Privacy Policy

Last updated: March 21, 2026

1. Introduction

PBXClaw LLC (“PBXClaw,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our phone system platform and website at pbxclaw.com.

2. Data We Collect

Account Information

  • Name, email address, phone number
  • Company name
  • Country of residence
  • Payment information (processed and stored by Stripe — we do not store card numbers)

Usage Data

  • API key usage and authentication logs
  • IP addresses and approximate geolocation
  • Browser type and user agent
  • Feature usage patterns

Telephony Data

  • Call detail records (CDRs): caller ID, destination, duration, timestamp
  • Phone provisioning data: device model, MAC address, firmware version
  • Voicemail recordings (stored on your on-premise server, not our cloud)

3. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To process payments and manage subscriptions
  • To send transactional emails (welcome, billing, security alerts)
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations
  • To provide customer support

We do not sell your data. We do not serve ads. We never will.

4. Data Retention

  • Account data: Retained for the life of your subscription plus 90 days
  • Authentication logs: 12 months
  • Call detail records: 12 months
  • Payment records: 7 years (tax compliance)
  • Support tickets: 24 months after resolution

After the retention period, data is permanently deleted. You may request earlier deletion at any time (see Section 7).

5. Data Sharing

We share data only with:

  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • Cloudflare: Infrastructure hosting and CDN

We do not share data with advertisers, data brokers, or any other third parties. We may disclose data if required by law, subpoena, or court order.

6. GDPR Compliance (EEA Customers)

If you are in the European Economic Area, you have the following rights under GDPR:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to certain processing activities

Legal basis for processing: contract performance (providing the Service), legitimate interest (security, fraud prevention), and consent (marketing communications, where applicable).

To exercise your rights, contact privacy@pbxclaw.com. We will respond within 30 days.

7. CCPA Compliance (California Residents)

Under the California Consumer Privacy Act, California residents have the right to:

  • Know what personal information is collected and how it is used
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising these rights

To make a CCPA request, email privacy@pbxclaw.com with the subject “CCPA Request.”

8. Deletion Rights

You may request full account deletion at any time by contacting support@pbxclaw.com or through your account dashboard. Upon verified request:

  • Account data will be deleted within 30 days
  • Payment records may be retained for up to 7 years for tax compliance
  • Aggregated, anonymized analytics data may be retained indefinitely
  • Backups containing your data are purged within 90 days

9. Cookie Policy

PBXClaw uses minimal cookies:

  • Essential cookies: Session authentication, CSRF protection. Required for the Service to function. Cannot be disabled.
  • Preference cookies: Dashboard settings, language preferences. Expire after 1 year.

We do not use: Tracking cookies, advertising cookies, third-party analytics cookies, or any cookie-based profiling. No consent banner is required because we only use essential cookies.

10. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, regular security audits, and access controls. API keys are hashed before storage. However, no method of transmission over the internet is 100% secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests:
privacy@pbxclaw.com

PBXClaw LLC
Privacy Team
pbxclaw.com