Xobee Voice Privacy Policy

Last updated: May 23rd, 2023

Introduction

Xobee Networks recognizes and supports the privacy rights of all persons, and we respect these rights when we collect and process personal information (“PI”). We have developed and adopted this Privacy Policy to describe our privacy values and guide our processing of personal information. By purchasing, subscribing to, or utilizing the Products and/or Services, or registering to attend, attending and/or participating in any Xobee Networks sponsored events or other events in which Xobee Networks participates, you agree to be bound to the terms and conditions of this Privacy Policy.

The obligations and responsibilities set out in this Privacy Policy are applicable to Xobee Networks and its personnel and will be made available on Xobee Networks’ website (www.xobee.com/xobee-voice-privacy-policy). The obligations and responsibilities set out in the Privacy Policy are in addition to any other applicable policies or agreements entered into with Xobee Networks and any applicable laws and/or regulations.

General Statement

Xobee Networks is dedicated to the use of Voice over Internet Protocol (VoIP) and related technologies to improve the telecommunications industry and the lives of individuals throughout the world.

Xobee Networks’ goal is to deliver carrier-grade communications services to all its Clients, at a reasonable price and to make available all the benefits that VoIP offers as broadly as possible. In order to achieve this goal, a Privacy Policy is necessary.

Scope

At Xobee Networks, privacy matters. Xobee Networks respects the privacy of its Clients and other individuals with whom Xobee Networks has business interactions

This policy is global, applying to all Xobee Networks locations. It applies to personal information regardless of format. For example, the policy applies to computerized records and electronic information as well as paper-based files.

It is also applicable to all personal information that is collected, maintained or processed by Xobee Networks. The concepts enumerated in this policy will guide Xobee Networks’ selection and expectations of its Clients, partners, agents and/or contractors to whom Xobee Networks transfers and relies on for processing of personal information.

Xobee Networks provides the technology platform for hosted or “cloud” unified communications as a service offerings (UCaaS). These Products merely act as a conduit for data transmitted by third parties and Subscribers. Xobee Networks processes personal information that is controlled by or originated from other companies, such as our Clients or other business partners. Xobee Networks also processes personal information in the course of providing support for Xobee Networks communications products. Xobee Networks shall protect the personal information, comply with all laws that regulate the processing of such personal information, and process the information only as authorized by the data controller or the data subject. Accordingly, Xobee Networks relies on guidance and direction of the Client (as the data controller), who determines the purposes of processing such personal information. In some cases, Xobee Networks may collect and process personal information for our own business purposes and shall comply with the applicable privacy laws concerning Xobee Networks processing.

While Xobee Networks does process data in its role of providing a technology platform, it does not own, control or direct the use of any of the personal information stored or processed by any Client or Subscriber. Xobee Networks only processes such personal information in order to provide and invoice for purchased and/or subscribed Products and Services.

Data Processor

Xobee Networks shall protect the personal information, comply with all laws that regulate the processing of such personal information, and process the information only as authorized by the data controller or the data subject. Accordingly, and in its role as a data processor, Xobee Networks relies on guidance and direction of the Client (as the data controller), who determines the purposes of processing such personal information. In some cases, Xobee Networks may collect and process personal information for our own business purposes and shall comply with the applicable privacy laws concerning Xobee Networks processing.

What Information We Collect or Process

Xobee Networks processes and in certain situations collects personal information as needed to deliver its Products and Services and manage its business. When collecting personal information, Xobee Networks does so in a reasonable and lawful manner.

The types of information and the purposes for which Xobee Networks collects or processes personal information may include:

Indirect End User Phone Contact Information (Personal Identifiable Information)

Xobee Networks acts as a data processor with regard to indirect end user personal identifiable information and our Clients act as the data controller of such data. In the course of Xobee Networks’ processing and protection of such data, all use will be in conformity with the data controller’s instructions.

Specifically, only when enabled via system permission on XobeeVoice Android and XobeeVoice iOS, Xobee Networks shows personal contacts within the respective application. When the user sends an SMS message to one of his/her phone contacts, or when the user initiates a call to one of his/her phone contacts, the phone number is sent securely through Xobee Networks’ API. Xobee Networks does not store this number with any other PII, and it cannot be directly or indirectly attributed to any person or persons; Xobee Networks stores only the phone number and pertinent metadata so as to be compliant with all applicable state and federal laws, and Xobee Networks does not share this data with any advertisers or third parties under any circumstances. A user can revoke phone contact access on his/her mobile device at any time, and his/her app experience is not hindered or interrupted.

