify us immediately of data breaches.
4.2 Legal and Regulatory Disclosures
We may disclose data to:
- Comply with court orders, subpoenas, or government requests.
- Protect rights, safety, or property of Nubitel, users, or the public.
- Facilitate mergers, acquisitions, or asset sales (with user notice).
4.3 Aggregated or Anonymized Data
Non-identifiable data may be shared for research, analytics, or improving AI models.
5. International Data Transfers
Data may be transferred globally. Compliance is ensured via:
- Vendor certifications (e.g., ISO 27001, SOC 2).
- Standard Contractual Clauses (SCCs) for GDPR transfers.
6. Data Security
We implement safeguards including:
- Encryption: AES-256 for data at rest, TLS 1.2+ for data in transit.
- Access Controls: Role-based permissions, MFA, audit logs.
- Vendor Assessments: Regular security reviews of sub-processors.
- Incident Response: Breach notifications to regulators and users.
7. Your Rights and Choices
Depending on jurisdiction, you may:
- Access/Portability: Request a copy of your data.
- Rectify: Correct inaccuracies.
- Delete: Erase data (subject to legal exceptions).
- Opt-Out: Object to direct marketing or CCPA “sales.”
Submit requests via:
- Email: privacy@nubitel.co (with identity verification).
- Self-service tools in your account dashboard.
We respond within 30 days.
8. Data Retention
- Account Data: Until deletion + 90 days for backups.
- Call Recordings: Configurable by your organization (default: 12 months).
- Payment Records: 7 years post-transaction for tax compliance.
- Legal Holds: Extended retention for disputes or investigations.
9. Children’s Privacy
Services are not directed at individuals under 16. We delete inadvertent collections promptly.
10. Updates to This Policy
Material changes are communicated via:
- Email Notification: Sent to account administrators.
- Revised Effective Date: Posted at the top of this policy.
11. Contact Us
Data Protection Officer
Nubitel Technology
Email: privacy@nubitel.co
EU/UK residents may lodge complaints with their local supervisory authority.
For Singapore:
DPO Contact: Wong Jik Soon
Email: jswong@nubitel.co
