1. Scope
This policy applies to the Ringback website at ringback.aiand to the missed-call recovery service we provide through it (the “Service”). It applies to people who visit the site, create an account, subscribe to the Service, and to the callers whose missed calls are processed by the Service on behalf of our customers.
2. Information we collect
2.1 Information you give us
- Account information: your email address, password (stored only as a salted hash by our authentication provider), business name, and the mobile number you forward calls from.
- Billing information: payment is processed by Stripe. We do not receive or store full card numbers. We do receive and store a Stripe customer ID, subscription ID, the subscription status, and limited card metadata (brand, last 4 digits, expiry) that Stripe returns to us.
- Configuration data: settings you choose for the Service, such as service-area rules, business hours, and the script used in the automated text message we send to missed callers.
- Support correspondence: the contents of emails you send us.
2.2 Information generated by your use of the Service
- Call metadata:for each inbound call that reaches the Ringback number assigned to you, our telephony provider (Twilio) sends us the caller’s phone number, the called number, the time of the call, the call duration, the carrier, and the call outcome (answered, missed, voicemail, etc.). We store this metadata so we can run the callback flow, count your monthly usage, and show you the call log inside the app.
- Outbound SMS metadata: for each automated text message sent on your behalf to a missed caller, we store the recipient number, the message body that was sent, the time, and the delivery status returned by Twilio.
- Voicemail audio and transcripts (only if you enable voicemail): we receive recordings and transcripts from Twilio and store them so you can listen to and read them inside the app.
- Service logs: technical logs such as IP addresses, browser type, request paths, and timestamps generated when you use our website or API. These are used for security, debugging, and abuse prevention.
2.3 Information from third parties
We receive event data from Stripe (subscription, payment, refund and dispute events) and from Twilio (call status, SMS delivery status, number-provisioning events).
3. How we use information
- To provide the Service: routing calls, sending the automated callback text, displaying the call log, and metering usage against your plan.
- To bill you and prevent payment fraud.
- To send transactional emails about your account, your subscription, and the Service (for example: trial expiry, failed payments, security notices).
- To provide customer support.
- To detect, investigate and prevent abuse, fraud, and violations of our Terms.
- To comply with legal obligations.
We do not sell personal information. We do not use the contents of your call metadata or outbound SMS to train AI models.
4. Legal bases (for users in the EEA / UK)
Where the GDPR or UK GDPR applies, we rely on the following legal bases: (a) performance of a contract with you, to provide the Service you subscribed to; (b) our legitimate interests in running, securing, and improving the Service; (c) compliance with a legal obligation; and (d) your consent where we ask for it (for example, for any non-essential cookies).
5. Service providers we share information with
We share information with the providers below strictly for the purpose of running the Service. They are bound by contractual confidentiality and data-protection obligations.
- Twilio Inc.— telephony and SMS. Twilio carries your calls and our outbound text messages, and gives us the call/SMS metadata described above.
- Stripe, Inc.— payment processing, subscription billing, and card storage.
- Supabase, Inc.— managed PostgreSQL database and authentication.
- Vercel Inc.— web hosting and serverless compute for the website and API.
- Email delivery provider— transactional email delivery.
We will also disclose information when required by law, by a subpoena, or by a court order, and to protect the rights, property or safety of Ringback, our customers or the public.
6. International transfers
Our providers are primarily based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. Where required, we rely on the European Commission’s Standard Contractual Clauses (or equivalent transfer mechanisms used by our providers) to legitimise the transfer.
7. Retention
- Account, billing and configuration data: kept for as long as your account is active, and for up to 24 months after closure to handle disputes, refunds, tax records and abuse history.
- Call metadata and outbound SMS metadata: kept for 24 months from the date of the call/message, then deleted or aggregated.
- Voicemail recordings and transcripts: kept for 90 days from receipt, then deleted, unless you delete them sooner from the app.
- Service logs: kept for up to 90 days for security and debugging.
Tax invoices and other records we are legally required to keep may be retained for the period required by the applicable tax law (typically up to 7 years).
8. Your rights
Depending on where you live (in particular if you are in the EEA, the UK, or in a US state with a comprehensive privacy law such as California, Colorado, Connecticut, Virginia, Utah or Texas), you may have some or all of the following rights:
- Access to the personal information we hold about you.
- Correction of inaccurate information.
- Deletion of your personal information.
- Portability of information you provided to us.
- Objection to, or restriction of, certain processing.
- Withdrawal of any consent you previously gave us.
- The right to lodge a complaint with your local data-protection supervisory authority.
To exercise any of these rights, email founders@ringback.ai. We may need to verify your identity before we act on the request. We will not discriminate against you for exercising a privacy right.
9. Information about callers who contact our customers
When somebody calls a Ringback number we assigned to one of our customers, we act as a processor(or “service provider”, in California terms) for that customer. The customer is the controllerof that information and is responsible for ensuring that their use of the Service — including the automated text message we send to missed callers — complies with applicable law, including the US Telephone Consumer Protection Act (TCPA), CAN-SPAM, state telemarketing laws, and any equivalent law in their jurisdiction. If you are a missed caller and you want your number removed from a Ringback customer’s database, please reply STOP to the text message you received, or contact the business that called you.
10. Security
We use industry-standard measures to protect information, including encryption in transit (TLS), encryption at rest for our database, hashed passwords, scoped API credentials, and limited employee access. No security control is perfect; we cannot guarantee absolute security.
11. Children
Ringback is a business tool and is not directed to children under 16. We do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.
12. Cookies and similar technologies
We use a small number of strictly necessary cookies and similar technologies to keep you signed in, to remember your preferences, and to keep the site secure. We do not use third-party advertising cookies. If we add any analytics in the future that uses non- essential cookies, we will update this policy and (where required) ask for your consent first.
13. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify active customers by email and update the “Last updated” date above. Continued use of the Service after the effective date of the updated policy means you accept the change.
14. Text messaging (SMS)
We do not share, sell, or rent your mobile phone number or your SMS opt-in consent to any third parties or affiliates for their own marketing or promotional purposes. Mobile information is used only to operate the Ringback service that you, or the business you contacted, requested. Message frequency varies— a single booking conversation may include several messages. Message and data rates may apply. You can opt out at any time by replying STOP to any message; reply HELP for help.
15. Contact
Questions about this policy or about your information? Email founders@ringback.ai.