Privacy Policy

Previous Policy last updated on June 29, 2020 (view the current version of our privacy policy here.)

This notice explains how Plivo manages and protects your personal data. We want to make sure that you understand what personal data we need from you in order to serve you better, how we use and protect your personal data, and why we need your personal data when you interact with us.

We have implemented strict personal data protection practices that ensure your data is safe while in our care. Plivo wants you to know that we care about your privacy at all times and we are constantly looking for better ways to protect you and serve you better.

What is personal data?

It’s important to understand what we mean when we discuss personal data. Personal data refers to any information related to someone who can be identified through it either directly or indirectly. This means that, in some cases, a single element of information may not identify you but several pieces together will and, if they do, then they are considered personal data. Examples of personal data include your name, identification numbers, location, and factors specific to your physical, mental, economic, or social identity, among others.

What personal data protection and privacy regulations does Plivo comply with?

Because we serve customers globally, we comply with different data protection and privacy regulations around the world, such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) and others. And because we understand we live in an interconnected world, we want to assure you that Plivo commits to protecting all of our customers’ and visitors to our website’s personal data regardless of where they’re located. We respect your privacy rights at all times.

Is Plivo a data controller or a data processor?

Some data protection regulations differentiate between a data controller and a data processor. A data controller is an organization that determines how to collect and process personal data, whereas a data processor is an organization that collects and processes personal data on a data controller’s behalf and under a data controller’s instructions.

Plivo is both a data controller and a data processor.

As a controller, Plivo collects and processes personal data from visitors to Plivo’s website and from customers that sign up for our services. In this context, Plivo determines how this personal data is collected, processed, and shared.

As a data processor, Plivo collects and processes personal data from end users of Plivo’s registered customers, and only does so as per customers’ requirements. Even if we’re not making decisions about how personal data is being processed, we continue to protect the personal data collected by us at all times.

How does Plivo collect and process your personal data?

In order to provide you with an optimal web experience and also great products and services, we need to collect and process your personal data.

The following table explains what personal data we collect from you, how we process it, how we classify your personal data, and, according to personal data protection regulations, what is the legal basis for the processing of your personal data.

We classify your personal data as account data, usage data, content data, and visitor data.

Account data is all the personal data we collect from you to manage your Plivo account, including providing you support and charging you for our services.
Usage data is all the personal data we collect from you when you use our services, such as when you make a call, the length of your call, and whether you are using voice or text.
Content data is all the personal data we collect from you within the service, including the details of text messages or voice calls or voice call audio.
Visitor data is all the personal data we collect from you when you visit our website and when you sign up for communications from Plivo.

Personal Data Collected	Personal Data Processing	Type of Personal Data	Legal Basis for Processing
Contact data (name, address, email, company, phone number, IP address)	This data is used throughout your relationship with Plivo, including opening an account, managing your account, giving you support, providing you with discussion boards, and communicating with you.	Account data	We process your information to fulfill our obligations to you as part of your engagement with Plivo.
Your feedback about our service	In order to continuously improve our products and services, we collect your feedback through surveys, remarks, and ratings for the calls and messages on your account.	Account data	We process your information to fulfill our obligations to you as part of your engagement with Plivo.
Sending and receiving phone numbers and text content	We use this data to be able to provide you with SMS and MMS texting services	Usage data Content data	We process your information to fulfill our obligations to you as part of your engagement with Plivo.
Your current phone numbers	If you want to transfer (port) your number to Plivo, we need your phone numbers to perform this transfer for you.	Account data	We process your information to fulfill our obligations to you as part of your engagement with Plivo.
Voice recording	As part of our services, we store voice recordings for you, we provide you with the option to turn text into speech, and we provide you with other services such as call forwarding, call conferencing and IVR.	Usage data Content data	We process your information to fulfill our obligations to you as part of your engagement with Plivo.
Payment management	In order to pay for our services, we need information about your payment method. We also keep history of your usage and payments for you to be able to verify our charges and, if necessary, dispute any billing.	Usage data Account data	We process your information to fulfill our obligations to you as part of your engagement with Plivo.
Email address, name	If you are interested in hearing from us, you may sign up for our newsletter. Also, if you want to download any of our white papers, you may share your contact information with us so that we can follow up with you based on your interests. You may opt out of these communications at any time.	Visitor data	This is a legitimate interest on our part to ensure that we are giving you the right information and to engage with you.
Cookie tracking, including IP address, device type, location	We use cookies to provide you with a better web experience and to serve you with relevant ads. You may opt out of cookies at any time.	Visitor data	This is a legitimate interest on our part to continuously improve our website content and navigation as well as the relevance of ads you may find on other sites.

