Skip to main content

Privacy Policy

Status: DRAFT — Requires legal review before publication. Effective date: [DATE] Last updated: [DATE]

1. Introduction

This Privacy Policy describes how [LEGAL_NAME], a sole trader registered in Poland ("we", "us", "our", or "Parlacall"), collects, uses, shares, and protects your personal data when you use our browser-based international calling service at [WEBSITE_URL] (the "Service").

We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Polish Act on the Protection of Personal Data (Ustawa o ochronie danych osobowych), and other applicable data protection legislation.

This Privacy Policy applies to:

  • Users — individuals who create an account and use the Service.
  • Visitors — individuals who browse our website without creating an account.

2. Data Controller

The data controller responsible for your personal data is:

[LEGAL_NAME] [STREET_ADDRESS] [POSTAL_CODE] [CITY], Poland NIP: [NIP_NUMBER]

Email: [PRIVACY_EMAIL]

We are not required to appoint a Data Protection Officer (DPO) under GDPR Article 37, as our core activities do not consist of large-scale systematic monitoring of individuals or large-scale processing of special categories of data. However, you may direct any data protection inquiries to [PRIVACY_EMAIL].

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Data

When you create an account, we collect:

  • Name — your display name (provided during registration, or derived from your email address if not provided, or obtained from your OAuth provider during social login).
  • Email address — used for account identification, login, and transactional communications.
  • Profile image — only if provided via a third-party OAuth provider (Google or Apple).
  • Normalized email — a standardized form of your email address used solely to prevent duplicate account creation (e.g., detecting Gmail dot and plus-sign variations).
  • Account profile data — account type, account status, and milestone timestamps (e.g., date of first call, date of first top-up) used for service operation and fraud prevention.
  • User preferences — your preferred call mode, default languages, and interface locale, stored to personalize your experience.
  • OAuth tokens — if you sign in via Google or Apple, we store access tokens, refresh tokens, and ID tokens from your provider to maintain your authenticated session. These tokens are protected by database-level encryption at rest (provided by our database hosting provider, Neon) and are used solely to verify your identity.

Source: Directly from you during registration, or from your OAuth provider (Google, Apple) during social login.

3.2 Session and Security Data

When you use the Service, we automatically collect:

  • IP address — recorded with each session for security and abuse prevention.
  • User agent — your browser type and version, recorded with each session.
  • Session tokens — encrypted tokens used to maintain your authenticated session.

Retention: Sessions expire automatically after 7 days. Session records (IP, user agent) are deleted when the session expires or when your account is deleted.

3.3 Payment and Wallet Data

When you purchase call credits, we collect and store:

  • Transaction amounts — the amount of each credit purchase (in USD cents).
  • Wallet balance — your current available and reserved credit balance.
  • Ledger entries — an immutable audit trail of all balance changes (purchases, call charges, adjustments), including timestamps and descriptions.
  • Stripe session IDs — references to payment sessions for reconciliation.

What we do NOT store: We do NOT store, process, or have access to your payment card number, expiration date, CVV, or other payment method details. All payment processing is handled directly by Stripe, Inc. (PCI DSS Level 1 certified). Your payment method details never touch our servers.

Source: Transaction amounts from Stripe webhook confirmations. Balance data is computed from ledger entries.

3.4 Call Metadata

When you make calls through the Service, we collect:

  • Destination phone number — the number you are calling (stored in E.164 format).
  • Call duration — actual talk time in seconds.
  • Billed duration — duration rounded to the next 60-second increment for billing.
  • Call cost — the amount charged for the call (in USD cents).
  • Call mode — whether the call was standard or used AI translation.
  • Source and target languages — for translated calls, the languages selected.
  • Caller ID used — which outgoing number was displayed to the recipient.
  • Call status and timestamps — call state transitions (connecting, connected, ended, failed) and their timestamps.
  • End reason — why the call ended (user hangup, no answer, error, balance cutoff, etc.).
  • Country code — derived from the destination number.
  • Provider reference IDs — identifiers from our telephony provider for call reconciliation.

