Privacy Policy

1. Information We Collect

We collect information you provide directly to us, information generated by your use of our services, and information obtained from third parties.

Account Information

When you register for a Vinix account, we collect your name, business name, email address, phone number, billing address, and payment information. For business accounts, we may also collect your Federal Tax ID (EIN) or other business identifiers necessary for regulatory compliance.

Usage Data

Our services automatically generate records of your usage, including call detail records (CDRs) containing originating and terminating numbers, call duration, timestamps, and call disposition. For SMS services, we retain message metadata (sender, recipient, timestamp, and delivery status) but do not retain the content of SMS messages beyond delivery. For internet services, we retain traffic volume, session duration, and IP address assignment records.

Device & Technical Information

When you access our web portal, desktop application, or mobile application, we collect device identifiers, operating system version, browser type, IP address, and application version. This information is used for security, troubleshooting, and service optimization purposes.

Meeting & Real-Time Communications Information

When you use Vinix Work Meet (meet.vinixglobal.com), we process information necessary to set up and route your call: meeting identifiers, the account identifier of the host, participant identifiers, the display name you enter, connection diagnostics (codec, bitrate, network conditions, disconnect reason), and session timestamps. Authenticated members are identified through Vinix Work-issued tokens; anonymous guests provide only the display name they enter at the lobby. Real-time audio and video streams are routed through our media infrastructure provider but are not recorded or stored on our servers. Captions, when enabled, are produced on demand by our transcription sub-processor. See the “Vinix Work Meet” section below for the full description of this product.

Cookies & Similar Technologies

Our website uses cookies and similar tracking technologies. See the Cookies & Tracking section below for details.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate our services — provision your VoIP lines, process calls, route SMS messages, deliver internet connectivity, generate invoices, and support your account.
• Meet regulatory obligations — comply with FCC regulations, CALEA lawful intercept requirements, E911 obligations, STIR/SHAKEN caller ID authentication, and mandatory data retention rules applicable to telecommunications carriers.
• Improve our platform — analyze aggregate usage patterns to enhance call quality, network performance, and feature development. We use de-identified data for these purposes.
• Communicate with you — send transactional communications (invoices, service alerts, outage notifications), respond to support requests, and with your consent, send marketing communications about new features and offers.
• Fraud prevention and security — detect, investigate, and prevent fraudulent activity, abuse of our network (including traffic pumping and toll fraud), and unauthorized access to accounts.
• Legal compliance — respond to lawful subpoenas, court orders, and law enforcement requests; assert or defend legal claims; and comply with applicable laws and regulations.

3. Information Sharing

We do not sell your personal information to third parties. We may share your information in the following circumstances:

Service Providers

We engage trusted third-party vendors to assist in operating our business, including cloud infrastructure providers, payment processors, customer support platforms, and analytics providers. These vendors are contractually obligated to use your information only to perform services on our behalf and to maintain appropriate security standards.

Interconnect & Carrier Partners

As a licensed telecommunications carrier, we exchange call routing data (including calling and called party numbers) with other carriers as necessary to complete calls and messages. This is an inherent function of the public switched telephone network (PSTN).

Legal Requirements

We may disclose information when required by law, including in response to subpoenas, court orders, National Security Letters, or other legal process. Where permitted, we will notify you of such requests before disclosing your information. We also disclose information when we believe disclosure is necessary to protect the rights, property, or safety of Vinix, our customers, or the public.

Business Transfers

If Vinix is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption in transit: All data transmitted between your devices and our services is encrypted using TLS 1.2 or higher. Voice traffic is encrypted using SRTP where supported by the endpoint.
• Encryption at rest: Sensitive data stored in our systems is encrypted using AES-256 encryption.
• Access controls: Access to customer data is restricted to employees who need it to perform their job functions, enforced through role-based access controls and multi-factor authentication requirements.
• Incident response: We maintain a documented incident response plan. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected customers as required by applicable law and notify relevant regulatory authorities.
• Third-party audits: We conduct periodic security assessments and maintain SOC 2 Type II compliance for our core infrastructure.

