Privacy Policy

CallNex is an AI-powered voice calling platform operated by CallNex BV, [Address Placeholder], Brussels, Belgium. As data controller, we are responsible for the personal data you provide when using our platform.

This Privacy Policy explains what data we collect, why we collect it, how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR / AVG) and Belgian privacy law.

We collect the following categories of personal data:

• Account data: full name, company name, email address, hashed password, preferred language and currency
• Billing data: billing address, VAT number, invoice history (card details are processed exclusively by Stripe — we never store full card numbers)
• Call data: phone numbers dialled or received, call recordings, AI-generated transcripts, call outcomes, campaign names, timestamps
• Usage data: feature usage logs, login history, IP addresses, browser type and device information
• Support communications: emails, chat messages and support tickets you send to our team

We use your personal data only for the purposes described below:

• Providing and operating the CallNex platform and its features
• Processing payments and issuing invoices via Stripe
• Storing call recordings and AI-generated transcripts for your review and quality control
• Delivering AI call analysis, lead scoring, and outcome classification
• Sending transactional communications such as receipts, service alerts, and product updates
• Responding to support requests and resolving technical issues
• Detecting and preventing fraud and unauthorised access
• Improving the platform using aggregated and anonymised usage analytics — individual recordings are never used to train third-party AI models
• Complying with legal and regulatory obligations

We rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)): to provide the services you have subscribed to
• Legal obligation (Art. 6(1)(c)): accounting records, tax compliance, and responding to lawful requests from authorities
• Legitimate interests (Art. 6(1)(f)): fraud prevention, security monitoring, and internal analytics
• Consent (Art. 6(1)(a)): marketing communications — you may withdraw consent at any time via the unsubscribe link or by contacting support@callnex.nl

We retain personal data only for as long as necessary:

• Account and profile data: for the duration of your account plus 30 days after closure
• Call recordings and AI transcripts: 90 days by default (adjustable per campaign in account settings)
• Billing and invoice records: 7 years in accordance with Belgian accounting law (Koninklijk Besluit)
• Support ticket history: 2 years after the ticket is closed
• Server access and security logs: 30 days

After the applicable retention period, data is permanently deleted or irreversibly anonymised.

We work with a limited set of vetted sub-processors to deliver our service:

• Stripe Payments Europe Ltd (Dublin, Ireland): payment processing and invoicing
• Cloud infrastructure provider: EU-based data centres for platform hosting and storage

We do not sell, rent, share or trade your personal data with third parties for marketing or commercial purposes under any circumstances. Sub-processors are bound by Data Processing Agreements and are only permitted to process data on our documented instructions.

All personal data is stored on servers located within the European Union. In the event that any transfer outside the EEA becomes necessary (for example, through a sub-processor), we ensure adequate protection is in place through EU Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Chapter V.

As a data subject, you have the following rights, which you may exercise free of charge:

• Right of access (Art. 15): request a copy of the personal data we hold about you
• Right to rectification (Art. 16): request correction of inaccurate or incomplete personal data
• Right to erasure (Art. 17): request deletion of your personal data ('right to be forgotten')
• Right to restriction (Art. 18): request that we limit the processing of your data in certain circumstances
• Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interests

To exercise any of these rights, email us at support@callnex.nl. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA — Gegevensbeschermingsautoriteit): www.gegevensbeschermingsautoriteit.be, Drukpersstraat 35, 1000 Brussels, +32 2 274 48 00.

We implement appropriate technical and organisational security measures to protect your data, including TLS 1.3 encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, and regular internal security reviews. For full details, see our Security page.

We may update this Privacy Policy periodically. For material changes, we will notify you by email at least 14 days before the new policy takes effect. The current version is always accessible at callnex.nl/privacy.

CallNex BV · [Address Placeholder] · Brussels, Belgium · support@callnex.nl

For data protection inquiries specifically, you may also use the subject line 'Privacy Request' when emailing us.