What we do NOT collect:

  • We do NOT record or store call audio. Your conversations are never recorded.
  • We do NOT store call transcripts or translations. AI translation is processed in real time and discarded immediately.
  • We do NOT store DTMF tones (keypad inputs) beyond detecting that they occurred.

Source: Generated during call processing from our telephony provider webhooks and internal call lifecycle tracking.

3.5 Caller ID Verification Data

When you verify a phone number as your caller ID, we collect:

  • Phone number — the number you are verifying (stored in E.164 format).
  • Verification status — pending, verified, failed, or revoked.
  • OTP code hash — the verification code is stored only as a bcrypt hash. We never store the plaintext code.
  • Verification attempt metadata — attempt count, timestamps, and expiry times.

Source: Directly from you when you initiate verification. OTP is sent to your phone via SMS.

3.6 Analytics Data

When you use the Service with analytics enabled (requires your consent), we collect pseudonymized usage data:

  • Product events — actions you take in the Service (e.g., starting a call, completing a top-up), recorded with pseudonymized metadata.
  • Page views — pages visited within the Service.
  • Pseudonymized user identifier — a stable internal account identifier (not your email or name) is used to link events across a session. Under GDPR Recital 26, pseudonymized data remains personal data because it can be attributed to a specific person using additional information held by us. We treat analytics data as personal data accordingly.

What we do NOT send to analytics:

  • Your email address (only the domain portion, e.g., "gmail.com", is included, never the full address).
  • Your phone number.
  • Your payment details.
  • Call content or translations.

We enforce this through automated static analysis tests in our codebase that prevent direct personal identifiers from being included in analytics events.

  • UTM parameters — if you arrive at our website via a marketing link containing UTM parameters (source, medium, campaign), these are captured and associated with your analytics session to help us understand which channels bring users to our Service. UTM parameters do not contain personal identifiers.

Source: Client-side event tracking via PostHog. Analytics is activated only after you provide consent via our cookie consent mechanism. Server-side analytics events (e.g., webhook processing) are also gated on consent status.

3.7 Error and Diagnostic Data

We automatically collect error data to maintain service quality:

  • Error messages and stack traces — technical details of software errors.
  • Browser and OS information — to help reproduce and fix issues.
  • Session replay on errors — when a JavaScript error occurs, we capture a replay of the browser session leading up to the error. This replay includes DOM snapshots (the visual state of the page), mouse movements, clicks, and console output. Session replays are captured ONLY when an error occurs (not during normal usage) and are used solely to diagnose and fix technical issues. Session replays do not capture text you type into password fields.

Error tracking does not include your name, email, phone number, or call content in standard error reports. Session replay data may include page content visible at the time of the error.

Legal basis: Error tracking (error messages, stack traces) is processed on the basis of our legitimate interest in maintaining a functional service (GDPR Article 6(1)(f)). Session replay, which uses browser local storage, requires your consent under Art. 399 of the Prawo komunikacji elektronicznej (ePrivacy). Session replay is activated only after you provide consent via our cookie consent mechanism.

Source: Captured by Sentry when a technical error occurs in the application.

3.8 Communication Data

When we send you transactional emails (e.g., purchase receipts, account notifications), we record:

  • Recipient email address — where the email was sent.
  • Email type and status — what was sent and whether delivery succeeded.
  • Template and reference IDs — for deduplication and audit purposes.

We do NOT send marketing emails. All emails are transactional (directly related to your use of the Service).

