Privacy Policy

Last Updated: March 14, 2024

1. Introduction

Welcome to iMash.io (“iMash.io,” “we,” “us,” or “our”). We are headquartered in Miami, Florida, and provide advanced Voice AI Services, SIP (Session Initiation Protocol) services, and comprehensive omnichannel communication solutions (collectively, the “Services”).

Protecting your privacy and the security of your personal information is a top priority for iMash.io Inc. This Privacy Policy explains how we collect, use, share, retain, and protect your information when you visit our website (www.imash.io), use our platform, or interact with our Services. It also describes your choices and rights regarding your personal information.

This Privacy Policy applies to iMash.io Inc. and all its operations. By accessing our website or using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein. If you do not agree with this policy, please do not access our website or use our Services.

2. Information We Collect

We collect various types of information to provide, maintain, and improve our Services. The types of information we collect depend on how you interact with us:

• a. Information You Provide Directly: When you register for an account, use our Services, request support, subscribe to communications, or otherwise interact with us, you may voluntarily provide us with personally identifiable information (“Personal Data”), including but not limited to:
  • Contact Information: First name, last name, email address, phone number.
  • Account Information: Username, password, account preferences.
  • Billing Information: While we typically use third-party payment processors (see Section 6), we may collect necessary information to facilitate transactions, such as billing address (Street Address, City, State, Province, ZIP/Postal code).
  • Communications: Information provided when you contact us for support, provide feedback, or participate in surveys.
  • Service Configuration Data: Information you provide to configure the Services, such as SIP credentials or omnichannel routing rules (handled with strict security).
• b. Information Collected Automatically (Usage Data): When you access our website or use our Services, we automatically collect certain information about your device and interaction with our Services (“Usage Data”):
  • Device Information: IP address, device type, unique device identifiers, operating system, browser type, browser version.
  • Log & Usage Data: Pages visited on our Service, time and date of visit, time spent on pages, referring/exit pages, clickstream data, feature usage, error logs, and other diagnostic data.
  • Mobile Device Data: If accessing via a mobile device, we may collect device type, unique ID, IP address, operating system, mobile internet browser type, and other diagnostic data.
• c. Location Data: With your explicit permission (usually through your browser or device settings), we may collect, use, and store information about your precise or approximate location (“Location Data”). This helps us provide location-based features, personalize, and improve the Services. You can enable or disable location services at any time through your device settings.
• d. Cookies and Tracking Technologies: We use cookies, web beacons, tags, scripts, and similar technologies to track activity on our Services, hold certain information, analyze trends, administer the website, and gather demographic information.
  • What are Cookies: Small files stored on your device containing data, potentially including an anonymous unique identifier.
  • How We Use Them:
    • Session Cookies: Necessary to operate our Service.
    • Preference Cookies: Remember your settings and preferences.
    • Security Cookies: Enhance security features.
    • Analytics Cookies: Help us understand how our Service is used.
    • Advertising Cookies: May be used (by us or third parties) to serve ads relevant to your interests (subject to your consent where required).
  • Your Choices: You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, disabling cookies may prevent you from using some parts of our Service.
• e. Data Processed on Behalf of Customers (Processor Role): When providing our Voice AI, SIP, and Omnichannel Services, we may process communication content and associated metadata (e.g., call logs, message content, AI interaction transcripts) solely on behalf of our business customers and according to their instructions. This data is governed by the agreements (including any Data Processing Addendums – DPAs) between iMash.io and our customers. This Privacy Policy primarily covers the data iMash.io collects for its own purposes as a data controller.

3. How We Use Your Information

iMash.io uses the collected information for various legitimate business purposes, including:

• To provide, operate, maintain, and improve our Services.
• To fulfill the purpose for which you provided the information (e.g., setting up your account, processing transactions).
• To personalize your experience with our Services.
• To manage your account, including sending notices about your subscription, renewals, invoices, and instructions.
• To allow participation in interactive features when you choose to do so.
• To provide customer support and respond to your inquiries.
• To communicate with you, including sending service updates, security alerts, technical notices, and administrative messages.
• To send you news, newsletters, special offers, marketing communications, and general information about other goods, services, and events similar to those you have already purchased or inquired about (unless you have opted out). You can opt-out following the unsubscribe link or instructions in the communication.
• To monitor and analyze usage patterns, trends, and activities in connection with our Services for improvement and optimization.
• To detect, prevent, investigate, and address technical issues, fraud, or security breaches.
• To enforce our terms and conditions, carry out our obligations, and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To comply with legal obligations and respond to lawful requests from public authorities.
• For any other purpose disclosed to you when you provide the information.
• For any other purpose with your explicit consent.

4. How We Share and Disclose Information

iMash.io does not sell, rent, or lease your Personal Data to third parties for their marketing purposes. We may share or disclose your information in the following circumstances:

• a. Service Providers: We employ third-party companies and individuals (“Service Providers”) to facilitate our Services, provide Services on our behalf, perform Service-related tasks (e.g., payment processing, data storage, analytics, customer support, email delivery), or assist us in analyzing how our Services are used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose. Examples include:
  • Analytics: Google Analytics, Cloudflare Analytics, Segment.io, Mixpanel, PostHog (subject to change).
  • Payment Processing: Stripe (or similar PCI-DSS compliant processors).
  • Cloud Hosting & Infrastructure: Providers like AWS, Google Cloud, Azure (subject to change).
  • Communication Tools: Email delivery services, support ticketing systems.
    You can request an updated list of major Service Providers by contacting us (see Section 12).
• b. Business Transfers: If iMash.io Inc. or its subsidiaries are involved in a merger, acquisition, asset sale, financing, or bankruptcy, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.
• c. Legal Requirements: We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, law enforcement) or in the good faith belief that such action is necessary to:
  • Comply with a legal obligation or legal process.
  • Protect and defend the rights, property, or safety of iMash.io Inc., our customers, or the public.
  • Prevent or investigate possible wrongdoing in connection with the Services.
  • Act under exigent circumstances to protect the personal safety of users or the public.
• d. Subsidiaries and Affiliates: We may share information with our current or future subsidiaries and affiliates for purposes consistent with this Privacy Policy.
• e. With Your Consent: We may disclose your Personal Data for any other purpose with your explicit consent.
• f. Aggregated or De-identified Data: We may share aggregated or de-identified information, which cannot reasonably be used to identify you, for various purposes, including analysis, research, and reporting.

5. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, including providing the Services, resolving disputes, enforcing our legal agreements and policies, and complying with our legal obligations (e.g., retaining data to comply with applicable tax or accounting laws).

Usage Data is generally retained for a shorter period for internal analysis purposes, unless it is needed to strengthen security, improve Service functionality, or we are legally obligated to retain it for longer periods.

When retention is no longer necessary, we will securely delete or anonymize your Personal Data.

6. Data Security

We take the security of your data seriously and implement reasonable administrative, technical, and physical safeguards designed to protect your Personal Data from unauthorized access, use, disclosure, alteration, or destruction. These measures may include encryption, access controls, and secure development practices.

However, please understand that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

7. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

iMash.io Inc. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. We will not transfer your Personal Data to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information (e.g., by using Standard Contractual Clauses where applicable for transfers from the EEA/UK).

8. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your Personal Data. We aim to take reasonable steps to allow you to exercise these rights:

• a. General Rights:
  • Access: Request access to the Personal Data we hold about you.
  • Correction (Rectification): Request correction of inaccurate or incomplete Personal Data.
  • Deletion (Erasure): Request deletion of your Personal Data, subject to certain exceptions.
  • Restriction: Request restriction of the processing of your Personal Data.
  • Objection: Object to our processing of your Personal Data based on legitimate interests.
  • Data Portability: Request a copy of your Personal Data in a structured, machine-readable format.
  • Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data.
• b. Specific Rights under GDPR (for EU/EEA Residents): If you are a resident of the European Union (EU) or European Economic Area (EEA), you have the rights listed above under the General Data Protection Regulation (GDPR). You also have the right to lodge a complaint with a Data Protection Authority in the EEA.
• c. Specific Rights under CCPA/CPRA (for California Residents): If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights:
  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources, the purposes for collecting/selling/sharing, and the categories of third parties involved (up to twice in a 12-month period, generally covering the preceding 12 months).
  • Right to Delete: Request deletion of your personal information, subject to exceptions outlined below.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not “sell” personal information in the traditional sense (exchanging data for money). However, under CCPA/CPRA’s broad definition, some data sharing, particularly related to third-party analytics or advertising cookies, might be considered a “sale” or “sharing” (for cross-context behavioral advertising). You have the right to opt-out of such activities. You can typically manage cookie preferences through your browser settings or our cookie consent tool (if applicable). You can also formally request to opt-out by contacting us (see below) with the subject “Do Not Sell or Share My Personal Information.”
  • Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information (as defined by CPRA), you have the right to limit its use to necessary purposes (e.g., providing the services requested).
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
  • Exceptions to Deletion: We may deny your deletion request if retaining the information is necessary for us or our service providers to:
    • Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship, or otherwise perform a contract between you and us.
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible.
    • Debug products to identify and repair errors that impair existing intended functionality.
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest.
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
    • Comply with a legal obligation.
    • Otherwise use your personal information internally, in a lawful manner compatible with the context in which you provided it.
• d. Exercising Your Rights: To exercise any of these rights, please contact us at privacy@imash.io. Please specify the right you wish to exercise and provide sufficient information to allow us to verify your identity. We may request additional information for verification purposes. We will respond to verifiable requests within the timeframes required by applicable law.
• e. “Do Not Track” Signals: Some web browsers incorporate a “Do Not Track” (DNT) feature. At this time, iMash.io does not respond to DNT signals as there is no universally accepted standard for how to interpret them. We will continue to evaluate DNT protocols and may adopt a standard once one is created.

9. Children’s Privacy

Our Services are not intended for individuals under the age of 13 (or a higher age threshold if required by applicable law, such as 16 in the EEA). We do not knowingly collect Personal Data from children under this age threshold. If we become aware that we have inadvertently collected Personal Data from a child without verifiable parental consent, we will take steps to delete that information from our servers as soon as possible. If you believe we might have any information from or about a child, please contact us at privacy@imash.io.

10. Third-Party Links and Services

Our Services may contain links to other websites or services not operated or controlled by iMash.io (“Third-Party Sites”). The information practices of those Third-Party Sites are governed by their own privacy policies. We encourage you to review the privacy policy of any Third-Party Site you visit. We do not endorse and are not responsible for the content, privacy policies, or practices of any Third-Party Sites or services.

11. Changes to This Privacy Policy

iMash.io reserves the right to update or change this Privacy Policy from time to time. We will notify you of any significant changes by sending a notice to the primary email address specified in your account, by placing a prominent notice on our website, and/or by updating the “Last Updated” date at the top of this Privacy Policy. Your continued use of the website or Services after we post any modifications constitutes your acknowledgment of the changes and your consent to abide and be bound by the modified Privacy Policy. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us:

iMash.io Inc.
Attn: Privacy Officer
Email: privacy@imash.io