XobeeVoice Android and iOS also uses Gravatar, only when enabled via Settings and UIConfigs, which is a service that provides avatar images linked to the MD5 hash of the user’s email address. This means that, only when Gravatar use is enabled, we hash each contact’s email address and send it to Gravatar to try and retrieve an avatar image. MD5 hashes cannot be directly or indirectly attributed to any person or persons, and we only send the MD5 hash to Gravatar, never the email address in plain text. As with phone contacts, a user can revoke Gravatar access at any time in Settings or via UIConfig, and his/her app experience is not hindered or interrupted.

CLIENTS

Xobee Networks uses such personal information only for relevant, appropriate, and customary purposes. Xobee Networks will not share or disclose personal information for purposes other than as described herein. Capitalized terms used in this Privacy Policy shall have the meaning as given in Client’s Master Services Agreement (MSA). The following are examples of some of the personal information Xobee Networks may process.

Business Contact Information:

Xobee Networks may collect and use personal information about individual contacts of Clients and others who access Xobee Networks public websites, knowledge bases, forums, ticket systems, or provide personal information through other means. Such information may include but is not limited to account information, first/last name, company name, title, and responsibilities, work email address, work mailing address, telephone numbers, login information, device identifiers, as well as additional information provided by such individuals in the course of receiving Products and Services from Xobee Networks and/or requesting information about Xobee Networks. We will use such information for the purposes of providing Products and Services, support, conducting data analytics and product assessments and related activities, and providing information regarding Xobee Networks Products and Services.

Customer Proprietary Network Information (CPNI):

Customer Proprietary Network Information (CPNI) may include information regarding quantity, destination, technical configuration, location, amount of use and related billing information of telecommunications, interconnected and/or non-interconnected Voice over Internet Protocol (VoIP) services. This may include but is not limited to the phone numbers that you call or send messages to (or the phone numbers that you receive these calls and messages from) through our Products and Services. The date, time and duration of the calls may also be collected. This data is used for billing and service level assurance.

Xobee Networks provides Products and Services that are primarily for the benefit of Clients and Subscribers in that Xobee Networks transmits, routes, switches or caches information. These Products and Services merely act as a conduit for data transmitted by third parties and Subscribers. Xobee Networks does not determine the purposes and means of processing this personal information. Except for Subscriber data provided by the Client (the Subscribers service provider) for which Xobee Networks is merely providing a conduit for transmission, the subscribed services are of such a nature that, in most instances, Xobee Networks requires and collects only essential CPNI and billing information; and opting out or declining to provide the requested data may hinder the provision or delivery of subscribed services. However, for CPNI data that is collected by Xobee Networks that is not subject to the control of others, Xobee Networks shall obtain consent from the user for the processing of this data.

Xobee Networks collects end-user CPNI in the course of providing Product support. This data may pertain to Clients of Xobee Networks or Subscribers (eg: end users of Xobee Networks’ direct Clients). This data may include IP address, telephone number, email address, call detail records, call recordings and other information sufficient to identify an individual end user.

Indirect End User’s CPNI:

Xobee Networks acts as a data processor with regard to indirect end user personal information and our Clients act as the data controller of such data. In the course of Xobee Networks’ processing and protection of such data, all use will be in conformity with the data controller’s instructions.

Direct End User’s CPNI:

Xobee Networks typically collects and processes direct end user (eg: Clients, vendors, and partners) personal information for the purposes of providing Products and Services, support, conducting data analytics and managing product performance.

Messaging, Voicemail, Video and Media Files:

Xobee Networks provides Products and Services that facilitate the recording and storage of audio and video by way of features such as but not limited to voicemail, call and conference recording. Users may elect to store or record personal information within these resources at their discretion.

Anonymized, Non-Identifying Voice and Traffic Data

Xobee Networks may use anonymized, non-identifying data collected from use of our XobeeVoice platform and other Xobee Networks Products and Services. This anonymized, non-identifying data may be used to enhance such items, but is not limited to, voice activation, improve traffic analysis algorithms and techniques, and recognition algorithms. This processing is executed under applicable terms and supports Xobee Networks’ legitimate interests in tuning, maintaining and enhancing these Products and Services.

