Privacy Policy
Version: 1.0 | Effective Date: March 12, 2026 | Last Updated: March 12, 2026
Table of Contents
- Introduction and Scope
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- International Data Transfers
- Data Retention and Deletion
- Your Privacy Rights and Choices
- GDPR-Specific Provisions
- CCPA and California Privacy Rights
- LGPD and Brazilian Privacy Rights
- Security and Data Protection
- Cookies and Tracking Technologies
- Third-Party Links and Services
- Children's Privacy
- Marketing Communications
- Contact Us and Privacy Requests
- Policy Updates
- Data Retention Summary
- Google API Services Disclosure
1. Introduction and Scope
This Privacy Policy ("Policy") explains how Ansuken LLC, a Florida limited liability company ("Company," "we," "us," "our," or "Ansuken"), collects, uses, discloses, retains, and otherwise processes personal data in connection with the Vortex CX platform (the "Platform").
1.1 Our Role
For Platform Users: Ansuken is the data controller — you authorize us to process your account information.
For Client Contacts (your customers/clients): Ansuken acts as a data processor on your behalf. You are the data controller responsible for their Client Data. Our processing is governed by your instructions only.
1.2 Important Notice Regarding Client Data
If you are using the Platform to manage communications with your own clients or customers, you (the User) are responsible for:
- Obtaining necessary consents from individuals whose data is processed
- Providing privacy notices to those individuals
- Ensuring legal basis for processing
- Complying with all data protection laws (GDPR, CCPA, LGPD, etc.)
Ansuken processes Client Data only as your data processor and will comply with a Data Processing Addendum (DPA) upon request.
2. Information We Collect
2.1 Account Registration Information
When you create an Ansuken account, we collect:
- Identity Information: Name, email address, phone number, company name, job title
- Account Credentials: Username, password (hashed and encrypted), authentication factors
- Profile Information: Company industry, company size, website, location, business description
- Verification Information: Government-issued ID, business license, tax identification number (if required)
2.2 Communication and Usage Data
As you use the Platform, we collect:
Messages and Communications
- Content of messages sent through WhatsApp, SMS, email, and voice channels
- Message metadata (timestamp, sender, recipient, delivery status, message type)
- Call recordings and transcriptions (audio converted to text via Deepgram)
- Email content and attachments
- Calendar events and booking information
Contact Data
- Names, phone numbers, email addresses of your Client Contacts
- Physical addresses (entered via Google Maps Places API autocomplete or manually)
- Contact history and relationship data
- Contact tags, custom fields, and user-defined metadata
- Communication preferences and opt-out status
Platform Usage
- Features accessed and frequency of use
- Workflow configurations and automation rules
- CRM integration data and synchronization logs
- API calls and integration activity
- Campaign and landing page performance metrics
- Login information and session data
2.3 Device and Technical Information
We automatically collect:
- IP address and location (approximate)
- Device type, operating system, and browser information
- Unique device identifiers
- Log data (errors, performance metrics, access times)
- Cookies and similar tracking technologies
- Internet service provider (ISP) information
- Referring website information
2.4 Payment and Transaction Information
- Billing name, address, email, phone number
- Credit card information (processed by third-party payment processors; we do not store full card numbers)
- Invoice and billing history
- Subscription tier and features
- Transaction amount and date
- Payment method
2.5 Third-Party Integration Data
When you connect third-party services to the Platform, we collect:
- OAuth tokens and API credentials (encrypted)
- Data synced from connected CRM systems
- Google Workspace data (emails, calendar events, contacts)
- Telnyx account information (phone numbers, SMS/voice logs)
- Meta/Facebook integration data (WhatsApp Business Account information)
- Other third-party service data as configured
2.6 Customer Support and Communications
- Support tickets, emails, and chat conversations
- Feedback and survey responses
- Feature requests and bug reports
- Call recordings of support conversations (with your consent)
- Complaint and dispute information
2.7 Data We Do NOT Collect or Store by Default
The Platform uses in-flight data processing, meaning:
- We process data in memory during operations
- We do not store transcriptions by default (they are deleted after use unless you explicitly save them)
- We do not store payment card data
- We do not store API credentials for third-party services in plaintext
- We delete temporary processing data after session completion
You may configure the Platform to store any of the above if your business requirements demand it. Such storage requires explicit activation and will be clearly indicated in your account settings.
