commtrix-logo

Privacy Policy

1. Information We Collect

We collect information that identifies, relates to, or could reasonably be linked to you or your business (“Personal Information”). The data we collect depends on how you interact with our platform.

A. Information You Provide to Us

  • Account & Profile Data: We collect your name, business email address, job title, company name, phone number, and physical business address when you register for an account.
  • Billing & Transactional Data: To process payments, we collect billing addresses and payment instrument details (e.g., credit card information). Note that we use third-party PCI-compliant processors to handle payment data securely.
  • Customer Support & Feedback: We collect records of your communications with our support team, including chat transcripts and recordings of support calls.

B. Service-Generated Data (CPNI)

As a telecommunications provider, we automatically collect Customer Proprietary Network Information (CPNI). This is data generated solely by virtue of our relationship with you as a provider of telecommunications services.

  • Call Detail Records (CDRs): We collect metadata for every communication handled by our platform, including the originating and destination phone numbers, the time, date, and duration of the call, and the location of the call (IP address or cell tower, if applicable).
  • Service Usage: We track the types of services you subscribe to, such as call forwarding, auto-attendant configurations, and voicemail-to-text settings.

C. Communications Content & AI Data

  • Media Files: We store the content of your communications if you enable specific features, such as voicemail, call recordings, or SMS history.
  • AI & Transcription Metadata: If you utilize our AI agents or automated transcription features, we process voice data and text transcripts to generate summaries and insights.
    • Note: We distinguish between “Processing for Service” and “Training.” Your communication content is processed to deliver the service and is encrypted at rest. We do not use your private communications to train our global AI models without your explicit, separate opt-in consent.

D. Device and Technical Information

When you access our platform via our web dashboard or mobile application, we automatically collect:

  • Log Data: IP address, browser type, operating system, and system configuration information.
  • Device Identifiers: Unique hardware identifiers (such as MAC addresses) for any physical VOIP desk phones or mobile devices connected to the service.

2. How We Use Your Information

We use the information we collect for specific business and legal purposes. Our primary goal is to provide reliable, secure, and intelligent communications experience.

A. To Provide and Maintain the Service

We use your Account Data and Service-Generated Data (CPNI) to:

  • Route and Connect Communications: Authenticate users and ensure calls and messages reach their intended destinations across global networks.
  • Emergency Services (E911): Transmit required location information to emergency response centers when a 911 call is placed through our platform.
  • Customer Support: Troubleshoot technical issues, investigate service outages, and respond to your inquiries.

B. For Billing and Administration

  • Invoicing: Calculate charges based on your usage of minutes, phone numbers, and premium features (like AI transcription).
  • Tax Compliance: Determine applicable federal, state, and local telecommunications taxes and regulatory fees (such as USF contributions).

C. To Power and Improve AI Features

If you enable our AI-driven tools (e.g., Virtual Assistants, Sentiment Analysis, or Auto-Summarization), we use the content of your communications to:

  • Generate Real-Time Insights: Provide live transcriptions and action items during or after calls.
  • Service Optimization: Improve the accuracy of our Speech-to-Text (STT) and Natural Language Understanding (NLU) engines for your specific account.
  • Model Integrity: We may use de-identified or aggregated metadata to detect system-wide patterns in AI performance, but we do not sell your raw voice data or transcripts to third parties for their own marketing or model training.

D. Security and Fraud Prevention

  • Toll Fraud Detection: Monitor call patterns to identify and block unauthorized access or “International Revenue Share Fraud” (IRSF).
  • Robocall Mitigation: Analyze traffic to ensure compliance with FCC STIR/SHAKEN mandates and to protect the integrity of the telephony ecosystem.

E. Legal and Regulatory Compliance

  • CPNI Protection: We use your information to comply with our legal duty to protect the confidentiality of your call patterns and service usage under 47 U.S.C. § 222.
  • Law Enforcement Requests: We may process data to comply with valid subpoenas, court orders, or search warrants as required by the Communications Assistance for Law Enforcement Act (CALEA).

F. Mobile Messaging Consent & Data Privacy

  • Consent and Use: By providing your mobile phone number and opting in to receive 2FA (Two-Factor Authentication) or account security alerts, you consent to receive text messages (SMS/MMS) from Commtrix. These messages are sent to verify your identity and secure your account.
  • No Third-Party Sharing: We value your privacy. We will not share, sell, or rent your mobile phone number or SMS opt-in consent data with third parties or affiliates for their marketing or promotional purposes.
  • Opt-Out & Support: You can cancel the SMS service at any time. Just text “STOP” to the short code or long code from which you received a message. After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have been unsubscribed. For help, text “HELP” or contact us at privacy@commtrix.io
  • Rates: Message and data rates may apply. Message frequency varies based on your account activity (e.g., every time you log in).

Managing Your CPNI Rights

In accordance with FCC regulations, you have a right—and we have a duty—to protect the confidentiality of your CPNI.

  • Approval for Marketing: We do not use your CPNI to market third-party products to you.
  • Opt-Out: You may “Opt-Out” of our use of CPNI for the purpose of marketing enhanced service features to you at any time by contacting our privacy team.

3. Data Sharing and Disclosure

We do not sell your personal information or the content of your communications to third parties. We only share data when it is essential to provide our services, comply with the law, or protect the integrity of our network.

