PRIVACY POLICY AND DATA RIGHTS POLICY
Public privacy notice, data processing terms, AI training rights, aggregated data rights, know-how rights, and platform improvement policy for Call Center Sync.
Public Version 3.0 | Effective Date: December 6, 2025
Operator: HepnerSync
Legal and Privacy Contact: legal@callcentersync.com
Customer Notice
This Policy applies to business customers, platform users, website visitors, account administrators, customer contacts, and communications data processed in connection with CCS. It should be read together with the CCS Master Terms of Service and the CCS Annual Subscription Agreement. Customer remains responsible for its own privacy notices, consents, lawful basis, contact lists, campaign settings, communications, recordings, opt-outs, and legal compliance.
Document Index
1. Purpose, Scope, and Relationship to the Legal Framework
2. Entity Structure and Covered Services
3. Core Definitions
4. Role Allocation and Customer Responsibility Summary
5. Information We Collect
6. Sources of Information
7. Customer Data and Campaign Data
8. Contacts, Lead Lists, Recordings, Transcripts, and Communications Data
9. Telecommunications Resource and Provider Verification Data
10. Website, Cookies, Analytics, and Tracking
11. Billing, Payment, and Account Administration Data
12. Support, Consulting, MSP-Overlap, and Operational Communications
13. How We Use Information
14. Customer-Directed Communications and Multi-Channel Message Processing
15. AI Systems, AI Training, Model Improvement, and Automation Development
16. Human Review, Quality Assurance, Abuse Detection, and Safety Monitoring
17. Know-How, Residual Knowledge, and Generalized Learning Rights
18. Aggregated, De-Identified, Anonymized, Tokenized, and Derived Data
19. Benchmarking, Analytics, Product Development, and Commercialization Rights
20. Feedback, Feature Requests, Workflow Ideas, and Suggestions
21. Sharing of Information
22. Third-Party Providers, Sub processors, Carriers, and Infrastructure Vendors
23. Corporate Family, Affiliate, Contractor, and Personnel Sharing
24. Legal, Regulatory, Carrier, Provider, and Enforcement Disclosures
25. Business Transfers, Financing, Reorganization, and Successors
26. Customer Privacy Notice, Consent, Opt-Out, and Rights Responsibilities
27. Privacy Rights and Request Handling
28. California and U.S. State Privacy Notice
29. Sale, Sharing, Targeted Advertising, and Sensitive Data Disclosures
30. Email, SMS, Calling, Voice, and Multi-Channel Communications
31. Call Recordings, Transcripts, Voice Data, and Biometric Considerations
32. HIPAA, PHI, 42 CFR Part 2, Financial Data, Legal Data, and Regulated Data
33. Children, Minors, and Restricted Data
34. Retention, Deletion, Backup, and Legal Hold
35. Security Measures and Security Limitations
36. Security Incidents, Breach Response, and Notice Limits
37. International Processing and Cross-Border Transfers
38. Public Website, Marketing, Social Media, and Advertising Data
39. Employee, Contractor, Applicant, and Internal Business Data
40. Beta, Preview, Experimental, and Future AI Features
41. Data Export, Portability, Migration, and Account Closure
42. Links, Integrations, APIs, and Third-Party Services
43. Automated Processing, AI Outputs, and No Sole Reliance
44. No Privacy Advice, Compliance Advice, Legal Advice, or Security Guarantee
45. Changes to This Policy
46. Contact and Request Submission
Appendix A. Data Categories, Sources, Purposes, and Disclosures
Appendix B. Customer Data Processing Terms
Appendix C. Data Rights Summary
Appendix D. Retention Categories
Appendix E. Privacy Request Workflow
1. Purpose, Scope, and Relationship to the Legal Framework
This Privacy Policy and Data Rights Policy explains how InventorySync LLC d/b/a HepnerSync d/b/a Call Center Sync collects, uses, processes, retains, discloses, protects, analyzes, trains on, improves from, and derives value from information associated with Call Center Sync and related services.
This Policy applies to the CCS website, public pages, application, account portal, setup wizard, AI calling workflows, telecommunications setup, number provisioning workflows, email notification tools, SMS workflows, call recordings, transcripts, support communications, billing, security, analytics, integrations, APIs, documentation, and related services.
This Policy is not a stand-alone customer contract. It is incorporated into the CCS Master Terms of Service and, where applicable, the CCS Annual Subscription Agreement. If Customer accepts the Terms through clickwrap, account creation, continued use, or a signed agreement, Customer also accepts this Policy to the extent it is incorporated into those terms.
This Policy is intended to be publicly posted on the Call Center Sync website footer and linked inside the application. Customer should review it before creating an account, uploading data, provisioning numbers, launching campaigns, enabling email or SMS workflows, or signing any annual commitment.
Nothing in this Policy reduces Customer responsibilities under the Terms of Service, Annual Subscription Agreement, telecommunications authorization, campaign certification, acceptable use obligations, regulatory obligations, or applicable laws. Customer remains responsible for its own privacy notices, consumer disclosures, contact permissions, opt-out handling, call recording disclosures, and lawful basis for all communications.
2. Entity Structure and Covered Services
The operator of CCS is InventorySync LLC d/b/a HepnerSync d/b/a Call Center Sync. Call Center Sync is a software product and public brand. HepnerSync is a doing-business-as name of InventorySync LLC. Hepner Corp may own or hold interests in affiliated companies but is not automatically a contracting party unless a separate agreement expressly identifies it as such.
References to Company, we, us, or our include InventorySync LLC d/b/a HepnerSync d/b/a Call Center Sync and, where context requires, its owners, officers, managers, employees, contractors, subcontractors, representatives, affiliates, service providers, successors, and assigns.
Covered services include CCS software, AI calling tools, dashboards, account portals, campaign configuration tools, email notifications, SMS notifications, call follow-ups, support tools, integrations, APIs, number provisioning workflows, telecommunications resource setup, administrative provider workflows, analytics, security controls, documentation, training materials, and future services or features made available under the CCS brand or platform.
3. Core Definitions
Term
Meaning
Company, we, us, our
InventorySync LLC d/b/a HepnerSync d/b/a Call Center Sync and, where context requires, its authorized personnel, affiliates, owners, officers, managers, employees, contractors, subcontractors, vendors, successors, and assigns.
Call Center Sync or CCS
The Call Center Sync website, application, user portal, wizard, workflows, number provisioning workflows, AI calling tools, campaign tools, email tools, SMS tools, integrations, APIs, dashboards, documentation, and related services.
Customer, you, your
The business, organization, entity, account owner, administrator, representative, employee, contractor, agent, or user that accesses, purchases, configures, accepts, or uses CCS.
Customer Data
Contacts, phone numbers, lead lists, scripts, prompts, recordings, call logs, transcripts, CRM data, account data, billing information, email addresses, campaign information, support information, files, notes, integrations, and other materials submitted to or processed through CCS.
Customer Contact
Any individual, business, lead, prospect, customer, patient, subscriber, recipient, employee, vendor, or other person that Customer uploads, contacts, records, messages, calls, emails, or otherwise processes through CCS.
Campaign
Any outbound, inbound, automated, manual, AI-assisted, AI-generated, artificial voice, prerecorded voice, SMS, email, reminder, notification, marketing, sales, support, appointment, collections, informational, or other communication activity conducted through or in connection with CCS.
Telecommunications Resources
Telephone numbers, caller ID names, business profiles, registration profiles, carrier resources, messaging resources, calling infrastructure, AI voice resources, telecommunications accounts, verifications, workspaces, administrative profiles, and related provider resources.
Administrative Agent
The limited role in which Company may configure, procure, register, verify, purchase, manage, renew, suspend, migrate, or administer Telecommunications Resources solely for Customer convenience and at Customer direction.
Third-Party Providers
Telecommunications carriers, AI infrastructure providers, hosting providers, cloud providers, payment processors, email providers, analytics providers, security providers, data processors, support providers, and other external systems used to operate CCS.
Aggregated Data
Data combined with other data so it does not identify Customer or an individual in ordinary use.
De-Identified Data
Data processed to remove or reduce direct identifiers and used in a form that Company does not intend to use to identify a specific person.