How does Plivo share your personal data?

As part of the products and services that Plivo offers to you, we need to share your personal data with our employees and some other third parties that help Plivo deliver our products and services. We always make sure that we share your personal data when it is absolutely necessary to give you the best products and services, and we ensure that we do so in a safe and controlled way.

Plivo does not sell or share your personal data for any monetary or business reason that will directly benefit or advance Plivo’s business interests.

The following table explains who the parties are that we share your personal data with and the purposes why they need access to your personal data.

Entity	Purpose
Telecom carriers	Carriers require your personal data including your phone number and the content of your message or call.
Plivo’s sub-processors	These are companies that provide services to Plivo such as storage and infrastructure, payment services, support processing, and data analysis. Refer to the sub-processor page for a list of these service providers.
Compliance with legal obligations	To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or other legal process or where we need to protect a legitimate business interest such as fighting against fraud that harms our rights. Plivo will use reasonable efforts to notify you of the disclosure requirement, unless prohibited by law or if disclosure is required under exigent circumstances. Exigent circumstances are when there is a request for disclosure from a government or law enforcement agency, where there is a threat of death or serious bodily injury to a person and Plivo may have the required information to prevent it. We will review these requests in line with the applicable law and our policies, before disclosure.

How does Plivo protect your personal data?

Plivo takes the protection and security of your personal data very seriously. We use physical, organizational, technical, and administrative measures to safeguard your personal data, and regularly reassess and revise our policies and practices to improve security measures to protect personal data, and seek to partner with organizations that do the same.

No data transmission over the internet, whether wired or wireless, is 100% secure, so we cannot fully guarantee the security of information transmitted to Plivo and cannot be responsible for the actions of any third party that may intercept any such information. Once we receive your data, we commit to making all reasonable efforts to protect it to ensure it resides securely in our systems.

If you believe that your personal data may have been compromised by Plivo or by using Plivo’s website, products, or services, please contact our support team immediately.

Where does Plivo store your personal data?

The personal data that Plivo receives from you resides in different locations around the globe. Plivo is certified under the EU-US Privacy Shield framework, which means that the EU and/or UK authorities allow us to transfer your personal data into our locations in the US.

For personal data stored in the US at any of our third-party providers, Plivo ensures that we solely work with US third-party providers that comply with the EU-US Privacy Shield Framework.

For personal data stored in other regions, we ensure that we have the appropriate international transfer mechanism in place, such as Standard Contractual Clauses.

Keeping in line with our commitment to protect your personal data, Plivo ensures that all third-party providers we work with sign a Data Processing Agreement to ensure that they will protect your personal data according to Plivo’s expectations.

Rights over your personal data

Privacy and data protection regulations such as the GDPR and the CCPA grant you rights that you can exercise over the personal data that organizations like Plivo collect and manage about you. At Plivo, we believe in providing these rights to all of our customers regardless of where they are located in the world. Every Plivo customer has the same rights over their personal data.