A. Telecommunications Infrastructure Providers

To route your calls and messages globally, we share necessary technical metadata (such as phone numbers and IP addresses) with:

  • Upstream Carriers & Interconnected VoIP Providers: We partner with industry-standard carriers (e.g., Telnyx) to transmit voice and SMS traffic across the Public Switched Telephone Network (PSTN).
  • Emergency Services: We are legally required to share your registered location data with Public Safety Answering Points (PSAPs) when an E911 call is placed.

B. International Operations & Support

To provide 24/7 technical assistance and global sales support, we utilize a dedicated international team.

  • Offshore Support Disclosure: Some customer support interactions may be handled by our authorized personnel located outside of the United States.
  • U.S.-Based Support Option: In compliance with evolving FCC transparency guidelines, you may request to have your support ticket or live call transferred to a U.S.-based representative at any time.
  • Data Safeguards: Our offshore teams operate within “Zero-Trust” virtual environments. They do not store data locally on foreign devices, and all access to Customer Data or CPNI is logged, monitored, and restricted by role-based access controls (RBAC).

C. AI and Technical Service Providers

We share data with specialized sub-processors to power our advanced platform features:

  • Transcription & NLP Services: If you enable AI features, audio data is sent to secure processing partners to generate text and summaries.
  • Cloud Hosting: All data is stored in secure, encrypted environments provided by major cloud infrastructure partners (e.g., Digital Ocean) within the United States.

D. Legal Requirements & Protection of Rights

We may disclose information if we have a good-faith belief that such action is necessary to:

  • Comply with the Communications Assistance for Law Enforcement Act (CALEA) or other valid legal processes (subpoenas, warrants).
  • Protect against Toll Fraud, “Wangiri” scams, or other malicious activities that threaten our network or our customers.
  • Enforce our Terms of Service and prevent illegal robocalling.

4. Security and Data Retention

A. Industry-Standard Encryption

We protect your communications using a multi-layered security architecture designed to prevent eavesdropping and data tampering.

  • In-Transit Encryption (Signaling): We use TLS 1.3 (Transport Layer Security) to encrypt all SIP signaling. This ensures that call setup metadata—including phone numbers and account credentials—remains private as it travels between your device and our servers.
  • In-Transit Encryption (Media): The actual audio and video content of your calls is encrypted using SRTP (Secure Real-time Transport Protocol) with AES-256 encryption. This renders the “media stream” unreadable to anyone intercepting the network traffic.
  • Data at Rest: All stored data, including call recordings, voicemails, and databases, is encrypted using AES-256 or equivalent industry-standard algorithms.

B. Data Retention Periods

We retain different types of data for varying lengths of time based on functional necessity and legal requirements.

  • Call Detail Records (CDRs): Metadata (time, duration, and numbers) is retained for 24 months to support billing audits, dispute resolution, and FCC compliance.
  • Call Recordings and Voicemails: By default, these are retained for 90 days. Users may configure custom retention policies or export recordings to external storage at any time.
  • AI Transcripts and Summaries: Transcripts generated by our AI agents are retained for the duration of your active subscription unless manually deleted by an account administrator.
  • Account Information: We retain your basic profile and billing data for as long as your account is active and for a period of 7 years thereafter to comply with tax and corporate record-keeping obligations.

C. Security Breach Notification

In the event of a “Security Incident” affecting your data:

  • Texas Compliance: In accordance with the Texas Identity Theft Enforcement and Protection Act, we will notify the Texas Attorney General if a breach affects 250 or more Texas residents.
  • Timely Notice: We commit to notifying affected customers “as soon as practicably possible,” and no later than 30 days after determining that a breach of sensitive personal information has occurred.

5. Your Rights and Choices

We believe you should have control over your data. Depending on your location and the nature of your business, you have specific legal rights regarding the information we collect.

A. Your Rights Under Texas Law (TDPSA)

As a business operating in or serving residents of Texas, we honor the following rights for our customers:

  • Right to Access: You may request a copy of the personal data we have collected about you in a portable and readily usable format.
  • Right to Correct: You have the right to request that we correct any inaccuracies in your personal data.
  • Right to Delete: You may request the deletion of personal data provided by or obtained about you, subject to certain legal exceptions (such as data we are required to keep for tax or FCC regulatory purposes).
  • Right to Opt-Out: You may opt-out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects.

B. Your CPNI Rights (FCC Compliance)

Under federal law, you have a right to restrict the use of your Customer Proprietary Network Information (CPNI) for marketing purposes.

  • Marketing Opt-Out: By default, we do not use your call patterns or service usage to market third-party products. However, if you wish to restrict our ability to use your CPNI to offer you enhanced internal service tiers or features, you may do so at any time.
  • Effect of Opt-Out: Restricting your CPNI will not affect the quality of the service we provide to you; it simply limits the types of tailored service offers you may receive from us.

C. Exercising Your Rights

To exercise any of the rights listed above, please use one of the following methods:

  • Privacy Portal: Visit the “Privacy Settings” section of your [Company Name] Dashboard.
  • Email: Contact our Data Privacy Officer at privacy@commtrix.io
  • Verification: To protect your security, we may require you to verify your identity (e.g., via multi-factor authentication) before we process your request. We will respond to all verified requests within 45 days, as required by Texas law.

D. Automated “Right to be Forgotten” (AI Data)If you utilize our AI transcription or analysis tools, you may request the deletion of specific “interaction sets” or transcripts directly through the application interface. Deleting a transcript in your dashboard will trigger a permanent purge from our active AI processing environment within 30 days.