4. Legal Bases for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

PurposeLegal BasisGDPR Article
Account creation and authenticationPerformance of contractArt. 6(1)(b)
Processing payments and maintaining walletPerformance of contractArt. 6(1)(b)
Routing calls and providing the calling servicePerformance of contractArt. 6(1)(b)
Caller ID verification via SMSPerformance of contractArt. 6(1)(b)
Sending transactional emails (receipts, alerts)Performance of contractArt. 6(1)(b)
Fraud prevention and abuse detectionLegitimate interestArt. 6(1)(f)
Session security (IP logging, rate limiting)Legitimate interestArt. 6(1)(f)
Error tracking and service stability (Sentry)Legitimate interestArt. 6(1)(f)
Product analytics (PostHog)ConsentArt. 6(1)(a)
Retaining financial records (ledger, transactions)Legal obligationArt. 6(1)(c)
Responding to law enforcement requestsLegal obligationArt. 6(1)(c)

Legitimate interest balancing: Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. The data processed under legitimate interest is limited to what is strictly necessary for the stated purpose, is not used for profiling or automated decision-making, and is protected by appropriate technical safeguards.

5. How We Use Your Data

We use your personal data to:

  1. Provide the Service — create and manage your account, process payments, route calls, enable AI translation, and verify caller IDs.
  2. Bill accurately — calculate call costs, maintain wallet balances, and generate transaction records.
  3. Communicate with you — send transactional emails related to your account (purchase confirmations, balance alerts, security notifications).
  4. Maintain security — detect and prevent fraud, abuse, and unauthorized access through session monitoring, rate limiting, and CAPTCHA verification.
  5. Fix technical issues — identify and resolve software bugs using error tracking data.
  6. Improve the Service — analyze pseudonymized usage patterns (with your consent) to improve features, call quality, and user experience.
  7. Comply with legal obligations — maintain financial records as required by Polish tax law and respond to lawful requests from authorities.

We do NOT:

  • Sell your personal data to third parties.
  • Use your data for advertising or ad targeting.
  • Use your data for automated decision-making or profiling that produces legal effects.
  • Send you marketing emails or newsletters.

6. Data Sharing and Sub-processors

We share personal data with the following third-party processors only to the extent necessary for the stated purpose. Note: under GDPR, "personal data" includes any data that can identify a person — phone numbers and voice audio qualify, even though we never share your name or email with call-routing providers.

Sub-processorPurposeData SharedLocationSafeguards
Stripe, Inc.Payment processingTransaction amounts, wallet ID, user IDUnited StatesPCI DSS Level 1, SCCs
Telnyx LLCCall routing, SMS deliveryDestination phone number, caller ID, OTP messagesUnited StatesSCCs
Pipecat Cloud (Daily, Inc.)AI translation orchestrationReal-time audio streams, source/target language pairUnited StatesSCCs
Google LLC (Gemini AI)AI translation modelReal-time audio for speech-to-text and translation (processed via Pipecat Cloud, not stored)United StatesSCCs, DPF
Daily.co (Daily, Inc.)WebRTC call infrastructureRoom tokens, session identifiers; for Translated Calls: real-time audio streams transit Daily's infrastructureUnited StatesSCCs, DPF
PostHog, Inc.Product analytics and session recording (consent-based)Pseudonymized events, pseudonymized user ID, session recordings (page content, mouse movements, clicks — sensitive fields masked)United StatesSCCs
Functional Software, Inc. (Sentry)Error tracking and session replayError messages, stack traces, browser info; on errors: DOM snapshots, user interactions (clicks, navigation) for debuggingUnited StatesSCCs
Neon, Inc.Database hostingAll stored personal data (encrypted at rest)United StatesSCCs
Vercel, Inc.Application hosting and CDNHTTP requests (IP addresses, cookies, user agents) processed during request routingUnited StatesSCCs, DPF
Resend, Inc.Transactional email deliveryRecipient email address, email contentUnited StatesSCCs
Google LLCOAuth authenticationName, email, profile image (only during social login)United StatesSCCs, DPF
Apple Inc.OAuth authenticationName, email (only during social login)United StatesSCCs
Cloudflare, Inc.CAPTCHA (Turnstile)Challenge response tokens (no PII)United StatesSCCs, DPF

We do not share your data with any other third parties, advertisers, or data brokers.