Derived Data
Data, metrics, features, signals, classifications, outputs, learnings, statistical measures, embeddings, model-evaluation data, error patterns, and performance information derived from use of CCS.
Residual Knowledge
General knowledge, skills, techniques, ideas, processes, know-how, concepts, observations, and experience retained in the unaided memory of Company personnel after working with Customer or Customer Data, excluding intentional disclosure of Customer Confidential Information.
4. Role Allocation and Customer Responsibility Summary
Customer is the source of most Customer Data submitted to CCS. Customer determines what contact lists, lead lists, scripts, prompts, workflows, recordings, call settings, campaign settings, email messages, SMS messages, integrations, CRM data, and business information are uploaded or connected to CCS.
Customer is responsible for determining whether it may lawfully collect, upload, transmit, process, record, store, use, disclose, call, text, email, analyze, and otherwise process Customer Data and Customer Contacts through CCS. Company does not verify Customer consent, lawful basis, privacy notices, call recording notices, DNC compliance, lead source rights, unsubscribe compliance, or opt-out compliance.
For Customer Campaigns, Customer generally controls the business purpose, communications, audience, recipients, settings, timing, content, scripts, prompts, products, services, and follow-up actions. Company provides software, automation, infrastructure, administrative setup, and support tools. Customer remains responsible for privacy and legal compliance associated with Customer Campaigns.
Company may have independent rights to use information for platform operation, security, billing, quality, abuse detection, analytics, AI training, model evaluation, product improvement, evidence, enforcement, legal defense, and business continuity, as described in this Policy and the Terms.
5. Information We Collect
5.1 Account and Business Information
We may collect business names, DBA names, addresses, phone numbers, email addresses, tax or business identifiers, authorized representatives, account owners, administrators, billing contacts, legal notice contacts, technical contacts, security contacts, industry information, website URLs, business descriptions, campaign descriptions, and account credentials.
5.2 Customer Data and Campaign Information
We may collect Customer Data uploaded, connected, generated, or processed through CCS, including contacts, names, phone numbers, email addresses, lead lists, CRM records, customer records, notes, tags, segments, call dispositions, scripts, prompts, AI instructions, call transcripts, recordings, summaries, call logs, SMS content, email content, campaign metadata, call outcomes, opt-out records, consent-related records, suppression data, and support data.
5.3 Technical, Device, and Usage Data
We may collect IP addresses, device identifiers, browser data, operating system data, session data, log files, authentication events, user IDs, account IDs, workspace IDs, campaign IDs, number IDs, timestamp data, pages viewed, actions taken, feature usage, errors, performance metrics, API calls, integration events, token usage, model events, telecommunications events, security events, and troubleshooting information.
5.4 Billing and Payment Data
We may collect plan information, pricing selections, payment status, invoices, receipts, usage charges, platform fees, minute usage, number fees, tax information, chargebacks, failed payment events, collection history, and payment processor metadata. Payments may be processed through Third-Party Providers. Company does not intend to store full payment card numbers.
5.5 Support and Operational Communications
We may collect and retain emails, phone calls, chat messages, tickets, notes, screen shares, meeting notes, troubleshooting records, workflow recommendations, configuration discussions, implementation details, support recordings, quality assurance notes, and other communications between Customer and Company personnel.
5.6 Provider Verification and Telecommunications Setup Data
We may collect and process business profiles, caller ID data, number requests, registration data, provider forms, carrier feedback, verification records, administrative setup records, workspace records, number provisioning records, call labeling events, spam labeling events, rejection notices, carrier limitations, and related metadata. Where a provider requires Company-controlled administrative information, Company may process identity, account, business, or verification data necessary to operate the workflow.
5.7 Website and Marketing Data
We may collect website visits, form submissions, newsletter signups, demo requests, cookies, pixels, analytics identifiers, referral URLs, landing page interactions, marketing campaign attribution, event attendance, downloads, and communications with sales or customer success teams.
6. Sources of Information
We may collect information from Customer directly, Customer users, account administrators, Customer integrations, CRM systems, uploaded files, calls, transcripts, emails, SMS messages, support interactions, website forms, payment processors, telecommunications providers, cloud providers, AI infrastructure providers, analytics tools, security tools, fraud prevention systems, data enrichment systems, public sources, regulators, carriers, complainants, and other business or operational sources.
Customer may import information from third-party systems into CCS. Customer is responsible for ensuring that such import is permitted by the third-party system, applicable law, privacy notices, end-user permissions, contracts, and Customer's own policies.
7. Customer Data and Campaign Data
Customer Data submitted for Customer Campaigns is generally controlled by Customer. Customer decides what data to upload, how to configure campaigns, what communications to send, what prompts or scripts to use, what AI settings to apply, when to contact recipients, how to handle opt-outs, and whether communications are lawful.
Company may process Customer Data to provide CCS, administer accounts, provision Telecommunications Resources, generate AI outputs, route calls, send emails or SMS messages, support Customer, troubleshoot issues, bill usage, secure the platform, detect abuse, enforce terms, comply with provider requirements, respond to legal obligations, and improve Company products and systems.
Customer represents that it has all rights, permissions, licenses, notices, consents, opt-ins, authority, and lawful basis needed to provide Customer Data to Company and to authorize Company to process such data as described in this Policy and the Terms.
8. Contacts, Lead Lists, Recordings, Transcripts, and Communications Data
Customer may upload or connect contacts, lead lists, customer lists, phone numbers, email addresses, CRM records, notes, dispositions, and other communications-related data. Customer remains solely responsible for the origin, accuracy, lawfulness, consent status, opt-out status, DNC status, and permitted use of all such data.
CCS may generate or store call recordings, call transcripts, call summaries, email content, SMS content, voicemail data, meeting notes, AI-generated responses, agent prompts, call metadata, timestamps, call duration, call outcome, recordings of support interactions, and workflow logs.
Customer is responsible for all call recording consents, recording notices, two-party consent requirements, monitoring notices, disclosures, retention decisions, and legally required scripts. Company does not determine whether Customer may record a call or whether Customer has provided adequate notice.
9. Telecommunications Resource and Provider Verification Data
CCS may require information to configure Telecommunications Resources. This may include business identity information, caller identity information, number requests, use-case descriptions, provider forms, carrier requirements, billing records, campaign descriptions, and administrative setup data.
Some provider workflows may require Company to use Company-controlled accounts, administrative profiles, business information, payment arrangements, identity verification, owner or representative information, or other verification materials. Such data may be used solely to enable provider workflows, account setup, workspace creation, number procurement, caller ID registration, or telecommunications setup.
Customer acknowledges that provider verification or number provisioning performed by Company does not transfer legal responsibility for Customer Campaigns to Company. Customer remains responsible for all communications conducted using Telecommunications Resources, regardless of how those resources were procured, verified, paid for, configured, assigned, or maintained.
10. Website, Cookies, Analytics, and Tracking
CCS may use cookies, pixels, local storage, session storage, analytics tools, tags, logs, browser identifiers, device identifiers, and similar technologies for authentication, session management, security, fraud prevention, product analytics, performance measurement, debugging, preference storage, marketing attribution, and platform improvement.
Certain browsers or devices may offer cookie blocking, tracking controls, or privacy settings. Some features may not work properly if Customer or a user disables cookies or similar technologies.
Company may use analytics and telemetry to understand platform performance, errors, feature adoption, user experience, campaign configuration patterns, security events, provider failures, and opportunities for improvement.
11. Billing, Payment, and Account Administration Data
We may process billing, payment, tax, subscription, usage, chargeback, collection, invoice, renewal, trial-rate, annual commitment, post-trial pricing, and payment authorization information. Payment information may be processed by Third-Party Providers. Company does not intend to store full payment card numbers.
Billing and payment records may be retained for accounting, tax, audit, chargeback defense, collections, legal defense, fraud prevention, account history, and enforcement. Customer is responsible for keeping billing contacts and payment methods current.
12. Support, Consulting, MSP-Overlap, and Operational Communications
Company personnel may provide support, troubleshooting assistance, configuration guidance, onboarding assistance, workflow suggestions, platform education, operational observations, or technical opinions. Such communications may be logged, recorded, transcribed, summarized, reviewed, and used for quality, training, support, product improvement, dispute resolution, and legal defense.