No security system is impenetrable. We cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your account credentials.

5. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to our legal retention obligations (for example, call records required to be retained for regulatory purposes cannot be deleted on request).
• Opt-out of marketing: Unsubscribe from marketing communications at any time by clicking “unsubscribe” in any marketing email or contacting us directly.
• Data portability: Request a machine-readable copy of your account data.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days. We may need to verify your identity before processing certain requests.

6. Cookies & Tracking

Our website uses the following categories of cookies:

• Strictly necessary cookies: Required for the website to function, including session management and security tokens. These cannot be disabled.
• Analytics cookies: We use PostHog product analytics for a small set of explicitly-defined product events. The underlying processor is PostHog Inc. (US Cloud). We do not use Google Analytics, advertising pixels, autocapture, session replay, surveys, or heatmaps. The PostHog SDK never initializes when your browser sends a Do-Not-Track signal (navigator.doNotTrack === ‘1’). For Vinix Work Meet, anonymous lobby guests are excluded from analytics at the session level — tracking is disabled before any event fires, no identifier is assigned, and any prior PostHog state in the browser is cleared. Authenticated Vinix Work members are tracked under the contract performance basis set out in the Vinix Work Master Services Agreement and Data Processing Addendum.
• Preference cookies: Remember your settings, such as your selected theme (light/dark mode) and cookie consent choice.

You can control cookie settings through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect website functionality. We do not use cookies for targeted advertising.

7. Data Retention

We retain your information for as long as necessary to provide services and comply with our legal obligations:

• Call detail records (CDRs): Retained for 7 years to comply with FCC record-keeping requirements applicable to common carriers and to support dispute resolution.
• Account information: Retained for the duration of your account and for 3 years following account termination for legal and audit purposes.
• Billing records: Retained for 7 years to comply with IRS and state tax record-keeping requirements.
• Support tickets and communications: Retained for 3 years following resolution.
• Website analytics: Aggregated, de-identified data retained indefinitely; individual session data purged after 26 months.
• Vinix Work Meet — audio/video streams: None retained. Media is forwarded peer-to-peer or through our SFU sub-processor and is never written to disk on Vinix infrastructure.
• Vinix Work Meet — captions & transcripts: Held only client-side in an in-memory store for the duration of the meeting tab, and cleared on page unload. If you explicitly request the transcript by email, it is transmitted via our email sub-processor and is not separately retained by Vinix.
• Product telemetry (PostHog): Custom events retained per the default retention configured in our PostHog project [TBD: confirm exact value with Vinix Work admin]. Events related to anonymous Meet lobby guests are not collected at all.
• Error monitoring (Sentry): Error events retained for 90 days; performance traces retained for 30 days (Sentry plan defaults; subject to change if a custom retention is configured). Authentication tokens and other sensitive payloads are scrubbed before transmission.
• Hosting request logs (Railway): Standard application request logs retained per Railway’s default retention for the vinix-meet project [TBD: confirm exact value].
• Feedback & diagnostics submissions: Sent as the body of an email to [email protected] via our email sub-processor; there is no separate Vinix-side database for these submissions. Retention follows the support inbox retention policy (governed by the row above on support communications).

When retention periods expire, we securely delete or de-identify the data.

8. Children’s Privacy

Our services are designed for businesses and are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13 without verifiable parental consent, we will take steps to delete that information. If you believe we may have inadvertently collected information from a child, please contact us at [email protected].

9. Vinix Work Meet

Vinix Work Meet (“Meet,” available at meet.vinixglobal.com) is the video meeting product included with Vinix Work. This section describes data practices that are specific to Meet; the rest of this Privacy Policy continues to apply.

Audio & Video

Live audio and video are routed through LiveKit Cloud, our real-time-media sub-processor, using selective-forwarding (SFU) infrastructure. Streams are encrypted in transit and are not recorded or stored on Vinix servers by default. Recording is not currently a shipped feature; if and when we introduce recording in a future release, we will update this Privacy Policy and obtain participant notice and consent in line with applicable law before any recording occurs. Browser-side noise suppression is performed by the Krisp SDK running locally in your browser; raw audio is not transmitted to Krisp servers for that processing.

