1. Introduction

This Privacy Policy is incorporated by reference into the MSA. For information about how we process personal data on behalf of our Clients, please refer to our Data Processing Agreement at nomorobo.com/business/dpa.

2. Information We Collect

2.1 Client Account Information

Business name, contact information (names, email addresses, phone numbers), billing information, and business identifiers provided during account setup and administration.

2.2 Service Usage Data

API query volumes, query patterns, response times, error rates, and performance metrics related to Client's use of the Services.

2.3 Technical Data

IP addresses, API keys, integration configurations, system logs, and device/browser information when accessing Nomorobo portals or dashboards.

2.4 Phone Number Data

Phone numbers submitted by Clients for reputation lookup, spam scoring, or call blocking identification. This data is processed as set forth in the applicable DPA.

2.5 Communications

Records of communications between Client and Nomorobo, including support tickets, emails, and meeting notes.

3. How We Use Information

We use the information collected to:

• Provide, maintain, and improve the Services
• Process API queries and deliver reputation/spam scoring data
• Monitor and optimize service performance and reliability
• Generate usage reports and invoices
• Provide technical support and onboarding assistance
• Communicate service updates, maintenance schedules, and security notices
• Comply with legal obligations and enforce our agreements
• Develop and improve our algorithms, models, and data sets using anonymized and aggregated data
• Detect, prevent, and address fraud, security issues, and technical problems

4. Data Sharing and Disclosure

We may share information with:

4.1 Service Providers

Third-party vendors who assist in providing the Services (e.g., cloud hosting, analytics, customer support tools), subject to confidentiality obligations no less protective than those in our agreements with Clients.

4.2 Legal Requirements

When required by law, regulation, legal process, or governmental request.

4.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, with notice to affected Clients.

4.4 With Client's Consent

When the Client has given explicit written authorization.

5. Data Security

We maintain administrative, technical, and physical safeguards designed to protect information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and authentication requirements
• Regular security assessments and penetration testing
• Employee security training and background checks
• Incident response and data breach notification procedures
• Adherence to industry standards (SOC 2 Type II, or equivalent)

Additional security details are set forth in the DPA at nomorobo.com/business/dpa.

6. Data Retention

• Client account information: retained for the duration of the business relationship plus 2 years for legal and audit purposes
• API query data: retained for up to 30 days for operational purposes, then purged unless a longer retention is required for billing or legal compliance
• Service usage and performance data: retained in anonymized/aggregated form for analytics and service improvement; identifiable usage data retained for 12 months
• Communications: retained for the duration of the business relationship plus 1 year
• Upon termination: data is handled as set forth in the DPA and MSA

7. Data Location

All data is stored and processed within the United States. We do not transfer Client data outside the United States without prior written consent.

8. Client Rights

Clients may:

• Request access to their account information
• Request correction of inaccurate information
• Request deletion of their data (subject to legal retention requirements)
• Export their account data in a standard format
• Designate authorized personnel for data-related requests

Requests should be directed to privacy@nomorobo.com.

9. Subprocessors

We use third-party subprocessors to help deliver the Services. A current list of subprocessors is maintained and available upon request. We will notify Clients at least 30 days in advance of engaging new subprocessors that process Client data, per the DPA.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated with at least 30 days written notice. Continued use of the Services after the notice period constitutes acceptance. If Client objects, termination rights are as set forth in the MSA.

11. Contact Information

For privacy-related inquiries:

For data processing matters, refer to the DPA at nomorobo.com/business/dpa.