Some Company personnel may also work with managed IT, consulting, infrastructure, cybersecurity, application, integration, or support customers. Communications provided in a CCS support context are informational and operational only unless a separate signed agreement expressly creates a specific consulting engagement.
Company may learn generalized information from support interactions, including recurring issues, common workflows, configuration preferences, industry patterns, implementation techniques, and product gaps. Subject to confidentiality obligations, Company may use those learnings to improve products, documentation, workflows, and future services.
13. How We Use Information
We may use information for the following purposes:
Operate, provide, maintain, secure, troubleshoot, test, improve, and support CCS.
Create accounts, authenticate users, administer workspaces, and manage permissions.
Provision, configure, verify, manage, renew, suspend, migrate, and administer Telecommunications Resources.
Enable calling, AI workflows, email notifications, SMS workflows, follow-ups, transcripts, recordings, and campaign operations.
Process payments, invoices, recurring fees, platform fees, usage fees, no-refund billing enforcement, taxes, chargebacks, collections, and billing support.
Send account, billing, security, compliance, legal, product, marketing, pricing, renewal, trial-rate, suspension, and operational communications.
Create and maintain clickwrap, certification, audit, electronic acceptance, legal notice, billing, provider, and evidentiary records.
Detect, prevent, investigate, and respond to abuse, fraud, security incidents, prohibited conduct, regulatory risk, carrier risk, provider risk, payment risk, and reputational risk.
Analyze, aggregate, de-identify, anonymize, train, evaluate, benchmark, debug, and improve services, AI systems, automation, workflows, analytics, abuse detection, safety controls, quality controls, and platform performance.
Develop, test, commercialize, and improve existing and future Company products, services, models, features, documentation, workflows, integrations, reporting, and automation.
Respond to subpoenas, legal demands, law enforcement, regulators, carriers, providers, payment processors, complainants, affected parties, or other inquiries where Company believes response is required, advisable, protective, or commercially reasonable.
14. Customer-Directed Communications and Multi-Channel Message Processing
Customer may use CCS to send or support calls, AI voice communications, emails, SMS messages, reminders, appointment confirmations, missed-call notices, call summaries, sales follow-ups, support notifications, or other communications to Customer Contacts.
Customer controls the business purpose, recipient selection, message content, campaign settings, timing, frequency, opt-out handling, and follow-up process for Customer-directed communications. Company acts as a software provider, administrative facilitator, processor, and infrastructure operator, not as the legal sender, caller, telemarketer, seller, or campaign operator for Customer Campaigns.
Company may process recipient information, message content, metadata, delivery events, call outcomes, transcripts, recordings, bounce events, open or click events where available, complaint events, unsubscribe events, suppression records, and related data to provide the service, troubleshoot, bill usage, detect abuse, maintain evidence, and improve CCS.
15. AI Systems, AI Training, Model Improvement, and Automation Development
To the fullest extent permitted by law, applicable agreements, and Customer's required permissions, Company may use Customer Data, usage data, metadata, prompt structures, scripts, transcripts, recordings, call summaries, AI inputs, AI outputs, workflow patterns, campaign settings, support data, error data, performance data, labels, outcomes, and Derived Data to operate, secure, improve, train, evaluate, benchmark, test, debug, tune, and develop CCS and Company AI, automation, analytics, and safety systems.
These rights apply to current AI systems, future AI systems, internally developed AI, third-party AI, hybrid AI, rules-based automation, analytics systems, quality systems, abuse detection, compliance support tools, documentation systems, and related products or services developed or operated by Company or its affiliates.
Company may use identifiable data where reasonably necessary to provide the service, support Customer, debug issues, investigate abuse, comply with law, maintain evidence, or where permitted by Customer authorization, applicable law, or contract. Company may use Aggregated Data, De-Identified Data, Anonymized Data, Tokenized Data, Derived Data, and generalized patterns for broader product improvement, model development, analytics, benchmarking, and commercialization.
Customer represents that it has obtained all rights, consents, notices, permissions, and legal authority required to allow Company to process and use Customer Data for the purposes described in this Policy, including AI training, evaluation, improvement, analytics, and product development where applicable.
Company does not promise that any AI system will be free from errors, bias, hallucinations, unexpected behavior, or unsuitable outputs. Customer is responsible for reviewing, testing, validating, and supervising AI outputs before and during use.
16. Human Review, Quality Assurance, Abuse Detection, and Safety Monitoring
Company personnel and authorized providers may review Customer Data, prompts, recordings, transcripts, logs, messages, campaign settings, account activity, support interactions, and provider events for support, debugging, abuse detection, quality assurance, training, security, billing, compliance support, legal defense, and platform integrity.
Any review by Company is discretionary and does not create a duty to monitor, detect, prevent, or correct Customer violations, unlawful communications, missing consents, improper scripts, call recording failures, DNC violations, or other compliance issues.
Company may use automated tools to flag suspicious activity, spam patterns, abnormal usage, high complaint rates, provider risk, call labeling events, opt-out disputes, payment risk, security risk, or other indicators of platform risk. Company may suspend or restrict processing where it determines that continuing use may create risk.
17. Know-How, Residual Knowledge, and Generalized Learning Rights
Company personnel may gain experience, ideas, skills, methodologies, concepts, techniques, workflows, implementation patterns, troubleshooting approaches, configuration concepts, support practices, and other generalized know-how from working with Customer, Customer Data, Customer users, Customer systems, and Customer workflows.
Customer agrees that Company and its personnel are not required to forget generalized knowledge, know-how, experience, skills, techniques, concepts, ideas, or information retained in unaided memory, provided Company does not intentionally disclose Customer-identifying Confidential Information in violation of an applicable confidentiality obligation.
Company may use Residual Knowledge and generalized know-how to build, improve, modify, commercialize, support, document, automate, and operate CCS, other Company products, future products, service methodologies, AI systems, workflows, integrations, templates, support processes, and business operations.
Customer acknowledges that generalized learnings, product ideas, workflow observations, technical patterns, and operational improvements are not exclusive to Customer merely because they were discussed, observed, discovered, or developed during Customer use of CCS.
18. Aggregated, De-Identified, Anonymized, Tokenized, and Derived Data
Company may create, use, retain, disclose, sell, license, commercialize, and otherwise exploit Aggregated Data, De-Identified Data, Anonymized Data, Tokenized Data, Derived Data, benchmark data, statistical data, performance data, model evaluation data, quality metrics, and usage metrics to the fullest extent permitted by law and applicable agreements.
Such data may be used for analytics, AI training, product development, benchmarking, documentation, reports, internal dashboards, provider optimization, pricing analysis, fraud detection, abuse prevention, security, research, commercial planning, marketing insights, operational improvement, and future product development.
Customer retains ownership of Customer Data as between Customer and Company, but Company owns or may freely use Aggregated Data, De-Identified Data, Anonymized Data, Tokenized Data, Derived Data, system metrics, telemetry, platform learnings, and Company-created outputs that do not identify Customer or a specific individual in ordinary use, unless a signed agreement states otherwise.
19. Benchmarking, Analytics, Product Development, and Commercialization Rights
Company may use information to create internal or external benchmarks, such as usage volumes, answer rates, average call duration, completion rates, AI performance, campaign configuration patterns, error trends, feature adoption, provider performance, support demand, and general industry or operational insights.
Company may develop, release, sell, license, commercialize, or otherwise provide new or improved products, features, workflows, reports, dashboards, integrations, AI agents, automation logic, data models, training datasets, documentation, or methodologies based on learnings, feedback, Aggregated Data, De-Identified Data, Derived Data, and Residual Knowledge.
Customer is not entitled to compensation, credit, ownership, royalties, revenue share, exclusivity, veto rights, approval rights, or other rights in Company products or improvements merely because Company used Customer feedback, usage patterns, support interactions, or generalized learnings.
20. Feedback, Feature Requests, Workflow Ideas, and Suggestions
Customer may provide ideas, suggestions, feedback, bug reports, feature requests, workflow concepts, prompt patterns, use cases, documentation suggestions, integration requests, business processes, reports, dashboard ideas, or other recommendations.
