Privacy Policy

Account information. When you register, we collect your name, email address, password (stored as a hash, never in plain text), phone number, organization name, and role. You may optionally provide a business address, EIN, and billing contact details.

Billing information. Payment card details are collected and stored by our payment processor (Stripe). We never see or store your full card number on our servers. We retain the last four digits, card brand, expiration, and billing address for invoicing and fraud prevention. Invoices and monthly statements are retained for tax and accounting purposes.

Communications metadata. To provide the Service, we collect and store metadata about calls and messages you send or receive through the platform, including: originating and destination phone numbers, timestamps, call duration, call direction, call disposition (answered, missed, voicemail), message length, SMS/MMS segment counts, and routing information.

Communications content. We store SMS and MMS message content, voicemail audio recordings and transcriptions, and (only when you explicitly enable it) call recordings. You control whether call recording is enabled on a per-number or per-extension basis.

Configuration data. We store the configuration of your phone system: extensions, ring groups, IVR menus, routing rules, greetings, business hours, assigned users and permissions, 10DLC campaign registrations, and number assignments.

Technical and usage data. We automatically log IP addresses, browser and device information, operating system, timestamps, pages visited, features used, and session identifiers. We use this data for security, debugging, product analytics, and abuse prevention.

Support communications. If you contact us for support, we retain your correspondence (email threads, chat messages, any attachments) to resolve your request and improve the Service.

We use the information described above to:

• provide, operate, and maintain the Service, including call and message delivery, routing, voicemail, recording, and administrative features;
• authenticate you, secure your account, and prevent fraud, abuse, and unauthorized access;
• bill you and process payments, issue invoices and monthly statements, and collect amounts owed;
• provide customer support and respond to your inquiries;
• detect, investigate, and respond to violations of our Terms of Service or Acceptable Use Policy;
• meet our legal, regulatory, and carrier-compliance obligations (including CTIA and carrier 10DLC registration requirements, E911 provisioning, and lawful process);
• monitor and improve Service performance, reliability, and security;
• send you operational messages (e.g., billing notices, security alerts, service interruptions). Marketing messages, if any, are sent only to account administrators and only where permitted by law, with opt-out provided.

We do not sell your personal information. We do not use the content of your messages, calls, voicemails, or recordings to train advertising models, and we do not share communications content with third parties for advertising.

Telecommunications network providers. To deliver calls and messages, we route communications through upstream telecommunications providers and carriers. These providers receive the metadata necessary to originate or terminate the communication (e.g., calling and called numbers, timestamps, message content for SMS/MMS). They are subject to their own privacy and data-handling obligations.

Payment processor. Stripe processes card payments. Their handling of your payment data is governed by Stripe’s privacy policy at stripe.com/privacy.

Infrastructure providers. We use third-party cloud infrastructure, object storage (for voicemails, recordings, and backups), error-monitoring, and uptime-monitoring vendors. These vendors process data on our behalf under contractual obligations limiting their use of the data to providing services to us.

Sub-processors. Our principal sub-processors and the categories of data they handle are:

• Stripe, Inc. — payment processing, billing data, card details (United States).
• Vultr Holdings, LLC — cloud compute and database hosting; processes all data stored on the platform (United States).
• Backblaze, Inc. — encrypted object storage for voicemails, call recordings, and database backups (United States).
• VoIP Innovations (Sinch, Inc.) — upstream telecommunications carrier; receives metadata and message content necessary to originate and terminate calls and SMS/MMS (United States).
• Bandwidth Inc. and other carrier intermediaries as needed for least-cost or feature-specific routing — receives metadata for routed calls and messages.
• Functional Software, Inc. (Sentry) — application error monitoring; receives technical error data and limited request metadata (United States).
• UptimeRobot Service Provider, Ltd. — external uptime monitoring; receives no customer data (Cyprus).
• Fastmail Pty Ltd — transactional and operational email delivery (Australia / United States).

This list may change as we add or replace vendors. Material changes will be reflected in this Policy.

10DLC & regulatory registries. If you use SMS/MMS, certain business and campaign information you submit (brand name, EIN, campaign use case, opt-in flow) is transmitted to the 10DLC registry and mobile carriers for campaign approval. This is required to send messages to U.S. mobile subscribers.

E911 providers. If you enable E911 on a number, the physical address you register is shared with our E911 provider and transmitted to public-safety answering points (PSAPs) when a 911 call is placed.