Cookies

Xobee Networks websites may use cookies to collect certain kinds of personal information about Subscribers or users. For more information on how Xobee Networks uses cookies and choices available to Subscribers and users please refer to the following section.

How We Collect Information

We collect information in various ways, including the following:

When you use one of our Products or Services, Xobee Networks collects, and stores certain information that you provide directly. We also collect information about your use of the Products and Services.

Cookies and Similar Collection Methods

Xobee Networks also collects technical information about your usage of the Products and Services, and we use various technologies to collect information about cookies, IP addresses, device type and device identifiers, application state and the date and time of activity with our Products and Services, and other similar information. Xobee Networks may associate this information with your user identification and/or account number for our internal use.

Other Passive Site Tracking

Websites may also utilize Internet Protocol (IP) addresses and log files to identify network and server concerns and problems. Xobee Networks also utilizes web beacons and other passive tracking mechanisms to perform standard website traffic analysis in a similar manner to how we utilize cookies.

Credit Card Information

Xobee Networks only collects credit card information in order to bill for purchased or subscribed to Products and Services. Xobee Networks utilizes third-party credit card payment processing agents (where these agents are required to implement reasonable and appropriate measures to protect and secure this information from loss or misuse) solely for the purpose of processing payments for those Products and Services purchased or subscribed to. These payment processors use of your personal information is governed by their privacy policies, as well as adhering to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like American Express, Visa, Mastercard, and Discover.

Phone Number

Phone numbers (users’ contact list phone numbers): These are collected only if the user allows it by accepting the in-app disclosure message. If accepted, the numbers are shared only to our API in order to establish a call.

Email Address

Email addresses (users’ contact list email addresses): These are collected for all contacts in the list only if allowed via settings and configs. The app shares the MD5 hash of the email address with Gravatar in order to provide avatar images.

HOW DOES Xobee Networks UTILIZE COOKIES

General Information about Cookies

A cookie (also known as an HTTP cookie, web cookie, or browser cookie) is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity. Cookies were designed to be a reliable mechanism for websites to remember useful information (such as items in a shopping cart) or to record the user’s browsing activity (including clicking particular or specific buttons, logging in or recording which pages were visited by the user as far back as months or years ago).

Utilization of Cookies

A visit to a page on www.xobeevoice.com may generate the following types of cookie(s):

Anonymous Analytics Cookies

Every time a user visits a Xobee Networks website, software provided by another organization (such as Google Analytics) generates an ‘anonymous analytics cookie’. These cookies can tell us whether you have visited the site before. Your browser will inform us if you have these cookies and, if you don’t, our website generates new ones. This allows Xobee Networks to track how many individual users we have and how often they visit the site. Unless you are signed in to xobeevoice.com we cannot use these cookies to identify individuals. We use these cookies to gather statistics: for example, the number of visits to a page. If you are logged in to the Xobee Networks website, we will also be provided the details you gave to us for this, such as but not limited to your username and email address.

Registration Cookies

When you register with a Xobee Networks website, such as xobeevoice.com, Xobee Networks generates cookies that inform us whether you are signed in or not. Our servers use these cookies to determine which account you are signed in with and whether you are allowed access to a particular Product or Service.

Advertising (Ad) Cookies

These cookies allow Xobee Networks to know whether you’ve seen a specific ad or the type of ad, and for how long you have viewed it. We also utilize cookies to help us direct targeted advertising.

Other Third-Party Cookies

On some pages of our websites, other organizations may also set their own anonymous cookies. They do this to track the success of their products and/or services, or to customize the experience for you. Because of how cookies function, our websites cannot access these Third-Party cookies, nor can the other organization access the data in cookies Xobee Networks uses on our websites. For example, when you share an article or post using a social media sharing button (Facebook, LinkedIn or other social media outlets) on xobeevoice.com, the social network that has created the button will record that you have done this.

How Do I Turn Cookies Off

It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a specific website. Most modern browsers allow you to change your cookie settings. You can usually find these settings in the ‘options’ or ‘preferences’ menu of your browser. To understand these settings, you can use the ‘Help’ option in your browser for more details. It is solely your responsibility to stop cookies in your browser.

Note: If you block the use of cookies, then this will limit the service that we are able to provide to you and may affect your visitor/user experience.

VENDORS, SUPPLIERS AND SUBCONTRACTORS

Xobee Networks may collect personal information about individuals who are employed by our suppliers and vendors. This business contact and payment information are strictly used to administer existing and future business arrangements.