Customer grants Company a perpetual, irrevocable, worldwide, royalty-free, fully paid, sublicensable, transferable, unrestricted license to use, reproduce, modify, create derivative works from, distribute, display, perform, commercialize, and otherwise exploit such feedback without attribution, approval, confidentiality duty, or compensation.
To the extent any feedback cannot be licensed, Customer assigns to Company all rights necessary for Company to use the feedback without restriction. Customer waives any claim that Company products, features, documentation, workflows, integrations, or AI systems misappropriate Customer feedback.
21. Sharing of Information
We may disclose information as described in this Policy, the Terms, the Annual Subscription Agreement, Customer instructions, account settings, integrations, provider requirements, or applicable law.
With Third-Party Providers needed for hosting, AI infrastructure, telecommunications, email delivery, SMS delivery, analytics, security, payment processing, support, legal compliance, and operations.
With affiliates, personnel, contractors, subcontractors, representatives, advisors, auditors, insurers, and service providers under common ownership or operational control where reasonably necessary.
With carriers, telecommunications providers, caller ID registration providers, analytics providers, fraud prevention providers, payment processors, cloud providers, AI providers, and email providers.
With regulators, law enforcement, courts, carriers, providers, payment processors, fraud prevention systems, complainants, affected parties, or others when Company believes disclosure is required, advisable, protective, or commercially reasonable.
With successors, buyers, investors, lenders, advisors, or counterparties in connection with merger, acquisition, reorganization, financing, asset sale, bankruptcy, due diligence, or corporate transactions.
With others when Customer consents, directs, configures an integration, enables sharing, uploads data to a third-party integration, or otherwise authorizes disclosure.
22. Third-Party Providers, Subprocessors, Carriers, and Infrastructure Vendors
CCS depends on Third-Party Providers. Customer authorizes Company to use and change Third-Party Providers, subprocessors, carriers, AI infrastructure providers, telecommunications vendors, cloud vendors, payment processors, analytics providers, security vendors, support tools, and other providers as Company determines appropriate.
Third-Party Providers may process Customer Data, telecommunications metadata, recordings, transcripts, email delivery data, SMS delivery data, payment data, support data, and technical data to provide, support, secure, maintain, bill, troubleshoot, improve, or enforce CCS.
Company is not responsible for third-party privacy practices, security incidents, provider outages, provider policy changes, call labeling, carrier filtering, message filtering, payment processing issues, provider account termination, or provider errors, except to the extent liability cannot be disclaimed under applicable law.
23. Corporate Family, Affiliate, Contractor, and Personnel Sharing
Company may share information with affiliated companies, common-control entities, owners, officers, employees, contractors, subcontractors, advisors, service providers, and representatives for operations, support, billing, product development, AI development, security, analytics, legal compliance, business planning, and other purposes described in this Policy.
Such sharing may include InventorySync LLC, HepnerSync, Call Center Sync, Hepner Corp, existing affiliated businesses, future affiliated businesses, internal product teams, support teams, consulting teams, development teams, and operational personnel, provided such sharing is reasonably related to Company business purposes.
Company may use contractors and subcontractors to support development, support, operations, infrastructure, data processing, analytics, AI, communications, billing, and customer service. Company may require confidentiality obligations for personnel with access to non-public information, but Customer remains responsible for data it chooses to upload or process through CCS.
24. Legal, Regulatory, Carrier, Provider, and Enforcement Disclosures
Company may disclose information, logs, recordings, transcripts, account records, clickwrap evidence, campaign certifications, provider data, billing records, consent-related records, security data, and communications data when Company believes disclosure is required, advisable, protective, commercially reasonable, or necessary to protect Company interests.
This may include disclosure to courts, arbitrators, regulators, law enforcement, attorneys general, telecommunications carriers, providers, payment processors, fraud prevention systems, complainants, affected individuals, counterparties, insurers, auditors, and other parties in connection with legal demands, complaints, investigations, abuse reports, consumer complaints, DNC complaints, call labeling events, security incidents, chargebacks, litigation, arbitration, or enforcement of the Legal Framework.
Company has no liability to Customer for making a disclosure in good faith under this section, even if Customer disagrees with the disclosure, unless applicable law prohibits such limitation.
25. Business Transfers, Financing, Reorganization, and Successors
Company may disclose or transfer information in connection with any merger, acquisition, financing, investment, due diligence, restructuring, reorganization, bankruptcy, asset sale, product sale, platform transfer, change of control, or similar transaction.
Company rights in Aggregated Data, De-Identified Data, Anonymized Data, Derived Data, feedback, product improvements, AI training data, usage metrics, platform learnings, and Residual Knowledge may transfer to successors, assigns, buyers, affiliates, or acquirers to the fullest extent permitted by law and contract.
26. Customer Privacy Notice, Consent, Opt-Out, and Rights Responsibilities
Customer is responsible for providing all privacy notices, call recording notices, AI disclosure notices, electronic communication disclosures, consent requests, opt-out instructions, unsubscribe mechanisms, legal disclaimers, and other disclosures required for Customer Campaigns and Customer Data.
Customer is responsible for obtaining all rights, permissions, consents, opt-ins, lawful bases, authorizations, contracts, and data subject permissions needed for Company to process Customer Data as described in this Policy and the Terms.
Customer is responsible for responding to privacy requests, opt-out requests, unsubscribe requests, DNC requests, deletion requests, access requests, correction requests, data portability requests, consent withdrawals, call recording objections, and other data rights requests relating to Customer Campaigns, unless applicable law or a signed agreement requires otherwise.
If a Customer Contact contacts Company about a Customer Campaign, Company may redirect the request to Customer, respond where legally required, preserve records, suspend processing, or take other actions Company deems appropriate.
27. Privacy Rights and Request Handling
Depending on jurisdiction and relationship to Company, individuals may have rights to access, delete, correct, restrict, object, appeal, obtain a copy of, or opt out of certain processing of personal information. Rights vary by law and may not apply to all information or all individuals.
Because most Customer Campaign data is controlled by Customer, requests relating to Customer Contacts, campaign communications, contact lists, lead sources, call recordings, transcripts, emails, SMS messages, or Customer products and services may be directed to Customer. Company may require verification before responding to a request.
Company may deny, limit, or refuse requests where permitted by law, including where information must be retained for security, legal defense, billing, fraud prevention, evidence, regulatory, tax, accounting, provider, backup, or operational purposes.
Submitting a privacy request does not cancel fees, waive payment obligations, terminate a subscription, withdraw a campaign certification, delete all legal evidence, or prevent Company from retaining information necessary for enforcement or defense.
28. California and U.S. State Privacy Notice
Certain U.S. state privacy laws may require additional disclosures for residents of those states. To the extent such laws apply to Company, this section provides supplemental notice. Company may not be subject to every state privacy law, and Customer remains responsible for determining whether Customer is subject to such laws for Customer Campaigns.
Categories of personal information processed may include identifiers, contact information, commercial information, internet or electronic network activity, geolocation inferred from IP or phone metadata, audio information, professional or business information, inferences, sensitive personal information if uploaded by Customer, and other categories described in this Policy.
Purposes may include service delivery, account administration, communications, security, fraud prevention, billing, analytics, AI training, product improvement, provider workflows, legal compliance, enforcement, and business operations.
Company may disclose information to service providers, contractors, affiliates, business partners, providers, processors, carriers, payment processors, cloud vendors, AI infrastructure providers, security tools, legal advisors, regulators, law enforcement, and transaction counterparties.
Where required by law, eligible individuals may request access, correction, deletion, portability, restriction, opt-out of certain sale or sharing, opt-out of targeted advertising, opt-out of profiling, or appeal of a decision. Such rights may be subject to verification, exceptions, and Customer-controlled data limitations.
29. Sale, Sharing, Targeted Advertising, and Sensitive Data Disclosures
Company does not intend to sell personal information of website visitors for money in the ordinary meaning of the word sale. However, some privacy laws define sale, share, targeted advertising, or cross-context behavioral advertising broadly. Certain analytics, advertising, cookie, pixel, or data-sharing activities may be treated as a sale or sharing under some laws.