Legal process. We may disclose information in response to a valid subpoena, warrant, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request. Where legally permitted, we will attempt to notify the affected customer before disclosure.

Business transfers. If Vibratel LLC is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

With your consent. We may share information for other purposes you consent to.

We use cookies and similar technologies only for functional and security purposes: to keep you signed in, remember your preferences, and protect against cross-site request forgery. We do not use third-party advertising cookies, and we do not track you across other websites.

You can configure your browser to refuse cookies, but doing so may prevent you from signing in or using parts of the Service.

We implement technical and organizational measures designed to protect your information, including: encryption of data in transit (HTTPS/TLS), encryption of backups and stored voicemail/recording files at rest, password hashing, role-based access controls, permission scoping, HTTP security headers, signed and short-lived session tokens, and audited administrative access.

No method of transmission or storage is perfectly secure. If we become aware of a security incident affecting your information, we will notify you without undue delay as required by applicable law.

We retain information for as long as your account is active and as needed to provide the Service. Specific retention windows:

• Call Detail Records (CDRs) and message logs: retained for the life of the account, or as required by carrier or regulatory rules.
• Voicemail recordings: retained until you delete them or close your account.
• Call recordings (where enabled): retained until you delete them or close your account. You control recording retention.
• Invoices, statements, and payment records: retained for at least seven (7) years to meet tax and accounting obligations.
• Security and audit logs: retained for up to twelve (12) months.
• Database backups: retained for up to thirty (30) days.

When you close your account, we delete or anonymize your data within a reasonable period, except where retention is required by law, necessary to resolve disputes, or required to enforce our agreements.

Subject to applicable law, you may have the following rights regarding your personal information:

• Access. Request a copy of the personal information we hold about you.
• Correction. Ask us to correct inaccurate or incomplete information.
• Deletion. Ask us to delete your personal information, subject to legal retention requirements.
• Portability. Request a copy of your data in a portable format.
• Objection / restriction. Object to or restrict certain processing activities.
• Opt-out of sale. We do not sell personal information, but you may confirm this with us.
• Withdraw consent. Withdraw any consent you previously provided.

Most of these can be exercised directly in the Service (editing or deleting your account and data). For any request we cannot fulfill in-product, email privacy@vibratel.com. We will verify your identity before acting on your request and respond within the time periods required by applicable law.

California residents (CCPA/CPRA). California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt-out of any “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CCPA. You may make these requests by emailing privacy@vibratel.com and will not be discriminated against for doing so.

Other U.S. state residents. Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (DPDPA), Utah (UCPA), and other states with comparable consumer-privacy laws have substantially the same rights described above — access, correction, deletion, portability, and opt-out of targeted advertising or profiling decisions that produce legal effects. We do not engage in targeted advertising or such profiling. To exercise any state-law right, contact privacy@vibratel.com; we will verify your identity and respond within the timeframe required by the applicable law.

Your obligations. If you use the Service to send SMS or MMS messages or to record calls, you are solely responsible for obtaining all legally required consents from recipients. This includes compliance with the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, state two-party consent recording laws, and carrier 10DLC requirements. See our Acceptable Use Policy for details.

Messages we send to you. When you register an account, we may send you transactional messages (billing, security, operational alerts). You may receive occasional product updates; you can opt out of non-essential messages at any time.

The Service is operated from the United States, and your information will be processed and stored in the United States. If you access the Service from outside the U.S., you consent to the transfer and processing of your information in the United States, which may have data-protection laws different from those of your country. We take reasonable steps to protect your information in accordance with this Policy regardless of where it is processed.

The Service is intended for business use. It is not directed to children under 18, and we do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from a child under 18, we will delete it. If you believe a child has provided us with personal information, please contact us at privacy@vibratel.com.

The Service may contain links to third-party websites or services we do not operate. This Policy does not apply to those third parties; we encourage you to review their privacy policies.

We may update this Policy from time to time. When we make material changes, we will revise the “Last updated” date and notify account administrators by email or in-product notice at least seven (7) days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

Questions, requests, or concerns about this Policy or our handling of your information?

Email: privacy@vibratel.com
Billing questions: billing@vibratel.com
Mail: Vibratel LLC, 2093 Philadelphia Pike Ste# 8647, Claymont, Delaware 19703