Unless there are clear exceptions because of legal or regulatory requirements, we will work to ensure that your requests are addressed within 30 days. These are the requests you may contact Plivo about:

You have the right to access the personal data that Plivo maintains about you, including the categories of data and how Plivo collects, processes, and shares your personal data.
You have the right to request deletion of your personal data, update or correct your data, object to processing of your data, ask us to restrict processing of your data, and request portability of your data. On each particular case we will inform you of the consequences of your request and whether there are any exemptions to honoring your request based on legal, regulatory, or contractual requirements.
If Plivo has collected and processed your personal data based on your explicit consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing Plivo conducted prior to your withdrawal.
You have the right to be notified about a data breach that may impact the integrity, availability, or confidentiality of your personal data. Refer to our data breach notification section for more details.
You have the right to complain to a data protection authority about Plivo’s collection and processing of your personal data. However, we would appreciate it if you give us the opportunity to deal with your complaint internally before contacting a data protection authority.
You have the ability to access, update, or delete your personal data if you log into your account. Furthermore, you also have the ability to withdraw your consent to any marketing communications you have signed up for.

If you want to directly manage your personal data through the Plivo account and don’t know how to do this, refer to our articles about how to manage your account or how to close your account.

To exercise any of the rights you have over your personal data or if you’re not able to complete your request directly through your account, please send an email to privacy@plivo.com. Once we receive your request, we’ll contact you to provide acknowledgement and request further information if required. We will never discriminate against you for exercising your personal data rights.

Automated decision-making

Plivo has implemented automated decision-making rules to monitor payments and account activity to minimize the possibility of fraud. If we find suspicious activity that we believe is fraudulent, we will suspend the payment or the account and will notify you. You will be able to exercise your right to object, where we will explain to you the rationale that we followed for our decision.

Personal data breach notification

Plivo, as part of our security and data protection measures, has implemented processes to deal with suspected personal data breaches, and will notify you and any applicable regulator of a breach where we are legally required to do so.

Should we learn of a security breach that affects your personal data, we will notify you to explain how this breach may affect you and to provide you with advice on how to protect yourself. We will contact you through the email address we have on file or by posting a notice on our website.

Plivo’s personal data retention period

To comply with telecommunications and other regulations, we generally retain all the data that you generate as part of your relationship with Plivo for seven (7) years after you close your account, unless otherwise required by legal, security, or other requirements in accordance with the applicable law.

Plivo’s Data Processing Addendum

In our role as a processor, we are happy to provide you with a Data Processing Addendum (DPA), where we commit to safeguarding the personal data that we process on your behalf, supporting you on any request you may receive from individuals or Data Protection Authorities, and ensuring that we process personal data according to personal data protection regulations such as the General Data Protection Regulation in the EU.

Plivo’s contact information

If you have questions about how Plivo collects, uses, discloses, or protects your personal data, or if you have questions about this privacy notice, including any requests to exercise your personal data rights, you may contact our appointed Data Protection Officer:

Data Protection Officer

Alejandra Brown
Email address: privacy@plivo.com
Phone number: +1 (512) 788-5087

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Plivo has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, Plivo has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

EU-US Privacy Shield

Privacy Shield Compliance. Plivo complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and/or Switzerland to the United States. Plivo has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability (the “Privacy Shield Principles”). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. As required under Privacy Shield principles, in the event we are unable to resolve your complaints or disputes per engagement with Plivo at the contact information below, you may contact the American Arbitration Association / International Centre for Dispute Resolution (AAA / ICDR), Plivo’s designated alternative dispute resolution provider located in the United States, for more information or to file a complaint. AAA / ICDR will investigate and assist you free of charge in resolving your complaint. Further, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Plivo is subject to the investigatory and enforcement powers of the US Federal Trade Commission.

Onward Transfers of Personal Data. Except as described herein, Plivo discloses personal data only to third parties that contractually agree to abide by or provide the same level of protections as set forth in the Privacy Shield Principles. Plivo may provide personal data to third parties that act as service providers, consultants, and contractors to perform tasks on behalf of and under our written instructions (“Third Party Agents”). Third Party Agents must agree to use such personal data only for the purpose for which it is provided by us, and they must contractually agree to provide adequate protections for the personal data that are no less protective than those required by the Privacy Shield Principles. In cases of onward transfer to third parties of personal data covered under our EU-US Privacy Shield or Swiss-US Privacy Shield certifications, Plivo may continue to be liable.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Questions and Assistance. For assistance or questions regarding this Privacy Policy or use of data in connection with the Plivo Cloud, you may email us at privacy@plivo.com.

Legal