Where required, Company may provide opt-out mechanisms, cookie controls, or instructions for submitting requests. Customer is responsible for providing legally required opt-out mechanisms for Customer Campaigns, Customer Contacts, Customer websites, and Customer communications.
Customer must not upload sensitive personal information, health information, financial account data, government identifiers, biometric data, children data, protected health information, or other restricted data unless Customer has determined the upload is lawful and all required agreements, consents, notices, and safeguards are in place.
Company may process sensitive information if Customer uploads it or if it is necessary for account security, provider verification, payment processing, legal compliance, or service delivery. Customer is responsible for limiting sensitive data to the minimum necessary and ensuring lawful use.
30. Email, SMS, Calling, Voice, and Multi-Channel Communications
CCS may process information related to email, SMS, phone calls, AI voice communications, appointment reminders, follow-ups, notifications, confirmations, summaries, and other multi-channel communications initiated, configured, or authorized by Customer.
Processed information may include sender, recipient, subject lines, message content, call content, audio, transcripts, recordings, timestamps, delivery status, bounce status, call status, caller ID, number used, opt-out events, unsubscribe events, complaint events, suppression status, open events where available, click events where available, carrier events, and provider logs.
Customer is solely responsible for recipient selection, consent, timing, frequency, content, sender identity, caller identity, opt-out handling, DNC compliance, unsubscribe handling, call recording notices, privacy notices, and compliance with laws governing calls, texts, emails, artificial voice, prerecorded voice, AI communications, and marketing.
31. Call Recordings, Transcripts, Voice Data, and Biometric Considerations
CCS may record, transcribe, summarize, analyze, store, route, process, and use call audio, voice data, call metadata, AI voice interactions, and transcripts for service delivery, quality assurance, debugging, training, analytics, abuse detection, support, billing, legal defense, and product improvement.
Customer is responsible for determining whether any voice data, call recording, transcript, or AI voice workflow triggers biometric, wiretapping, eavesdropping, call recording, consent, privacy, employment, healthcare, financial, or other laws. Customer must provide all required notices and obtain all required consents before recording or processing calls.
Company does not represent that CCS creates, uses, or stores biometric identifiers for any particular Customer workflow unless expressly stated in a signed agreement. However, because some laws define voiceprints, voice data, or voice analysis broadly, Customer must assume responsibility for evaluating its own use case.
32. HIPAA, PHI, 42 CFR Part 2, Financial Data, Legal Data, and Regulated Data
CCS is not automatically approved for protected health information, substance use disorder treatment records, sensitive health data, legal client information, financial account data, education records, government records, biometric data, children data, or other regulated information.
Customer must not use CCS to create, receive, maintain, transmit, process, or store protected health information or other regulated data in a way that requires Company to act as a regulated vendor, business associate, financial service provider, debt collector, legal service provider, education records processor, or other regulated party unless Customer has determined the use is lawful and all required agreements are in effect.
Customer is responsible for determining whether HIPAA, HITECH, 42 CFR Part 2, state health privacy laws, GLBA, FCRA, FDCPA, insurance laws, legal ethics rules, education privacy laws, government procurement rules, or other regulated data laws apply. Company does not provide compliance advice.
Customer may not use CCS for emergency communications, diagnosis, treatment decisions, clinical triage, behavioral health crisis, medication decisions, protected health outreach, regulated financial decisioning, legal advice, eligibility decisions, or other high-risk decisions unless expressly permitted by law and by a signed or portal-accepted agreement.
33. Children, Minors, and Restricted Data
CCS is intended for business use and is not directed to children or consumer personal use. Customer must not use CCS to knowingly collect, contact, record, message, profile, or process information about children or minors unless Customer has determined such use is lawful and has all required parental consents, notices, safeguards, and agreements.
Customer must not upload data involving children, schools, students, minors, vulnerable populations, or restricted categories unless Customer has independently determined the use is lawful and authorized. Company may suspend or delete suspected restricted data where Company believes continued processing creates risk.
34. Retention, Deletion, Backup, and Legal Hold
Company may retain information as long as reasonably necessary for service delivery, account administration, billing, tax, accounting, audit, security, fraud prevention, abuse detection, AI training, product improvement, provider requirements, evidence, dispute resolution, legal defense, regulatory compliance, business continuity, backup, and enforcement.
Company does not guarantee permanent retention, availability, exportability, or restoration of Customer Data unless expressly agreed in writing. Customer is responsible for retaining its own copies of legally required records, consent records, call records, DNC records, opt-out records, scripts, prompts, campaign approvals, and communications history.
Company may retain deleted or expired data in backups, archives, logs, derived datasets, aggregated datasets, de-identified datasets, security systems, billing systems, legal systems, and provider systems. Deletion from active systems may not immediately delete all copies.
Company may preserve data when litigation, arbitration, complaint, investigation, audit, subpoena, chargeback, provider dispute, consumer complaint, regulatory matter, security incident, or legal hold exists or is reasonably anticipated.
35. Security Measures and Security Limitations
Company uses commercially reasonable administrative, technical, and organizational safeguards designed to protect information. Measures may include access controls, authentication, logging, monitoring, vendor management, encryption where commercially reasonable, incident response processes, backup or recovery measures, and internal security practices proportional to risk.
No system is guaranteed secure. Company does not guarantee that unauthorized access, cyberattack, ransomware, malware, phishing, credential compromise, vendor incident, zero-day vulnerability, cloud outage, provider compromise, insider threat, configuration error, or other security incident will never occur.
Customer is responsible for securing its own users, devices, browsers, credentials, integrations, APIs, endpoints, networks, CRM systems, email domains, call settings, storage, exports, and downstream recipients. Customer must promptly notify Company of suspected account compromise or unauthorized use.
36. Security Incidents, Breach Response, and Notice Limits
If Company becomes aware of a security incident affecting Customer Data, Company may investigate and respond in a manner Company determines appropriate based on available information, legal requirements, provider requirements, risk, and operational circumstances.
Company may notify Customer, regulators, affected individuals, carriers, providers, payment processors, law enforcement, insurers, or others where Company determines notice is required, advisable, protective, or commercially reasonable. Customer is responsible for any notices required due to Customer's own systems, data, communications, campaigns, or legal obligations.
Company is not responsible for security incidents caused by Customer credentials, Customer users, Customer devices, Customer integrations, Customer exports, Customer instructions, Customer failure to configure controls, third-party providers outside Company control, or events beyond Company reasonable control.
37. International Processing and Cross-Border Transfers
Information may be processed in the United States and other jurisdictions where Company, affiliates, personnel, contractors, or Third-Party Providers operate. Data protection laws in those jurisdictions may differ from the laws of Customer's jurisdiction.
Customer is responsible for determining whether cross-border processing is lawful for Customer Data and for providing any required notices, consents, transfer mechanisms, contractual terms, or instructions. Company may decline, suspend, or limit international processing use cases that create legal, operational, provider, or reputational risk.
38. Public Website, Marketing, Social Media, and Advertising Data
When users interact with public websites, marketing pages, demos, forms, social media, advertisements, newsletters, webinars, or sales communications, Company may collect and use contact information, company information, interest signals, referral source, website activity, analytics, communications, and marketing preferences.
Company may use such information for sales, marketing, product education, account follow-up, newsletter distribution, event invitations, retargeting, analytics, campaign measurement, and business development. Users may opt out of certain marketing communications where required by law or as provided in the communication.
Social media platforms, advertising networks, analytics providers, and marketing tools may independently process data according to their own privacy terms. Company is not responsible for third-party platform practices.
39. Employee, Contractor, Applicant, and Internal Business Data
Company may process information about employees, contractors, applicants, vendors, consultants, advisors, and business contacts for hiring, contracting, workforce management, payroll, tax, benefits, security, access control, legal compliance, operations, and business administration.
This Policy may apply to such internal business data where a separate employee, contractor, or applicant privacy notice does not apply. Additional internal notices or agreements may govern specific categories of personnel data.
40. Beta, Preview, Experimental, and Future AI Features
Company may release beta, preview, pilot, experimental, early-access, trial, unreleased, or future AI features. Such features may have different data behaviors, limited documentation, incomplete controls, evolving functionality, reduced availability, and increased risk.