3. How We Use Your Information
3.1 To Provide Platform Services
We use your information to:
- Maintain and support your account
- Deliver omnichannel messaging, automation, and CRM functionality
- Process and synchronize data with integrated systems
- Deliver transcriptions and sentiment analysis
- Generate communication reports and analytics
- Provide customer support and troubleshooting
- Handle billing, payments, and refunds
- Maintain security and prevent fraud
3.2 To Improve and Develop the Platform
- Analyze usage patterns to identify popular features
- Monitor system performance and reliability
- Identify and fix bugs and errors
- Develop new features and improvements
- Conduct A/B testing and feature experiments
- Understand user needs and preferences
- Gather aggregated, anonymized analytics
Important: We use aggregated and anonymized data only. We do not identify you or your Client Contacts in improvement activities.
3.3 For Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Enforce our Terms of Service and other agreements
- Comply with legal obligations and court orders
- Respond to government inquiries and investigations
- Maintain audit trails and compliance records
- Verify user identity and prevent account takeover
- Block malicious activity and protect the Platform
3.4 For Communications
We use your contact information to:
- Send service updates, maintenance notices, and status alerts
- Respond to your customer support requests
- Send billing invoices and payment reminders
- Notify you of policy changes and Terms of Service updates
- Send product announcements and feature releases
- Deliver marketing communications (only with your consent)
- Conduct surveys and gather feedback
3.5 Legal Basis for Processing (GDPR and International)
| Purpose | Legal Basis | Applies To |
|---|---|---|
| Contract Performance | You have requested services | All Users |
| Legal Obligation | Compliance with laws | All Users |
| Legitimate Interest | Platform improvement, fraud prevention | All Users |
| Consent | Marketing emails, optional features | Users who consent |
| Data Controller Instructions | Processing per your instructions | Client Data (when you are controller) |
For Client Data, you as the data controller are responsible for establishing legal basis (consent, contract, legitimate interest, legal obligation, etc.).
4. How We Share Your Information
4.1 We DO NOT Sell Your Data
We do not sell, rent, license, or otherwise commercially trade your personal information to third parties. This applies to both User data and Client Data.
4.2 Sub-Processors and Service Providers
We share information with the following third-party service providers who act as processors and are bound by confidentiality agreements and Data Processing Addendums:
Communication Infrastructure
- Telnyx — SMS and voice messaging services
- Google Workspace (Gmail API) — Email send and receive via OAuth 2.0. The Platform reads incoming email from connected Gmail accounts and sends email on the user's behalf through the Gmail API. Email content is processed through the AI extraction pipeline to identify structured data points. Only the minimum required OAuth scopes are requested (gmail.send, gmail.readonly).
- Meta Platforms (WhatsApp) — WhatsApp Business messaging integration
Location and Address Services
- Google Maps Platform (Places API) — Address autocomplete and validation for contact records. When agents enter an address, the Platform sends partial address text to the Google Places API to retrieve validated address suggestions. Only the selected address is stored on the contact record. No location tracking or geolocation of users is performed.
Data Processing and Transcription
- Deepgram — Speech-to-text transcription and audio processing
- Google Cloud — Data processing, storage, and analytics infrastructure
Hosting and Infrastructure
- Hostinger — Virtual server hosting and VPS services
- Supabase — Database, authentication, and real-time features
Payment Processing
- Stripe or equivalent payment processor — Credit card processing (PCI-DSS compliant; we do not store full card numbers)
Each sub-processor signs a Data Processing Addendum committing to process data only as instructed, maintain appropriate security measures, assist with data subject rights requests, delete data upon contract termination, and restrict further sub-processing.