OTHERS

Additional personal information may be collected, processed and disclosed for the purposes for which it was collected and for legal compliance purposes, including regulatory reporting, investigation of allegations of wrongdoing, and the management and defense of legal claims and actions, and compliance with subpoenas, court orders, and other legal obligations. For example, we may collect information about individuals that visit our office or other facilities. When we do collect data, such collection shall be relevant, proportionate and limited to the purposes for which they are processed.

International Cross-Border Personal Information Transfers

Xobee Networks is a U.S.-based, global company. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Xobee Networks has operations for the purposes described in this Privacy Policy. Xobee Networks may also transfer your personal information to our third-party processors as detailed here, who may be located in a different country. Such countries may have laws which are different, and potentially not as protective, as the laws of your own country.
Whenever Xobee Networks shares personal information originating in the European Economic Area (the “EEA”) with an entity outside the EEA, Xobee Networks will rely on lawful measures such as the Privacy Shield Framework detailed in this Privacy Policy.

If you are visiting our Website(s) from the EEA or other regions with laws governing data collection and use, please note that by providing this personal information you are agreeing to the transfer of your personal information to the United States and other jurisdictions in which Xobee Networks operates in accordance with this Privacy Policy.

Transfer of Personal Information from the EU, United Kingdom and Switzerland to the United States

Xobee Networks complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred to the U.S. from the European Union (EU), the United Kingdom (UK) and/or Switzerland, respectively. Xobee Networks has certified to the Department of Commerce that they adhere to the applicable Privacy Shield Principles with respect to such data. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, please visit http://www.privacyshield.gov. To view the Xobee Networks certification under Privacy Shield, please visit http://www.privacyshield.gov/list.

With respect to personal information received or transferred pursuant to these Privacy Shield Frameworks, Xobee Networks is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (US FTC).

In addition to the protections provided under other sections of this Privacy Policy, Xobee Networks will provide the following protections for personal data transferred from the EU, United Kingdom, and Switzerland to the U.S.

CHOICE

Individuals will be offered a clear, conspicuous, and readily available mechanism to choose (opt-out) whether their personal information is (1) to be disclosed to a third party (other than a third party acting as an agent to perform tasks on behalf of and under the instruction of Xobee Networks or (2) to be used for a purpose that is materially different than or incompatible with the purpose for which it was originally utilized or subsequently authorized by the individual.

Additionally, individuals will be offered a similar choice mechanism to give affirmative or explicit (opt in) choice whether their sensitive personal information is to be disclosed to a third party or used for a purpose other than the purposes for which it was originally collected or subsequently authorized by the individual by opt-in choice. However, explicit (opt in) choice is not required when the disclosure of the sensitive personal information is (1) in the vital interests of the individual or another person; (2) necessary for the establishment of legal claims or defenses; (3) required to provide medical care or diagnosis; (4) necessary to carry out the organization’s obligations in the field of employment law, or (5) related to personal information that is manifestly made public by the individual.

Transfer of Personal Data from the EU, United Kingdom and Switzerland to Processors in the United States

Xobee Networks may transfer personal information to a processor in the United States solely for processing purposes. A “processor” is a third party who processes personal information on behalf of and in accordance with the instructions of Xobee Networks. When personal information is transferred from the EU, United Kingdom and Switzerland to the United States solely for processing purposes, Xobee Networks will comply with the applicable data protection laws including the EU General Data Protection Regulation (or “GDPR”) and the Swiss Federal Act on Data Protection (or “FADP”), respectively, and enter into a contract with the processor to ensure that the processor (1) acts only on instructions of Xobee Networks; (2) provides appropriate technical and organizational measures to protect the personal information against unlawful destruction or accidental loss, alteration, unauthorized disclosure or access; and understands whether onward transfers are allowed; and (3) assists Xobee Networks in responding to individuals exercising their rights under the Privacy Shield Principles, taking into account the nature of the processing.