Data processed through beta or experimental features may be used to test, train, evaluate, debug, improve, and develop the feature and related Company systems. Customer should not use beta or experimental features for sensitive, regulated, high-risk, mission-critical, or legally significant workflows unless expressly authorized in writing.
41. Data Export, Portability, Migration, and Account Closure
Company may provide export, migration, or data access tools at its discretion or as required by a signed agreement or applicable law. Company does not guarantee that all data, logs, transcripts, recordings, AI outputs, metadata, derived data, or provider records will be exportable.
Upon account closure, termination, suspension, or nonpayment, Company may disable access to Customer Data, retain records for legal and business purposes, delete data under standard processes, preserve evidence, retain backups, and continue using Aggregated Data, De-Identified Data, Anonymized Data, Derived Data, Residual Knowledge, and feedback as described in this Policy.
42. Links, Integrations, APIs, and Third-Party Services
CCS may link to or integrate with third-party websites, CRMs, data sources, email systems, calendars, cloud services, analytics tools, payment processors, telecommunications providers, AI systems, and other services. Customer is responsible for reviewing third-party privacy terms and ensuring it has authority to connect and share data.
When Customer enables an integration, Customer instructs Company to exchange data with the integration. Company is not responsible for how third parties use data after Customer authorizes the integration or exports data.
43. Automated Processing, AI Outputs, and No Sole Reliance
CCS may use automated systems, AI systems, analytics, rules, models, classifiers, scoring, filtering, and other automated processing to operate the platform, route communications, generate outputs, create summaries, detect abuse, identify security risks, process campaigns, support users, or improve performance.
Customer must not rely solely on AI outputs, automated summaries, classifications, recommendations, scripts, prompts, or platform suggestions for legally significant decisions, compliance decisions, eligibility decisions, healthcare decisions, financial decisions, employment decisions, legal decisions, or other high-risk decisions.
Customer is responsible for human review, validation, supervision, testing, and approval of all AI-enabled workflows and outputs.
44. No Privacy Advice, Compliance Advice, Legal Advice, or Security Guarantee
Company does not provide legal advice, privacy advice, regulatory advice, telemarketing advice, cybersecurity advice, healthcare compliance advice, financial compliance advice, call recording advice, TCPA advice, TSR advice, CAN-SPAM advice, or industry-specific compliance advice.
Any documentation, support response, training material, template, recommendation, observation, example, default setting, workflow suggestion, or AI output is informational only and does not create a warranty, representation, guarantee, or professional advice relationship.
Customer is responsible for consulting qualified counsel and compliance professionals regarding Customer Data, Customer Campaigns, Customer industry, Customer communications, call recording, consent, DNC, opt-out, privacy notices, AI disclosures, and regulated data.
45. Changes to This Policy
Company may update this Policy from time to time by posting a new version, emailing notice, providing in-app notice, presenting updated clickwrap, or otherwise making the updated Policy available. Continued use after the effective date constitutes acceptance where permitted by law and the Terms.
Changes may apply immediately where Company determines the change is necessary for legal, security, provider, operational, AI, privacy, compliance, pricing, or reputational reasons.
46. Contact and Request Submission
Privacy, data, legal, and compliance questions may be sent to legal@callcentersync.com. Customer remains responsible for time-sensitive privacy, compliance, billing, and operational obligations even if Company does not respond before a deadline.
Requests should include the requestor name, business name if applicable, email address, relationship to CCS, account or workspace identifier if known, type of request, jurisdiction if applicable, and enough information for Company to verify and process the request.
Company may require identity verification, authorization verification, business authority verification, or additional information before acting on a request. Company may redirect Customer Contact requests to Customer where Customer controls the relevant data.
Appendix A. Data Categories, Sources, Purposes, and Disclosures
Category
Examples
Sources
Purposes
Disclosures
Identifiers
Names, emails, phone numbers, account IDs, IP addresses, business names, account credentials.
Customer, users, integrations, devices, providers.
Accounts, authentication, support, communications, security, billing.
Providers, affiliates, support tools, security tools, legal recipients.
Customer Contact Data
Leads, prospects, customers, phone numbers, email addresses, CRM records, notes, tags.
Customer uploads, integrations, Customer users.
Campaigns, calling, email, SMS, AI workflows, support, analytics, legal evidence.
Telecom providers, email providers, AI providers, cloud providers, legal recipients.
Communications Data
Call audio, recordings, transcripts, messages, summaries, email content, SMS content.
Customer, Customer Contacts, AI systems, providers.
Service delivery, transcripts, summaries, QA, AI training, billing, support, legal defense.
AI providers, telecom providers, email providers, cloud providers, legal recipients.
Usage and Telemetry
Feature use, logs, errors, performance data, timestamps, API calls, model events.
Platform systems, devices, integrations.
Debugging, security, analytics, product improvement, AI training, abuse detection.
Analytics providers, security providers, cloud providers, affiliates.
Billing Data
Invoices, fees, usage charges, payment status, payment metadata, chargebacks.
Customer, payment processors, platform systems.
Billing, accounting, tax, collections, chargeback defense, fraud prevention.
Payment processors, accounting providers, legal recipients.
Provider Verification Data
Business profiles, number requests, caller ID, verification records, provider feedback.
Customer, Company personnel, carriers, providers.
Telecom resource setup, provider compliance, number provisioning, carrier registration.
Carriers, telecom providers, registration providers, legal recipients.
Support Data
Tickets, emails, chats, screen shares, troubleshooting notes, meeting summaries.
Customer, users, Company personnel.
Support, QA, training, product improvement, legal defense, Residual Knowledge.
Support tools, affiliates, contractors, legal recipients.
Marketing Data
Website visits, form submissions, cookies, analytics, campaign attribution.
Website, forms, analytics tools, marketing tools.
Marketing, sales, analytics, product education, retargeting where permitted.
Marketing providers, analytics providers, advertising platforms.
Aggregated and Derived Data
Metrics, benchmarks, model features, trends, error patterns, statistics.
Derived from platform usage and Customer Data.
AI training, product improvement, benchmarking, commercialization, analytics.
Affiliates, providers, customers, investors, public reports if non-identifying.
Appendix B. Customer Data Processing Terms
Customer instructs Company to process Customer Data as necessary to provide CCS, administer Telecommunications Resources, communicate with Customer, secure the platform, support Customer, process payments, operate AI workflows, send Customer-directed communications, comply with law, enforce agreements, detect abuse, improve CCS, and exercise rights described in the Legal Framework.
Customer authorizes Company to use Third-Party Providers and subprocessors for hosting, AI, telecom, email, SMS, analytics, security, billing, support, logging, legal compliance, and other operations. Company may change providers as necessary for business, operational, security, legal, provider, or product reasons.
Customer is responsible for lawful basis, consent, notices, data minimization, data accuracy, individual rights, cross-border transfer authorization, retention instructions, regulated data classification, and whether Customer Data may be used for the purposes described in this Policy.
Upon termination, Company may delete or return Customer Data according to standard processes, subject to retention for backups, legal defense, audit evidence, billing, security, compliance, dispute resolution, provider requirements, fraud prevention, AI training rights, aggregated data rights, de-identified data rights, and enforcement.
Appendix C. Data Rights Summary
Data or Material
General Ownership or Control
Company Rights
Customer raw contact lists and CRM records
Customer generally owns or controls as between Customer and Company.
Process to provide CCS, support, security, billing, legal compliance, AI training and improvement where permitted, and other purposes in this Policy.
Call recordings and transcripts generated through Customer Campaigns
Customer generally controls campaign purpose and recipient relationship.
Process, store, analyze, transcribe, summarize, train, evaluate, improve, support, bill, enforce, and defend as described in this Policy.
Prompts, scripts, workflows, settings, and campaign configurations
Customer controls campaign configuration; Company owns platform and tooling.
Use for operation, support, model evaluation, safety, abuse detection, product improvement, benchmarking, and future feature development.
Aggregated, De-Identified, Anonymized, Tokenized, and Derived Data
Company may own or freely use to the fullest extent permitted by law.
Use, retain, disclose, commercialize, train, benchmark, analyze, and improve without Customer compensation or approval.