Captions & Transcription

When live captions are enabled in a meeting, audio is transmitted from a Vinix-operated meeting agent to Deepgram, our transcription sub-processor, and the resulting caption text is returned to participants. The transcript is assembled in your browser during the call and is not stored on Vinix servers. After the meeting, you may optionally request that the transcript be emailed to you; if you do, the transcript is transmitted to the email address you provide via SendGrid, our email sub-processor.

Authentication, Members, and Guests

Authenticated members join Meet using Vinix Work-issued JSON Web Tokens (JWTs); there is no separate Meet login. Anonymous guests can join meetings through a lobby and are admitted by the host; for guests we collect only the display name you choose to enter. Meeting identifiers, host account identifiers, and participant identifiers are processed in order to route the call, enforce admit/deny decisions, and record the metadata necessary for support and abuse-prevention.

Telemetry and Error Monitoring

For authenticated Vinix Work members only, we record a small, explicitly-defined set of product events in PostHog (for example, “meeting_joined,” “meeting_left,” and “feedback_submitted”), together with properties such as participant role (member or guest), meeting identifier, account identifier, video quality tier, disconnect reason, and session duration. We do not send chat content, caption text, participant display names, or any audio or video data to PostHog. PostHog autocapture, session replay, surveys, and heatmaps are explicitly disabled in our analytics configuration.

Analytics requests are routed through a same-origin path on meet.vinixglobal.com (/ingest/*), implemented as a Next.js path rewrite, and are forwarded to PostHog US Cloud. The PostHog SDK does not initialize at all if your browser sends a Do-Not-Track signal. Anonymous lobby guests are excluded from analytics at the session level: tracking is disabled before any event fires, no identifier is assigned, and any prior PostHog state in the browser is cleared.

Application errors are captured in Sentry (US, ingest endpoint o1172252.ingest.us.sentry.io). A Sentry event typically contains the stack trace, the browser and operating-system identifier, the originating IP, and request headers; authentication tokens and known-sensitive payloads are scrubbed before transmission. Sentry session replay is disabled entirely for Meet — we do not record DOM snapshots of meetings.

Standard application request logs are produced by our hosting provider, Railway, for the meet and meet-agent services in the vinix-meet project, and are retained per their default configuration.

Feedback and Support

After a meeting, you may optionally submit a one-tap sentiment indicator (“thumbs up” or “thumbs down”). If you select “thumbs down,” you may also include free-text notes and a diagnostic packet (browser, network conditions, codec, and meeting lifecycle events). These submissions are sent by email through SendGrid to our support team and are handled together with other support communications.

10. Sub-Processors

We engage the following sub-processors to deliver the services described in this Privacy Policy. Each sub-processor is bound by a written agreement requiring confidentiality, security safeguards, and processing only on our instructions.

We will provide reasonable advance notice of any new sub-processor through this page or through your administrator contact, and customers subject to a Data Processing Addendum may object to material changes in accordance with the terms of that addendum.

11. Legal Basis for Processing

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:

• Performance of a contract (GDPR Art. 6(1)(b)) — for processing necessary to provide our services to authenticated Vinix Work members under the Vinix Work Master Services Agreement and Data Processing Addendum.
• Performance of a service requested by the data subject (GDPR Art. 6(1)(b)) — for processing the limited information needed to admit anonymous guests into a meeting they have been invited to. We do not subject anonymous lobby guests to product analytics.
• Legitimate interests (GDPR Art. 6(1)(f)) — for service security, fraud and abuse prevention, error monitoring, network operation, and limited product telemetry on authenticated members. We balance these interests against the rights and freedoms of data subjects and provide the controls described in “Your Rights” above.
• Legal obligation (GDPR Art. 6(1)(c)) — for retention and disclosure required by applicable telecommunications, tax, and law-enforcement statutes.
• Consent (GDPR Art. 6(1)(a)) — for non-essential cookies and for marketing communications, where consent is required.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where required by law, by direct notification to your registered email address. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.