Onward Transfers to Third Party Agents

After personal information is transferred from the EU, United Kingdom and/or Switzerland to the Xobee Networks Privacy Shield Company in the United States, the Xobee Networks Privacy Shield Company may thereafter transfer the personal information to third parties acting as controllers. A “controller” is a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal information. When Xobee Networks Privacy Shield Company makes such onward transfers to third-party controllers, the Xobee Networks Privacy Shield Company will comply with the Privacy Shield notice and choice principles and enter into a contract with the third party controller that provides that (1) such personal information may be processed only for limited and specified purposes consistent with the consent provided by the individual; (2) the third party controller will provide the same level of protection as the Privacy Shield principles; (3) the third party controller will notify the Xobee Networks Privacy Shield Company if the third party can no longer meet its obligation to provide the same level of protection for the personal information as required by the Privacy Shield principles; and (4) upon such notice by the third party controller, the third party controller will cease processing the personal information and/or take reasonable and appropriate steps to remediate any unauthorized processing.

Recourse Mechanisms for Personal Data Transferred Under Privacy Shield

Inquiries or complaints regarding transfers of personal data from the EU, United Kingdom and Switzerland to the U.S. pursuant to Privacy Shield should be directed to:

Xobee Networks
7910 N. Ingram Ave Suite #101
Fresno, CA 93711
Email: phonesupport@xobee.com

Xobee Networks has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent alternative dispute resolution mechanism. Xobee Networks has selected JAMS Mediation, Arbitration and ADR Services (JAMS) as the administrator of Xobee Networks’ independent recourse mechanism for Privacy Shield disputes. Xobee Networks has committed to refer such unresolved Privacy Shield complaints to JAMS in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, you may find more information about dispute resolution and how to file a claim with JAMS at https://www.jamsadr.com/eu-us-privacy-shield.

Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Please visit Privacy Shield Annex I for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Liability

In the context of an onward transfer of personal information, the Xobee Networks Privacy Shield Company has responsibility for the processing of personal information they receive under the Privacy Shield and subsequently transfers to a third-party agent. The Xobee Networks Privacy Shield Company will remain liable under the Privacy Shield Principles if their third-party agent processes such personal information in a manner inconsistent with the Privacy Shield Principles unless the Xobee Networks Privacy Shield Company proves that it is not responsible for the event giving rise to the damage.

Accountability for Onward Transfer

Xobee Networks will only transfer or provide direct access to personal information covered by this policy to third parties that have:

made a commitment to respect the privacy rights of the data subject;
limited processing of personal information to comply with customer and/or data controller instructions; and
given Xobee Networks contractual assurances that they will provide at least the same level of privacy protection as is required by applicable privacy laws.

Additionally, Xobee Networks is committed to subjecting all personal information received from European Union (EU) member countries, the United Kingdom (UK), and Switzerland, in reliance on the EU-US and Swiss-US Privacy Shield Frameworks, to the Privacy Shield Frameworks’ applicable Privacy Shield Principles. Xobee Networks will only transfer or provide direct access to EU, UK and Swiss personal information covered by this policy to third parties that:

are located in a jurisdiction subject to the EU Data Protection Directive or with privacy laws considered to be adequate by the EU,
subscribe to the EU-US and Swiss Privacy Shield Principles, as or
have given Xobee Networks contractual assurances that they will provide at least the same level of privacy protection as is required by the EU-US and Swiss-US Privacy Shield Principles, GDPR, FADP or EU member state laws implementing the EU Data Privacy Directive.

Accordingly, Xobee Networks requires the following of its onward transfer agents:

data processing and further transfer is limited and to specified purposes;
provision of at least the same level of privacy protection as contemplated by the Privacy Shield Principles;
processing of the personal information transferred in a manner consistent with the organization’s obligations under the Privacy Shield Principles;
takes reasonable and appropriate steps to stop and remediate unauthorized processing; and
provision of notification if the agent makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles.

How We Use the Information We Collect

We use your information primarily and as necessary to provide you with the various Xobee Networks Products and Services, including but not limited to one or more of the following ways: to create your accounts and allow use of our Products, to provide technical support and respond to Client inquiries, to prevent fraud or potentially illegal activities, enforce our other agreements with you, to notify Clients of application updates, and to inform Clients about new products or promotional offers.

SENSITIVE INFORMATION

Xobee Networks recognizes that for some sensitive information, affirmative express consent from individuals is required and must be obtained if such information is to be (i) disclosed to a third party or (ii) processed for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. In addition, Xobee Networks shall treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

SERVICE PORTALS

If you have created a user profile on any Xobee Networks service portal, you may access and revise the personal information in your user profile when you log into your account. In general, these portals will only require minimal personal information that is necessary to provide and administer the service.

