Privacy Policy

1. Who We Are

ProCall365 provides cloud-based VoIP telephone services to businesses in the UK and USA.

We are the data controller for personal data collected through https://procall365.com and our customer portal.

To contact our data protection team: support@procall365.com

2. What Data We Collect

We collect the following categories of personal data:

• Account data: your name, business name, email address, phone number, and billing address.
• Payment data: payment card details are processed and stored by Stripe, our PCI-DSS-compliant payment processor. We store only a tokenised reference and last four digits.
• Communications data: if call recording is enabled, recordings of calls made through our service are stored, this includes voicemails and AI translations if selected. No data is shared with any third parties unless by court order.
• Usage data: logs of calls made including date, time, duration, and destination number. This is used during diagnostics and for global legal requirements. No data is shared with any third parties unless by court order.
• Technical data: IP addresses, browser type, and session information collected automatically when you use our website or portal.
• Support data: any information you share when contacting our support team.

3. How We Use Your Data

We use your personal data for the following purposes and legal bases:

• To provide our service (contract performance) — provisioning your phone lines, managing your subscription, processing payments.
• To communicate with you (contract performance & legitimate interests) — sending invoices, service notifications, payment reminders, and support responses.
• To comply with legal obligations — retaining financial records, responding to lawful requests from regulatory bodies.
• Fraud prevention and security (legitimate interests) — monitoring for abuse, rate limiting, and protecting our infrastructure.
• Service improvement (legitimate interests) — analysing anonymised usage patterns to improve the platform.

We do not use your data for marketing to third parties, sell your data, or make automated decisions about you with significant legal effect.

4. Third Parties

We share your data only where necessary, with the following processors:

• Stripe Inc. — payment processing. Data transferred under Standard Contractual Clauses. Stripe Privacy Policy →
• Twilio SendGrid — transactional email delivery. SendGrid Privacy Policy →
• Our hosting provider — server infrastructure located in the UK/EU. Data is not transferred outside the UK/EEA without appropriate safeguards.

We do not use advertising networks or sell data to third parties.

5. Data Retention

• Account data: retained for the duration of your subscription and for 7 years afterwards for financial and legal compliance (HMRC requirements).
• Call recordings: automatically deleted after 90 days unless you download them first.
• Call logs: retained for 12 months.
• Technical/security logs: retained for up to 90 days.
• You may request earlier deletion of your account data; where a legal retention obligation applies we will explain why deletion is not immediately possible.

6. Your Rights

Under UK GDPR you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate data.
• Right to erasure — request deletion of your data (subject to legal retention requirements).
• Right to restriction — ask us to limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a machine-readable format.
• Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@procall365.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. Security

We protect your data using industry-standard measures: HTTPS/TLS encryption in transit, encrypted passwords (bcrypt), database access controls, and regular security reviews. Stripe handles all payment card data; we never store raw card numbers.

If we become aware of a data breach that poses a risk to your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.

8. Cookies

We use only essential cookies necessary for the service to function:

• Session cookie — maintains your login session. Expires when you close your browser or after 24 hours of inactivity.
• CSRF token cookie — protects form submissions against cross-site request forgery. Session-scoped.

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. Our website does not display a cookie consent banner because we only use strictly necessary cookies, which are exempt from consent requirements under PECR.

9. Contact Us

For any privacy-related questions, data subject requests, or complaints, please contact:

ProCall365 — Data Protection
Email: support@procall365.com

We aim to respond to all data requests within 30 days. If you are not satisfied with our response, you may complain to the ICO.