Legal
Privacy Policy
Last updated on 11th September, 2024 (view the prior version of our privacy policy here.)
This notice explains how Plivo Inc. ("Plivo," "we," "us") manages and protects your personal data. We want to make sure that you fully understand the nature of the personal data we need from you to serve you better, how we use and safeguard your personal data, and why the collection and processing of your personal data is necessary when you interact with us.
What does this Notice cover?
This notice applies to all personal data collected via the use of our website(s), applications, products and services, through communication with Plivo, and by any other means through which you provide personal data to us, directly or indirectly.
This notice does not cover personal data collected about employees or job applicants.
What is personal data?
It is important to understand what we mean by "personal data." Personal data refers to any information related to an individual that can identify them, either directly or indirectly. This means that, in some cases, a single element of information may not identify you, but several pieces together will and, if they do, then they are considered personal data. Examples of personal data include your name, identification numbers, location, factors specific to your physical, mental, economic or social identity, among others.
What personal data protection and privacy regulations does Plivo comply with?
Because we serve customers globally, we comply with various data protection and privacy regulations around the world, such as the EU General Data Protection Regulation (GDPR), U.S. state privacy laws including the California Privacy Rights Act (CPRA), and others. We understand that we live in a fully interconnected world, and we want to assure you that Plivo is committed to protecting the personal data of all our customers and visitors to our websites, regardless of their location.
Plivo wants you to know that we always respect your privacy rights, and we are constantly looking for better ways to protect you and serve you better.
Is Plivo a data controller or a data processor?
Some data protection regulations differentiate between a data controller and a data processor. A data controller is an organization that determines how to collect and process personal data whereas a data processor is an organization that collects and processes personal data on the data controller’s behalf and under the data controller’s instructions.
Plivo is both a data controller and a data processor.
As a controller, Plivo collects and processes personal data from visitors to the Plivo’s website(s) and from customers that sign up for our products and services. In this context, Plivo determines how this personal data is collected, processed and shared.
As a data processor, Plivo collects and processes personal data from end users of Plivo’s registered customers and only does so as per customer’s requirements. Even if we are not making decisions about how personal data is being processed, we continue to protect the personal data collected by us, at all times.
How does Plivo collect and process your personal data?
To provide you with an optimal web experience, along with high-quality products and services, it is necessary for us to collect and process your personal data.
We categorize your personal data into four types: Account Data, Usage Data, Content Data, and Visitor Data.
- Account data: This includes all personal data collected to manage your Plivo account. It includes information necessary for providing support and billing for our services.
- Usage data: This includes all personal data collected when you utilize our products and services, such as making calls, the duration of those calls, and whether you are using voice or text services, among other usage details.
- Content data: This refers to all personal data collected within the service, including details of emails, SMS/Voice messages, and any AI-generated content created and sent by Plivo customers.
- Visitor data: This is all personal data collected when you visit our website, applications and when you sign up to receive communications from Plivo.
The following table details the types of personal data we collect, how we process it, the products and services for which your personal data is utilized, how we classify your personal data, and, in accordance with personal data protection regulations, the legal basis for processing your personal data.
How does Plivo share your personal data?
As part of the products and services that Plivo offers to you, we need to share your personal data with our employees and some other third-parties that help Plivo deliver our products and services or when necessary for our suppliers to provide services to us. We always make sure that we share your personal data when it is absolutely necessary to give you the best products and services and we ensure that we do so in a safe and controlled way.
The following table explains who the parties are that we share your personal data with and the purposes why they need access to your personal data.
How does Plivo protect your personal data?
Plivo takes the protection and security of your personal data very seriously. We use physical, organizational, technical, and administrative measures to safeguard your personal data, and regularly re-assess and revise our policies and practices to improve security measures to protect personal data and seek to partner with organizations that do the same.
Please remember that no data transmission over the Internet, whether wired or wireless, is 100% secure, therefore we cannot fully guarantee the security of information transmitted to Plivo and cannot be responsible for the actions of any third-party that may intercept any such information. Once we receive your data, we commit to making all reasonable efforts to protect it to ensure it resides securely in our systems.
As a global organization, we may need to transfer your personal data to Plivo affiliates, contractors, service providers, and to third parties in countries outside of the United States. In such cases, we take care to use appropriate safeguards to ensure your personal data remains protected.
