Privacy Policy

Last updated: March 19, 2026

VOIP@ Cloud ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud PBX platform and website (the "Service").

1. Information We Collect

1.1 Information You Provide

When you register for an account or use the Service, we collect:

  • Account Information: Full name, email address, phone number, company name
  • Authentication Data: Username, password (stored as a salted hash, never in plain text)
  • Domain Information: Your chosen domain name and DNS configuration
  • Billing Information: Payment method details (processed by third-party payment providers; we do not store full credit card numbers)
  • PBX Configuration: Extension settings, IVR menus, gateway configurations, dial plans

1.2 Information Generated Through Use

  • Call Detail Records (CDRs): Call metadata including caller/callee numbers, timestamps, duration, and disposition
  • Call Recordings: Audio recordings of calls (only if you enable call recording)
  • Voicemail Messages: Audio messages left by callers
  • Usage Data: Login times, feature usage, API calls

1.3 Automatically Collected Information

  • Log Data: IP addresses, browser type, operating system, referring URLs
  • Device Information: SIP phone model, firmware version, registration data
  • Cookies: Session cookies for authentication and preferences

2. How We Use Your Information

Purpose Data Used Legal Basis
Provide and maintain the Service Account info, PBX config, CDRs Contract performance
Process payments and billing Account info, billing info Contract performance
Send service notifications (expiration, maintenance) Email, account status Contract performance
Provide technical support Account info, logs, config Contract performance
Prevent fraud and ensure security IP addresses, usage patterns Legitimate interest
Improve the Service Aggregated usage data Legitimate interest

3. Call Recordings & Voicemail

Call recordings and voicemail messages are stored on our servers and are accessible only to authorized users within your domain. We do not listen to, transcribe, or analyze the content of your recordings unless:

  • You explicitly request technical support that requires access
  • We are required to do so by law or valid legal process

You may delete recordings at any time through your PBX dashboard. When you cancel your account, all recordings are permanently deleted after the 30-day retention period.

4. Data Sharing & Disclosure

We do not sell your personal information. We may share your data with:

  • Payment Processors: PayPal, Stripe, or Binance Pay for payment processing
  • Infrastructure Providers: Server hosting providers for service delivery
  • Resellers: If your account was provisioned through a reseller, they may have access to your account information as outlined in their agreement
  • Law Enforcement: When required by valid legal process (subpoena, court order)

5. Data Security

We implement industry-standard security measures including:

  • TLS/SRTP encryption for voice traffic
  • HTTPS encryption for all web traffic
  • Salted password hashing (passwords are never stored in plain text)
  • Fail2ban intrusion prevention
  • Firewall protection and access controls
  • Regular security updates and patching
  • Encrypted storage of payment gateway API keys

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials and SIP phone passwords.

6. Data Retention

  • Active Accounts: Data is retained for the duration of your subscription
  • Cancelled Accounts: Data is retained for 30 days after the subscription ends, then permanently deleted
  • Call Detail Records: Retained for 12 months by default (configurable)
  • Billing Records: Retained for 7 years for tax and legal compliance
  • Server Logs: Retained for 90 days

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at privacy@voipat.com.

8. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and session management. Cannot be disabled.
  • Preference Cookies: Remember your language and display settings.
  • Analytics Cookies: Help us understand how visitors interact with our website (aggregated, non-identifying data).

You can control cookie preferences through your browser settings.

9. International Data Transfers

Your data may be processed on servers located in different countries. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top indicates the most recent revision.

12. Contact Us

For privacy-related inquiries:

Email: privacy@voipat.com
General Support: support@voipat.com