Each sub-processor is contractually bound to process your data only as instructed by us, to implement appropriate security measures, and to delete or return your data upon termination of the processing relationship.

7. International Data Transfers

Your personal data is transferred to sub-processors located in the United States. These transfers are protected by:

  1. EU Standard Contractual Clauses (SCCs) — as adopted by the European Commission (Decision 2021/914). Each sub-processor has executed SCCs with us or maintains SCCs in their standard terms.
  2. EU-U.S. Data Privacy Framework (DPF) — where applicable, certain sub-processors (Google, Cloudflare) are certified under the DPF.
  3. Supplementary measures — including encryption in transit (TLS 1.2+), encryption at rest, access controls, and contractual obligations for data protection.

You may request copies of the applicable SCCs by contacting [PRIVACY_EMAIL].

8. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law:

Data CategoryRetention PeriodReason
Account data (name, email)Duration of account + 30 days after deletionService provision, account recovery grace period
Session data (IP, user agent)7 days (auto-expiry)Security, abuse prevention
Email verification codes1 hour (auto-expiry)One-time verification
Payment and ledger dataDuration of account + 5 yearsPolish tax law (Ordynacja podatkowa) requires retention of financial records for 5 years after the end of the tax year
Call recordsDuration of account + 5 yearsBilling disputes, financial records
Caller ID verification dataDuration of accountService feature
OTP code hashesDuration of verification attemptSecurity
Analytics data (PostHog)Per PostHog retention settings (configurable, typically 1 year)Service improvement
Error tracking data (Sentry)90 days (Sentry default)Bug resolution
Notification recordsDuration of accountAudit trail

When your account is deleted, we cascade-delete all associated data (sessions, wallet, call records, verified numbers, notifications) except:

  • Financial records (ledger entries, transaction references) — retained for the legally required period.
  • Admin audit trail entries — retained for compliance purposes (do not contain user PII beyond user ID).

9. Your Rights Under GDPR

If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data under GDPR Articles 15-22:

9.1 Right of Access (Art. 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with information about how it is processed.

9.2 Right to Rectification (Art. 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

9.3 Right to Erasure (Art. 17)

You have the right to request the deletion of your personal data where:

  • The data is no longer necessary for the purpose for which it was collected.
  • You withdraw consent (for consent-based processing) and there is no other legal basis.
  • You object to processing and there are no overriding legitimate grounds.
  • The data has been unlawfully processed.

Note: We may be unable to delete financial records during the legally required retention period (see Section 8).

9.4 Right to Restriction of Processing (Art. 18)

You have the right to request restriction of processing in certain circumstances, including when you contest the accuracy of your data or have objected to processing.

9.5 Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON), and to transmit it to another controller, where processing is based on consent or contract and is carried out by automated means.

9.6 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

9.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on your consent (analytics), you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. You can withdraw analytics consent by declining cookies via our consent mechanism.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Poland is:

Urzad Ochrony Danych Osobowych (UODO) ul. Stawki 2 00-193 Warszawa, Poland Website: https://uodo.gov.pl/ Email: kancelaria@uodo.gov.pl

You may also lodge a complaint with the supervisory authority of the EU member state in which you reside or work.

9.9 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: [PRIVACY_EMAIL]

We will respond to your request within 30 days of receipt. If your request is complex or we receive numerous requests, we may extend this period by a further 60 days, in which case we will inform you of the extension within the initial 30-day period.

We may ask you to verify your identity before processing your request. We will not charge a fee for exercising your rights, except where requests are manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse the request, with explanation).

10. Cookies and Local Storage

We use cookies and browser local storage on the Website. For full details, including the specific technologies used, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

Summary: We use strictly necessary cookies (authentication, CSRF protection) that do not require consent, and analytics technologies (PostHog via local storage) that require your consent. We do not use advertising or tracking cookies.

11. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [PRIVACY_EMAIL]. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Password hashing — passwords are stored using bcrypt hashing (never in plaintext).
  • OTP hashing — verification codes are stored as bcrypt hashes, not plaintext.
  • PII guards — automated static analysis tests prevent personal identifiers (email, phone) from being sent to analytics services.
  • Rate limiting — IP-based rate limiting on authentication and verification endpoints to prevent brute-force attacks.
  • CAPTCHA — Cloudflare Turnstile CAPTCHA on authentication endpoints to prevent automated abuse.
  • Abuse detection — disposable email detection and normalized email deduplication to prevent multi-account fraud.
  • Access controls — administrative actions are logged with audit trails including the reason for each action.
  • Payment security — payment card details are handled exclusively by Stripe (PCI DSS Level 1) and never touch our servers.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

13. Telecommunications Secrecy (Tajemnica telekomunikacyjna)

As a registered telecommunications operator in Poland, we are bound by the obligation of telecommunications secrecy (tajemnica telekomunikacyjna) under the Prawo komunikacji elektronicznej. This obligation covers:

  • The content of communications transmitted through the Service.
  • Call metadata (destination numbers, call duration, timestamps).
  • Location data (if any).
  • Attempts to establish connections.

We may only disclose information covered by telecommunications secrecy in circumstances expressly permitted by law, including lawful requests from courts, prosecutors, and authorized state authorities in accordance with applicable Polish legislation.

This obligation is in addition to, and does not replace, our obligations under GDPR as described in this Privacy Policy.

14. Automated Decision-Making

We do not use your personal data for automated individual decision-making, including profiling, that produces legal effects or similarly significantly affects you (GDPR Article 22).

The following automated processes are used but do not constitute automated decision-making under Article 22:

  • Fraud prevention — automated checks during account creation (disposable email detection, duplicate detection) that may block registration. These are security measures, not profiling. Blocked users can contact us for manual review.
  • Rate limiting — automated rate limiting based on IP address to prevent abuse. This is a security measure applied uniformly to all users.

15. Do Not Sell My Personal Information

We do not sell your personal information. We have never sold personal information and have no plans to do so. This applies regardless of your jurisdiction.

16. Complaints Procedure (Procedura reklamacyjna)

If you believe we have processed your personal data incorrectly, or you wish to file a complaint about data protection:

  1. Submit a complaint to [PRIVACY_EMAIL] with a description of the issue.
  2. We will acknowledge receipt within 14 days.
  3. We will resolve your complaint within 30 days of receipt. If we cannot resolve it within 30 days, we will inform you of the reason for the delay and the expected resolution date.
  4. If you are not satisfied with our response, you may escalate your complaint to:
    • UODO (Urzad Ochrony Danych Osobowych) for data protection matters.
    • UKE (Urzad Komunikacji Elektronicznej) for telecommunications secrecy and service-related matters.

For service-related complaints (billing disputes, call quality), please refer to the Complaints Procedure in our Terms of Service.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  1. We will update the "Last updated" date at the top of this page.
  2. We will notify registered users via email at the address associated with their account.
  3. We will post a notice on the Website.

We encourage you to review this Privacy Policy periodically. If changes affect processing based on consent, we will seek renewed consent where required. If changes affect processing based on other legal bases, the updated policy applies to processing from the effective date onward.

18. Contact Us

If you have questions about this Privacy Policy, want to exercise your data protection rights, or have a complaint about how we handle your personal data, please contact us:

Data Controller: [LEGAL_NAME] [STREET_ADDRESS] [POSTAL_CODE] [CITY], Poland

Privacy inquiries: [PRIVACY_EMAIL] General inquiries: [CONTACT_EMAIL]

DISCLAIMER: This document is a template for informational purposes. Consult with a qualified attorney specializing in EU data protection law for legal advice specific to your situation. A qualified attorney should verify compliance with GDPR, Polish data protection law, and any telecom-specific regulations (UKE — Urzad Komunikacji Elektronicznej) that may apply to your service.