If you believe that your personal data may have been compromised by Plivo or by using Plivo’s website, products or services, please contact us using the details in the “contact information” section of this notice. We will be happy to assist you.
Where does Plivo store your personal data?
The personal data that Plivo receives from you resides in different locations around the globe. Plivo is currently certified under the EU-US Privacy Shield framework, which means that the EU authorities allow us to transfer your personal data into our locations in the US.
For personal data stored in the US at any of our third-party providers, Plivo ensures that we solely work with US third-party providers that comply with the EU-US Privacy Shield framework.
For personal data stored in other regions, we ensure that we have the appropriate international transfer mechanism in place such as Standard Contractual Clauses.
And keeping in line with our commitment to protect your personal data, Plivo ensures that all third-party providers we work with sign a Data Processing Agreement to ensure that they will protect your personal data according to Plivo’s expectations.
Rights over your personal data
Privacy and data protection regulations such as the GDPR and the CPRA grant you with rights that you can exercise over the personal data that organizations like Plivo collect and manage about you. At Plivo we believe in providing these rights to all of our customers regardless of where they are located in the world. Every Plivo customer has the same rights over their personal data.
Unless there are clear exceptions because of legal or regulatory requirements, we will work to ensure that your requests are addressed within 30 days. These are the requests you may contact Plivo about:
- You have the right to access the personal data that Plivo maintains about you, including the categories of data and how Plivo collects, processes and shares your personal data.
- You have the right to request deletion of your personal data, update or correct your data, object to processing of your data, ask us to restrict processing of your data or request portability of your data. In each case we will inform you of the consequences of your request and if there are any exemptions to honoring your request based on legal, regulatory or contractual requirements.
- If Plivo has collected and processed your personal data based on your explicit consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing Plivo conducted prior to your withdrawal.
- You have the right to be notified about a data breach that may impact the integrity, availability or confidentiality of your personal data. Refer to our data breach notification section for more details.
- You have the right to complain to a data protection authority about Plivo’s collection and processing of your personal data. However, we would appreciate it if you give us the opportunity to deal with your complaint internally before contacting a data protection authority.
You have the ability to access, update or delete your personal data if you log into your account. Furthermore, you also have the ability to withdraw your consent to any marketing communications you have signed up for.
If you want to directly manage your personal data through the Plivo account and don’t know how to do this, refer to our articles about how to manage your account or how to close your account.
In order to exercise any of the rights you have over your personal data or if you are not able to complete your request directly through your account, please send an email to [email protected] Once we receive your request, we will contact you to provide acknowledgement and request further information if required. We will never discriminate against you for exercising your personal data rights.
Automated decision-making
Plivo has implemented automated decision-making rules to monitor payments and account activity to minimize the possibility of fraud. If we find suspicious activity that we believe is fraudulent we will suspend the payment or the account and will notify you. You will be able to exercise your right to object where we will explain to you the rationale that we followed for our decision.
Personal data breach notification
Plivo, as part of our security and data protection measures, has implemented processes to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Should we learn of a security breach that affects your personal data, we will notify you in order to explain how this breach may affect you and to provide you with any advice on how to protect yourself. We will contact you through the email address we have on file or by posting a notice on our website.
Plivo’s personal data retention period
Due to telecommunications and other regulations, we generally retain all the data that you generate as part of your relationship with Plivo for seven (7) years after you close your account, unless otherwise required by legal, security or other requirements in accordance with the applicable law.
Plivo’s Data Processing Addendum
In our role as a processor, we are happy to provide you with a Data Processing Addendum (or DPA) where we commit to safeguarding the personal data that we will process on your behalf, will support you on any request you may receive from individuals or Data Protection Authorities and will ensure that we process personal data according to personal data protection regulations such as the General Data Protection Regulation in the EU.
Plivo’s Contact information
If you have any further questions about how Plivo collects, uses, discloses or protects your personal data or if you have any questions about this privacy notice, including any requests to exercise your personal data rights, you may contact our appointed Data Protection Officer using the details set out below.