4.3 User-Initiated Sharing
We share information when you explicitly request: exporting data from the Platform, syncing with your CRM or business systems, sharing access with team members, third-party app authorization, or public landing page/campaign data (as configured).
4.4 Legal Obligations and Law Enforcement
We may disclose personal information if required by court orders, subpoenas, or legal process; government agencies or regulatory bodies; law enforcement investigations; or applicable laws and regulations.
Our Commitment: We will provide the minimum information required and will attempt to notify you of legal requests when permitted by law.
4.5 Business Transfers
If Ansuken is acquired, merged with another company, or its assets are sold, personal information may be transferred as part of the transaction. We will notify you of any change in control and any choices you may have regarding your information. Your rights under this Policy will be maintained or improved.
5. International Data Transfers
Ansuken's primary infrastructure is located in the United States. By using the Platform, you consent to the transfer of your information to the United States and other countries where Company or its service providers operate.
5.1 GDPR Data Transfers
For EU Users: We implement safeguards including Standard Contractual Clauses (SCCs) in our Data Processing Addendum, supplementary measures (encryption, access controls), and minimized data transfers.
If you are in the EU and object to transfers to the US, you may request data remain in EU infrastructure (subject to premium pricing and service limitations).
5.2 LGPD and Latin American Data Transfers
For Brazil and Latin America: We comply with the Lei Geral de Proteção de Dados (LGPD) and similar regional laws. We establish appropriate legal bases for international transfers and honor all LGPD data subject rights.
6. Data Retention and Deletion
6.1 Retention Periods
- User Account Data: Retained while account is active. Inactive accounts (180+ days) may be deactivated with notice. Deleted accounts purged within 30 days unless legally required.
- Communication Data: 90 days default (base tier). Extended retention available by subscription tier (up to 7 years). Call recordings: 30 days default.
- Contact and Client Data: Retained per your business needs. Deleted upon account termination (30-day recovery window).
- Payment and Billing: Retained for 7 years (tax/accounting requirements).
- Support Communications: Retained for 3 years for dispute resolution.
- Security Logs: Retained for 2 years.
6.2 Deletion Rights
You may request deletion of your data at any time by contacting privacy@vortex-cx.com with "Data Deletion Request." Deletion requests will be processed within 30 days.
7. Your Privacy Rights and Choices
You have the right to:
- Access: Request a copy of all personal information we hold about you
- Correct: Update your information in account settings or request corrections
- Delete: Request deletion of your personal data
- Portability: Receive your data in CSV, JSON, or XML format
- Restrict Processing: Limit how we process your data
- Withdraw Consent: Withdraw consent for marketing communications at any time
- Object: Object to processing based on legitimate interest
- Automated Decisions: Not be subject to automated decision-making for critical decisions
For all privacy requests, contact privacy@vortex-cx.com. We will respond within 30 days.
Filing a Complaint
If you believe we have violated your privacy rights:
- Contact us first: privacy@vortex-cx.com
- File a complaint with your local data protection authority (EU: your national DPA; California: CPPA; Brazil: ANPD)
8. GDPR-Specific Provisions
For EU Users subject to GDPR, a Data Processing Addendum (DPA) is available and will be executed before processing personal data of EU residents. The DPA covers data controller/processor roles, sub-processor management, data subject rights assistance, security measures, audit rights, breach notification, and data return/deletion upon termination.
Request DPA: dpa@vortex-cx.com
Data Protection Officer: dpo@vortex-cx.com
9. CCPA and California Privacy Rights
If you are a California resident, you have the right to:
- Right to Know: Request what personal information we collect, use, and share (response within 45 days)
- Right to Delete: Request deletion of personal information (response within 45 days)
- Right to Opt-Out: We do not sell or share your information; this right is not applicable
- Right to Correct: Request correction of inaccurate personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights
10. LGPD and Brazilian Privacy Rights
If you are a Brazil data subject, you have rights under LGPD including access, rectification, deletion, objection, data portability, and the right not to be subject to automated profiling. Processing is based on contract performance, legal obligation, legitimate interest, and consent.