Feedback, ideas, feature requests, workflows, suggestions
Submitted by Customer, but not exclusive to Customer.
Perpetual, irrevocable, worldwide, royalty-free, sublicensable, transferable, unrestricted use and commercialization.
Residual Knowledge and generalized know-how
Retained in unaided memory of Company personnel.
Use to improve products, services, methods, AI systems, workflows, support, and future offerings without disclosing Customer-identifying confidential information.
Company platform, software, AI systems, models, workflows, documentation, dashboards, integrations
Company owns.
Full ownership and commercialization rights, subject only to express signed limitations.
Appendix D. Retention Categories
Record Type
Potential Retention Purpose
Account records
Account administration, legal evidence, security, billing, support, fraud prevention, enforcement.
Billing and payment records
Accounting, tax, audit, collections, chargeback defense, payment history, legal defense.
Clickwrap and acceptance logs
Proof of acceptance, authority, terms version, campaign responsibility, billing authorization, litigation defense.
Telecommunications provider records
Number provisioning, carrier registration, provider disputes, call labeling, regulatory inquiries, compliance evidence.
Campaign records, scripts, prompts, recordings, transcripts
Service delivery, support, Customer access, legal defense, abuse detection, AI training, product improvement, provider requirements.
Security logs
Threat detection, incident response, fraud prevention, system integrity, legal compliance, forensic analysis.
Support communications
Support history, QA, training, product improvement, dispute resolution, legal defense, Residual Knowledge.
Aggregated, De-Identified, Anonymized, Tokenized, and Derived Data
Indefinite analytics, benchmarking, AI training, product development, commercialization, and operational improvement where permitted.
Appendix E. Privacy Request Workflow
A person submitting a privacy request should send the request to legal@callcentersync.com. The request should identify the requestor, account, business, email address, jurisdiction, type of request, and whether the request relates to direct use of CCS or a Customer Campaign.
Company may verify identity, request additional information, redirect the request to Customer, decline requests that cannot be verified, limit requests based on legal exceptions, or retain information needed for legal defense, billing, security, fraud prevention, provider requirements, evidence, compliance, or enforcement.
If a request relates to Customer Campaign data, Customer is generally responsible for responding because Customer controls the campaign, contact relationship, communication purpose, consent status, and recipient rights. Company may assist at Customer expense where required by law or signed agreement.
Appendix F. Detailed Business Data Processing Terms
This Appendix describes the intended allocation of data processing roles between Company and Customer for business customers. It is not a standalone Data Processing Addendum and does not replace any signed data processing agreement. It is intended to make clear that Customer controls the business purpose of Customer Campaigns while Company processes information to provide, secure, improve, enforce, and develop CCS.
For Customer Campaign Data, Customer usually determines the purpose and means of collection, upload, contact, communication, recording, outreach, consent, and retention. Company generally processes that information to provide CCS, administer accounts, support Customer, provision Telecommunications Resources, facilitate AI workflows, operate multi-channel communications, bill Customer, and maintain evidence. Company also retains independent rights described in this policy, including rights for security, fraud prevention, legal compliance, product improvement, AI training, residual knowledge, and aggregated or de-identified data.
Customer instructions include the configurations, uploads, integrations, prompts, scripts, cadences, call timing, email settings, SMS settings, workflows, contact selections, and other actions Customer takes in CCS. Company may refuse, limit, suspend, or ignore instructions that Company believes may be unlawful, unsafe, abusive, technically unreasonable, inconsistent with provider requirements, inconsistent with the Legal Suite, or harmful to Company, its affiliates, providers, other customers, recipients, or the public.
Customer acknowledges that Company may not always be able to separate every processing activity into a single legal role. Some activities are performed at Customer direction, while other activities are performed for Company business, security, legal defense, provider compliance, AI improvement, analytics, support, enforcement, or corporate purposes. Customer agrees that Company may process information in those multiple capacities to the maximum extent permitted by law.
Customer must provide all notices required for Customer Campaign Data before submitting that data to CCS.
Customer must obtain and maintain all required consents, opt-ins, authorizations, and lawful bases.
Customer must not instruct Company to process data in a way that violates law or provider rules.
Customer must immediately notify Company if Customer believes Customer Data was uploaded in error or includes sensitive regulated data.
Customer must reimburse Company for support, legal, compliance, carrier, provider, or technical costs caused by Customer data misuse as provided in the Legal Suite.
Appendix G. HIPAA, PHI, Health Data, and Regulated Data Position
CCS is not automatically intended for protected health information, patient communications, behavioral health outreach, medical diagnosis, clinical triage, emergency services, medication decisions, benefits determinations, substance use disorder treatment records, or other highly regulated data. Customer is responsible for determining whether HIPAA, HITECH, 42 CFR Part 2, state health privacy laws, insurance laws, financial privacy laws, education privacy laws, government procurement rules, legal ethics rules, political communication rules, debt collection rules, or similar regulatory frameworks apply to Customer use.
Company does not become a HIPAA Business Associate, healthcare provider, financial institution, debt collector, consumer reporting agency, education vendor, government contractor, political compliance consultant, legal services provider, or regulated professional merely because Customer uses CCS in a regulated industry or uploads regulated data. If a Business Associate Agreement, regulated data addendum, data processing agreement, security exhibit, or other special agreement is required, Customer must obtain Company written agreement before submitting the regulated data.
Customer may not use CCS for emergency communications or any situation where delay, outage, AI error, hallucination, failed delivery, incorrect classification, or provider interruption could cause death, bodily injury, loss of liberty, loss of benefits, denial of healthcare, loss of housing, loss of employment, credit denial, legal prejudice, or similar severe harm. CCS is a business communications and automation platform, not an emergency, life-safety, medical, legal, or regulated decision-making system.
If Company discovers or suspects that Customer has submitted regulated data without approval, Company may suspend, quarantine, preserve, delete, restrict, or disclose information as Company determines appropriate. Company may also require Customer to execute additional terms, provide compliance proof, reimburse costs, or stop using the affected workflow.
Do not submit PHI unless Company has signed or accepted a required regulated data agreement.
Do not submit substance use disorder treatment records unless all 42 CFR Part 2 requirements are satisfied and Company has expressly approved the use.
Do not use CCS for emergency or clinical triage communications.
Do not use CCS as the sole system of record for regulated compliance records.
Do not represent that CCS is HIPAA-compliant, PHI-approved, or certified for a regulated use unless Company provides written authorization.
Appendix H. Telecommunications, Provider Workspace, and AI Data Flow
CCS may create, maintain, or use provider workspaces, numbers, caller identification records, AI voice resources, email resources, SMS resources, routing tools, carrier records, and administrative provider accounts to make the platform work. Some provider systems may require Company accounts, Company credentials, Company business information, Company representative information, identity verification, payment information, or other administrative data. Customer authorizes Company to use such workflows for Customer benefit and operational convenience.
Provider setup data may flow among CCS, Company personnel, telecommunications providers, AI infrastructure providers, carriers, email providers, SMS providers, fraud prevention systems, payment processors, support providers, hosting providers, and analytics systems. This flow may include Customer business identity, workspace identifiers, phone numbers, caller ID information, campaign configuration, usage metrics, call metadata, provider tickets, registration status, and compliance-related records.
Customer remains the responsible business for Customer communications even if a number, workspace, provider account, or administrative profile is provisioned through a Company-controlled provider workflow. Company provisioning does not mean Company selected the recipients, approved the legal basis, controlled the campaign purpose, created the contact list, authorized the script, verified consent, or accepted liability for Customer communications.
Company may preserve provider setup records and Telecommunications Resource records for evidence, billing, support, carrier inquiries, regulatory inquiries, legal defense, dispute resolution, provider compliance, and future account administration. Customer has no property right in phone numbers or provider workspaces unless a signed agreement expressly says otherwise.
Appendix I. Customer Notice, Consent, and Communication Compliance Responsibilities
Customer is responsible for all notices and consents required for Customer communications. This includes privacy notices, call recording notices, AI or artificial voice disclosures, prerecorded voice disclosures, telemarketing disclosures, sender identity disclosures, unsubscribe instructions, SMS opt-out language, email unsubscribe mechanisms, DNC compliance, industry-specific notices, and any other notice required by applicable law or provider policy.