Data Protection Officer
Kunle Adewumi
Email address: [email protected]
+1 512 788 5087
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Plivo has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) - UK Representative
Pursuant to Article 27 of the UK GDPR, Plivo has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
- by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
- by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
U.S Supplemental Privacy Notice
This section of the Privacy Notice describes the practices that we follow regarding the collection, use, and disclosure of personal information of consumers in US states that have enacted privacy laws including but not limited to California, Colorado, Virginia, Utah, and Connecticut collectively referred to as “US State Privacy Laws”:
For California residents, “personal information” is broadly defined under the California Privacy Rights Act (the “CPRA”) to include, among other things, all information that can be directly or indirectly linked to an individual or household. In all cases, personal information does not include de-identified information, aggregate information that cannot be linked to a particular individual, or pseudonymised information.
Categories of Collected Personal Information
Plivo, for the purpose of our business or for the purpose of your interactions with our website, collects and uses the following categories of personal information:
Plivo collects these categories of personal information from the following sources:
- Directly from the individual the information is about.
- Indirectly from an individual’s interaction with our website or our products.
We use and disclose personal information according to the purposes established in the sections How does Plivo collect and process your personal data and How does Plivo share your personal data.
Disclosures of personal information
Plivo has shared your personal information in the last twelve months on all categories identified and for the purposes described in this Privacy Notice.
Sale of personal information
Plivo may have collected publicly available personal information about you or obtained your information from third party providers. This information includes the industry, size, and other general information about your company such as URLs, in order to help Plivo understand our customers better. If you want to opt-out, you may email us at [email protected].
Automated decision-making
Plivo has implemented automated decision-making process as described in the Section Automated decision-making above.
Your Privacy Rights
Individuals who reside in states with US State Privacy Laws have certain rights regarding the collection, use and disclosure of their Personal information. These rights vary by state. If the state in which you reside mandates it, we will provide you with the following rights:
- Right to opt-out of sharing your Personal information for cross-context behavioral advertising or, in other states, to opt-out of targeted advertising;
- Right to data portability, which means that you may request that we provide you a copy of specific pieces of Personal information we have collected about you in the past 12 months in an electronic format;
- Right to request to know about the Personal information we process about you or acknowledge the processing of your Personal information;
- Right to request that we correct your Personal information;
- Right to request that we delete your Personal information;
- Right to request that we limit the processing of your Sensitive Personal information;
- Right to opt-out of the processing of your Sensitive Personal information;
- Right to appeal the denial of a request; and
- Right to lodge a complaint with the data protection authority in your jurisdiction.
For individuals in California, once we receive your request to disclose how Plivo has collected, used, and shared your Personal information in the last twelve months, we will verify your identity and provide the following information:
- Categories of Personal information collected about you by Plivo.
- Sources from which we obtained your Personal information.
- Purposes for using your Personal information.
- Third parties with whom we shared your Personal information.
- Whether we sold or shared your Personal information for the benefit of Plivo.
We aim to respond to your requests within the established 45 days from receipt. If we require more time to respond, we will let you know within this period. We will deliver our response by mail or electronically, depending on your preference.
We will not discriminate against you for exercising your personal information rights.
Authorized agent
You may designate an authorized agent to make requests on your behalf. We will require verification that you did, in fact, authorize the agent. Unless the law requires otherwise, your authorized agent must provide contact details for you. We will contact you to confirm that you authorized the agent. Once you confirm, we will promptly respond to the rights request.
Exercising your privacy rights
To exercise your rights, you may contact us at [email protected]. In order to fulfill your request, we may require additional personal information for purposes of verifying your identity. If you make a request through your designated agent, we may require additional information from you to verify the authorization of your designated agent.
EU-US Data Privacy Framework
Data Privacy Framework Compliance. Plivo complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Plivo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Plivo has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission has jurisdiction over Plivo’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). In compliance with the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF, Plivo commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. EU, UK and Swiss individuals with DPF inquiries or complaints regarding our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF should first contact our DPO here.
Plivo has further committed to refer unresolved privacy complaints under the DPF Principles concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF to the American Arbitration Association / International Centre for Dispute Resolution (AAA / ICDR), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of AAA / ICDR are provided at no cost to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See
https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
Onward Transfers To Third Parties. Plivo’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Plivo remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Plivo proves that it is not responsible for the event giving rise to the damage.
Choices and Rights Over Your Personal Data. Pursuant to the Data Privacy Frameworks, EU, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to the Contact Information here. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to the Contact Information here.
Questions and Assistance. For assistance or questions regarding this Privacy Policy or use of data in connection with the Plivo Cloud, you may email us at any time at [email protected]