Last updated: 2026-05-24

Privacy Policy

This Privacy Policy describes how Netexem ("we," "us," "our") collects, uses, stores, and shares information about you when you visit our website, sign up for our services, or use the Netexem unified communications platform (collectively, the "Services").

1. Information We Collect

Account information

When you sign up or request a quote, we collect business name, contact name, email address, telephone number, and service address. For billing customers, we also collect payment method information through our payment processor — we do not store full card numbers ourselves.

Service usage information

During use of the unified communications platform, we collect call detail records (caller, called party, duration, timestamp), message metadata (sender, recipient, timestamp, status), session logs, device identifiers, IP addresses, and authentication events. Call audio and message content are stored only as needed to deliver the Services and only for the retention period described in Section 4.

Device and technical information

We collect device type, operating system, app version, language, time zone, and crash diagnostic data necessary to operate the mobile and desktop applications. The mobile app requests permission to access microphone, camera, contacts, and push notifications — each permission is requested at first use and can be revoked at any time in operating-system settings.

Website analytics

With your consent (see Section 7 — Cookies), we collect Google Analytics measurement data including page views, referrers, approximate geographic region, and aggregated user-flow information. We do not collect personally identifying information through analytics.

2. How We Use Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Services
• Process payments and send invoices
• Provision telephone numbers and configure user accounts
• Deliver inbound and outbound calls and messages
• Provide customer support and respond to inquiries
• Send service-related notices (outage notifications, scheduled maintenance, billing reminders)
• Detect, prevent, and address technical issues, fraud, and security incidents
• Comply with legal obligations including law-enforcement requests with valid legal process

We do not use customer call content, message content, or contact data for advertising or for training third-party AI models.

3. How We Share Information

We do not sell or rent personal information. We share information only:

• With service providers strictly necessary to deliver the Services (payment processors, telecommunications carriers, email delivery, SMS delivery, hosting infrastructure) under written contracts requiring confidentiality
• With law enforcement in response to valid legal process, or as otherwise required by law
• With your express consent
• In connection with a business transfer (merger, acquisition, sale of assets) — the acquiring party is bound to the privacy commitments in effect at the time of transfer

4. Data Retention

We retain personal and service data only as long as needed to operate the Services and meet legal obligations:

• Account information: for the duration of the relationship plus 7 years for financial records
• Call detail records and message metadata: 90 days unless a longer retention is required by law or by a customer-specific compliance package
• Call recordings and voicemail audio: 90 days unless retained longer at the customer's direction
• Inbound SMS raw payloads: 90 days, after which they are purged automatically
• Website analytics: per Google Analytics default retention settings

5. Your Rights

California residents (CCPA / CPRA)

California residents have the right to:

• Know what personal information we collect, use, and share
• Request access to or deletion of personal information we hold about you
• Opt out of the "sale" or "sharing" of personal information — we do not sell or share personal information for cross-context behavioral advertising; this notice is provided for completeness
• Limit the use of sensitive personal information
• Be free from discrimination for exercising your privacy rights
• File a "Shine The Light" request for disclosure of any personal information shared with third parties for direct marketing (Civil Code Section 1798.83)

To exercise these rights, contact us through our website contact form or by email to the account contact on file.

EEA / UK residents (GDPR)

Although our Services target US businesses, EEA and UK residents who interact with our website have the right to access, correct, delete, or port their personal data, and the right to object to processing or to file a complaint with their local data-protection authority.

TCPA opt-out

Recipients of SMS messages originated through the Services may opt out at any time by replying STOP. Our platform automatically detects and honors STOP, START, and HELP keywords on every campaign in compliance with the Telephone Consumer Protection Act and CTIA short-code guidelines.

6. Children

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

7. Cookies and Tracking

Our website uses cookies and similar technologies. We provide a cookie banner at first visit that lets you accept or decline non-essential categories:

• Strictly necessary cookies — required for the site to function (e.g., consent state, form submission tokens). These are always set.
• Analytics cookies — Google Analytics, set only after consent. Used for aggregate site analytics.
• Marketing cookies — Google Ads conversion tracking, set only after consent. Used to measure paid-traffic conversion.
• Live chat cookies — Crisp chat widget, set only after consent. Used to support real-time chat conversations.

You can revoke or change consent at any time through the cookie-settings link in the website footer.

8. Security

We use industry-standard technical and organizational measures to protect personal information, including encryption in transit (TLS 1.2+), encrypted local token storage in the desktop apps, JWT-based session management with 15-minute access tokens, bcrypt password hashing, progressive rate limiting, account lockout after repeated failed authentication, private VPC database deployment, and WAF IP whitelisting on the administrative portal.

No security control is perfect. If we become aware of a security incident affecting personal information, we will notify affected customers and applicable regulators within the timeframes required by law.

9. International Data Transfers

We operate from the United States and store data on US infrastructure (primarily AWS US regions). If you access the Services from outside the United States, your information will be transferred to and processed in the US, where data-protection law may differ from the law of your country of residence.

10. Third-Party Services

The Services interact with third-party services including telecommunications carriers, payment processors, email delivery, SMS delivery, mapping providers, and analytics. Each third party has its own privacy practices; we use only providers with reasonable privacy and security commitments.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to the account contact and posted on this page at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

12. Contact Us

To exercise your rights, ask questions about this Privacy Policy, or report a concern, please contact us through the website contact form or by reaching out to the account contact on file. We respond to verified privacy requests within 30 days.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.