Company may provide default settings, templates, help text, suggested wording, workflows, prompts, or examples. These defaults and examples are not legal advice, not compliance advice, and not a guarantee that Customer use is lawful. Customer must review and modify every default setting, template, script, prompt, disclosure, cadence, blackout window, and workflow to match Customer legal obligations and business requirements.
Customer must maintain records proving that notices were provided and consents were obtained. Such records should include the language shown to the recipient, date and time, source, method of consent, IP address if collected, phone number or email address, lead source, relationship basis, opt-in status, opt-out status, script version, prompt version, and campaign approval history.
Customer agrees that failure to maintain proof of consent or lawful authority is Customer responsibility. Company may ask for records at any time, and failure to provide records promptly may result in suspension, termination, provider disclosure, regulatory cooperation, and indemnification.
Appendix J. Privacy Request Workflow and Escalation
If Company receives a privacy request from an individual, Company may first determine whether the request relates to Company account data, website data, business contact data, or Customer Campaign Data. Requests involving Customer Campaign Data may be redirected to Customer because Customer usually controls the purpose of the Campaign and has the direct relationship with the individual.
Company may require verification before disclosing or changing information. Verification may include email confirmation, account authentication, additional identifying information, business authorization, or other steps Company considers appropriate. Company may deny or limit requests where required or permitted by law, where the request cannot be verified, where the request relates to another person, where records must be retained for legal or security reasons, or where Company is acting on Customer instructions.
Customer must cooperate with Company privacy request handling when the request relates to Customer Data, Customer Campaigns, contact records, opt-outs, unsubscribes, DNC requests, consent withdrawals, recordings, transcripts, or message content. Customer must provide requested context and records promptly. If Customer fails to cooperate, Company may suspend workflows, preserve records, respond as it determines appropriate, or charge Customer for assistance.
Requesters may contact legal@callcentersync.com. Company may route requests internally to legal, privacy, security, support, billing, engineering, or leadership personnel as needed.
Appendix K. AI Training Rights and Practical Examples
This Appendix provides practical examples of how Company may use data for AI training, evaluation, product improvement, and business development. These examples do not limit the rights granted elsewhere in this policy or the Legal Suite.
Example 1: If multiple Customers use similar prompt structures and one structure results in fewer failed calls, Company may use that insight to improve default prompt guidance, AI behavior, onboarding workflows, and documentation. Customer does not own the improved default merely because Customer data helped Company learn what works.
Example 2: If support tickets show that Customers commonly misconfigure blackout windows, Company may use those tickets, settings, and outcomes to build better warnings, tooltips, validation rules, AI configuration assistance, and training materials.
Example 3: If call transcripts reveal recurring conversational failure points, Company may use transcripts, summaries, metadata, and derived patterns to improve conversation flows, model routing, hallucination detection, escalation triggers, and quality controls.
Example 4: If Customer requests a report, dashboard, integration, prompt technique, or workflow improvement, Company may build a similar feature into CCS and provide it to other customers without owing Customer compensation, approval, exclusivity, attribution, or ownership.
Example 5: If Company later develops proprietary AI infrastructure, Company may use knowledge, patterns, Derived Data, Aggregated Data, De-Identified Data, residual know-how, and product learnings from prior CCS operations to train, test, evaluate, and improve that proprietary infrastructure to the maximum extent permitted by law.
Appendix L. Corporate Family, Future Products, Sale of Business, and Successor Rights
Company may operate within a broader family of brands, products, services, and affiliated entities. Information and rights described in this policy may be used to support CCS, HepnerSync, InventorySync LLC, related products, future products, internal systems, support operations, AI development, analytics, business strategy, and corporate growth, subject to applicable law and the Legal Suite.
Customer acknowledges that Company may develop future products that are not identical to CCS but benefit from knowledge, data rights, analytics, AI training, workflow learnings, support learnings, and product improvement rights described in this policy. Customer has no right to restrict future products merely because Customer used CCS or provided feedback.
If Company sells, transfers, finances, assigns, merges, reorganizes, or contributes any part of CCS, InventorySync LLC, HepnerSync, or related assets, data rights may transfer to the successor, assignee, buyer, lender, investor, surviving entity, or related corporate participant. This includes rights to Aggregated Data, De-Identified Data, Derived Data, residual knowledge, feedback, benchmarks, AI improvements, and records needed for operations, legal compliance, billing, security, and enforcement.
Customer may not block or condition a corporate transaction based on Customer use of CCS unless a signed written agreement expressly grants that right.
Appendix M. Regulatory, Carrier, Provider, and Law Enforcement Cooperation Examples
Company may cooperate with third parties to protect itself, its affiliates, its providers, other customers, recipients, and the public. Cooperation may occur even if Customer disagrees with the third party request or believes the request relates to Customer conduct. Company may notify Customer when legally permitted and commercially reasonable, but Company is not required to delay protective action while waiting for Customer response.
Cooperation examples include providing call logs to a carrier investigating call labeling, providing number assignment records to a provider investigating abuse, providing clickwrap records to defend Company against a claim, preserving recordings after a complaint, disclosing Customer contact information to a regulator, responding to a subpoena, assisting law enforcement, or suspending a campaign after a pattern of complaints.
Company may also disclose information when disclosure helps demonstrate that Customer, not Company, selected recipients, configured Campaigns, supplied data, controlled scripts, accepted responsibility, or certified compliance. Customer agrees that such disclosure is authorized and that Company has no liability for making protective disclosures in good faith.
Customer must reimburse Company for reasonable legal, technical, compliance, records production, investigation, support, and administrative costs arising from Customer Campaigns, Customer Data, Customer complaints, provider inquiries, regulatory inquiries, law enforcement matters, consumer disputes, or third-party claims as provided in the Legal Suite.
Appendix N. Customer Data Rights: Operational Do and Do Not Summary
This summary is operational guidance only. It does not limit any legal obligation in the policy, Terms of Service, Subscription Agreement, or applicable law.
Do maintain clear records showing where every contact came from and why Customer may contact that person.
Do review scripts, prompts, AI behavior, emails, SMS messages, and call disclosures before launch.
Do keep independent records that Customer may need for compliance, tax, legal, audit, DNC, and consent obligations.
Do notify Company promptly if Customer believes regulated data was uploaded or a Campaign is creating complaints.
Do keep Customer account contacts current so legal, billing, security, and policy notices are received.
Do not upload data that Customer does not have the right to use.
Do not assume Company has verified consent, DNC status, opt-out status, privacy notices, or call recording compliance.
Do not use CCS for emergency, medical, legal, financial eligibility, credit, insurance, government benefit, or other high-risk decisions without a separate written agreement and legal review.
Do not assume deletion of raw Customer Data requires deletion of Aggregated Data, De-Identified Data, Derived Data, model improvements, residual knowledge, or evidence records.
Do not tell customers or regulators that Company is responsible for Customer Campaigns merely because Company provisioned phone numbers or provider workspaces.
Appendix O. Glossary of Operational Privacy Terms
This glossary is provided to make the policy easier to understand. It does not change the legal meaning of any term defined in the main body of the policy or the Terms of Service.
Term
Plain-language Meaning
Account Data
Information used to create, administer, secure, bill, and support a CCS account.
Campaign Data
Information relating to any call, SMS, email, AI workflow, prompt, script, recipient, cadence, setting, or result in a Customer Campaign.
Consent Record
Evidence that a person agreed to receive a communication or that Customer has lawful authority to contact the person.
Derived Data
New data, analytics, classifications, insights, model improvements, or metrics created from processing or analyzing other data.
De-Identified Data
Data processed so that it does not reasonably identify a specific person, household, device, or Customer.
Residual Knowledge
General knowledge, skills, concepts, experiences, and know-how retained in unaided memory by Company personnel.
Subprocessor
A provider or vendor that helps Company process information to operate or support CCS.
Telecommunications Resource
A phone number, caller ID registration, carrier resource, workspace, or related calling and messaging infrastructure.
Workflow Pattern
A generalized configuration, automation, prompt structure, communication sequence, or process learned from platform use or support.