Contact: privacy@vortex-cx.com for LGPD inquiries.
11. Security and Data Protection
We implement industry-standard security measures including:
- Encryption of data in transit (TLS/SSL 1.2 or higher)
- Encryption of sensitive data at rest (AES-256 or equivalent)
- Secure hashing of passwords (bcrypt or better)
- API token encryption and secure storage
- Least privilege access controls
- Regular security patching, vulnerability scanning, and penetration testing
- DDoS protection and rate limiting
- Incident response procedures
We will notify you without undue delay (generally within 72 hours) if a confirmed security breach results in unauthorized access to your personal data.
12. Cookies and Tracking Technologies
- Essential Cookies: Session, CSRF protection, security — cannot be disabled
- Analytics Cookies: Performance metrics, aggregated and anonymized
- Preference Cookies: Interface customization and display preferences
We do not set third-party tracking cookies from advertisers or ad networks. We honor Do Not Track (DNT) signals by limiting analytics cookies.
13. Third-Party Links and Services
The Platform may contain links to external websites. We are not responsible for their privacy practices, content, or security. Review third-party privacy policies before providing information.
14. Children's Privacy
The Platform is not intended for individuals under 18 years old. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it promptly and notify parents/guardians. We comply with COPPA.
15. Marketing Communications
Service communications (account notifications, billing, security alerts, policy changes) do not require consent.
Marketing communications (product announcements, promotions, newsletters) require your opt-in consent. By default, you are opt-out. To unsubscribe: click the link in any marketing email, update account settings, or email marketing@vortex-cx.com. Processed within 10 business days.
16. Contact Us
- General Privacy: privacy@vortex-cx.com
- Data Requests (Access/Deletion/Portability): privacy@vortex-cx.com (response within 30 days)
- GDPR/DPA: dpo@vortex-cx.com
- CCPA Requests: privacy@vortex-cx.com
- Security Issues: security@vortex-cx.com
Mailing Address:
Ansuken LLC
Florida, United States
17. Policy Updates
We may update this Policy to reflect changes in privacy law, our practices, or technical improvements. Significant changes require your affirmative acceptance before taking effect. Non-material changes are effective immediately. If you disagree with material changes, you may terminate your account within 30 days.
18. Data Retention Summary
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| User Account Info | During active use | Contract |
| Messages/Communications | 90 days (default) | Your choice |
| Call Recordings | 30 days (default) | Your choice |
| Transcriptions | 90 days (default) | Your choice |
| Contacts | During active use | Your choice |
| Billing Records | 7 years | Tax law |
| Support Tickets | 3 years | Dispute resolution |
| Security Logs | 2 years | Security/fraud |
| Audit Trails | 2 years | Compliance |
| Marketing Emails | Until unsubscribe | Consent |
Google API Services Disclosure
Vortex CX's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Gmail API
When you connect a Gmail account to Vortex CX via OAuth 2.0, the Platform:
- Reads incoming email from your Gmail account to display it in the unified inbox alongside other communication channels
- Sends email on your behalf through the Gmail API when you compose and send messages within the Platform
- Processes email content through the AI extraction pipeline to identify structured data (contact details, dates, commitments) for CRM data capture
Limited Use disclosure: Vortex CX only uses Gmail data for the purposes described above — providing the unified communication service you authorized. We do not use Gmail data for advertising, do not allow humans to read your email content (except the authorized agents on your account), and do not transfer Gmail data to third parties except as necessary to provide the service (e.g., AI extraction processing). Gmail data is subject to the same PII vault protections, encryption, and tenant isolation described in this Privacy Policy.
Google Maps Platform
Vortex CX uses the Google Maps Places API for address autocomplete when agents enter contact addresses. Address queries are sent to Google to retrieve validated suggestions. Only the selected address is stored. No continuous location tracking or user geolocation is performed. Usage is governed by the Google Maps Platform Terms of Service.
For questions about this Privacy Policy, please contact: privacy@vortex-cx.com