Customer Data Privacy Protection

This Customer Data Privacy Protection Policy explains how Ringnity handles personal data and customer content when organizations use the platform for chat, voice calls, video calls, PSTN, AI assistance, recordings, analytics, SDKs, APIs, and support operations.

This policy is designed for a business communication platform operating in Indonesia and should be read together with the Terms of Service, commercial order forms, data processing terms, and any customer-specific agreement.

For account, billing, website, sales, support, and platform administration data, Ringnity may act as a personal data controller because Ringnity determines the purposes and means of that processing.

For Customer Content processed inside a customer's tenant, such as visitor chats, call recordings, transcripts, contact records, knowledge base files, and agent activity, Ringnity generally acts as a processor or service provider on behalf of the customer.

The customer remains responsible for deciding what personal data is collected from its end users, why it is collected, how long it should be retained, and whether the required notices and consents have been obtained.

Account data may include company name, tenant slug, admin name, business email, phone number, billing details, plan information, authentication events, and support requests.

Customer Content may include visitor identity, chat messages, call metadata, voice/video session data, PSTN numbers, recordings, transcripts, uploaded files, contact lists, tags, notes, routing history, knowledge base documents, and AI interaction logs.

Technical data may include IP address, browser type, device information, SDK version, domain allowlist, logs, error reports, webhook delivery events, API usage, and security audit events.

Ringnity processes data to provide the service, authenticate users, route conversations, deliver chat and calls, support AI features, generate reports, maintain billing, troubleshoot issues, secure the platform, prevent abuse, and meet legal obligations.

Ringnity does not sell Customer Content. Ringnity does not use Customer Content for unrelated advertising profiles.

When AI features are enabled, Customer Content and knowledge base material may be sent to AI providers, including OpenAI, to generate responses, process realtime voice interactions, search knowledge, or support AI-assisted workflows.

Customers should not upload sensitive personal data, secrets, financial credentials, medical records, or regulated information into AI knowledge bases unless their agreement, security review, and legal basis permit that processing.

Customers are responsible for reviewing AI output, setting agent handoff rules, defining knowledge boundaries, and informing end users when AI is used where required by applicable law or customer policy.

When recording, transcript, monitoring, or analytics features are enabled, Ringnity may process voice, video, chat, metadata, agent activity, queue status, and call outcome data.

Customers must provide appropriate notices and obtain required consent before recording or monitoring conversations. Customers should configure retention, access permissions, and download controls according to their internal policy.

Ringnity may use trusted infrastructure, telecom, payment, analytics, messaging, email, storage, security, and AI providers to operate the service.

Subprocessors are used only to support service delivery, security, billing, communications, or customer support. Ringnity requires reasonable confidentiality and data protection commitments from subprocessors according to their role.

Customer data may also be disclosed if required by law, court order, regulator request, emergency safety need, or to enforce platform security and service terms.

Some providers or systems may process data outside Indonesia. Where cross-border transfer is required, Ringnity aims to use safeguards appropriate to the transfer, including contractual commitments, provider security controls, and customer instructions.

Customers with strict data residency, regulated industry, or government requirements should request a separate review before enabling AI, PSTN, recording, or external integrations.

Ringnity applies reasonable security controls such as TLS for transport, tenant separation, role-based access, credential protection, domain allowlisting, API authentication, operational logging, and controlled administrative access.

Customers must protect their own credentials, devices, browsers, backend endpoints, API keys, webhook secrets, SDK usage, and agent access. Ringnity is not responsible for customer-side misconfiguration or unauthorized sharing of credentials.

Retention depends on the active plan, customer configuration, legal requirements, backup cycles, dispute needs, security investigation needs, and operational requirements.

Customers may request deletion, export, or restriction of Customer Content according to available product controls and the applicable agreement. Some records may be retained where required for security, billing, audit, fraud prevention, or legal compliance.

Individuals may have rights to request access, correction, deletion, restriction, portability, withdrawal of consent, or objection to processing under applicable data protection law, including Indonesia's Personal Data Protection Law.

When Ringnity processes Customer Content on behalf of a customer, Ringnity may direct requests from end users to the relevant customer because the customer determines the purpose of processing.

If Ringnity becomes aware of a security incident affecting Customer Content, Ringnity will investigate, take reasonable containment steps, and notify affected customers according to applicable law and contractual commitments.

Customers should promptly notify Ringnity if they suspect credential compromise, unauthorized dashboard access, leaked API keys, webhook abuse, or improper exposure of recordings or transcripts.

Privacy, security, and data protection questions may be sent to support@ringnity.com or submitted through the Ringnity contact page.

Enterprise customers may request a Data Processing Agreement, security review, subprocessor summary, or custom retention discussion as part of onboarding.