MARKETING MATERIALS

If you provide us with your email address or other business contact information to enable us to provide communications and information to you, we may use the information for providing such communications including the delivery of press releases and other Xobee Networks marketing materials. You may request to no longer receive Xobee Networks marketing communications by following the “unsubscribe” instructions in emails from Xobee Networks or by sending a request to the contact identified below.

In the rare and unlikely event that Xobee Networks wishes to use an individual’s personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals, Xobee Networks will seek consent in advance as required by applicable law.

Sharing Your Information

We may disclose or report information that individually identifies Clients, Subscribers or devices in certain circumstances, such as:

(i) if we have a good faith belief that we are required to disclose the information in response to a valid legal process (for example, a court order, search warrant or subpoena, or to defend or respond to legal actions, and as otherwise authorized by law, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements); (ii) to satisfy applicable laws, (iii) if we believe that the Products and Services are being used in an unauthorized, unlawful or abusive manner, such as to commit a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction, (iv) if we have a good faith belief that there is an emergency that poses a threat to the health or safety of a person or the general public, (v) in order to protect the rights or property of Xobee Networks, including enforcement of our Intellectual Property Rights and terms of the Agreement(s), and (vi) for all other purposes with your consent. We may also provide your information to third party companies to perform services on our behalf, including but not limited to payment processing, data analysis, message delivery, hosting services, customer service, and marketing.

If Xobee Networks enters into a merger, acquisition or sale of all or a portion of its assets or business, Client and Subscriber information, including personal information, will also be transferred as part of or in connection with the transaction as per applicable law.

INFORMATION DISCLOSURE

Internal Disclosure

In general, personal information may be shared within Xobee Networks, where legally permitted for reasonable and appropriate corporate purposes. However, even within Xobee Networks, we restrict access to personal information to those employees, agents, or contractors who need access to carry out their assigned functions.

External Disclosure

Xobee Networks uses vendors and partners for a variety of business purposes, such as to help us develop, deploy and invoice for the various Products and Services we provide. We share information with those vendors and partners when it is necessary for them to perform work on our behalf. Xobee Networks requires that these vendors and partners protect the customer information we provide to them and limit their use of such information to their respective processing activity. Xobee Networks will only transfer or provide direct access to personal information covered by this policy to third parties that have made a commitment to respect the privacy rights of the data subject; limit processing of personal information to comply with data controller instructions; and provided Xobee Networks contractual assurances that they will provide at least the same level of privacy protection as is required by applicable privacy laws.

Security of Your Information

We implement security measures we believe are reasonable to protect your information. It is important that you protect and maintain the security of your account and you need to immediately notify us of any unauthorized use of your account. Remember, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot and do not guarantee its absolute security.

Protecting Personal Information

To help protect the confidentiality of personal information, Xobee Networks employs security safeguards appropriate to the sensitivity of the information and in accordance with this Privacy Policy. These safeguards include reasonable administrative, technical and physical measures to safeguard the confidentiality and security of personal information against anticipated threats and unauthorized access to personal information. No transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. Additionally, we convey safeguard obligations to our agents who receive personal information from or on behalf of Xobee Networks in the course of their relationship with our organization as described above in the section titled External Disclosure.

Transfer of Data

Your information, including personal information, may be transferred to, and maintained on, computers, servers or other data storage located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you reside outside the United States and choose to provide information to Xobee Networks, please note that we transfer the data, including personal information, to the United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Retention of Data

Personal information collected by Xobee Networks will be retained for as long as necessary and legally permitted for the purposes for which it was collected, to provide you with Products and Services, enforce our legal agreements and policies and to conduct our legitimate business interests or where otherwise required by law.

Data Integrity

Xobee Networks employs reasonable means to keep personal information accurate, complete, and current, as needed for the purposes for which it was collected.

How to Access and Update Your Information

We generally provide individuals with an opportunity to examine their own personal information, confirm the accuracy and completeness of their personal information, and have their personal information updated, if appropriate.

The ability of an individual to access his or her personal information is not unlimited, however. An individual’s ability to access personal information may be limited, for example, where (i) the burden or expense of providing access would be unreasonable or disproportionate to the risks to the individual’s privacy, (ii) the information should not be disclosed due to legal or security reasons or to protect confidential commercial information; or (iii) providing access would compromise the privacy of another person.

If you have created a user profile on a portal, you may also access and revise the personal information in your user profile when you log into your account.

Individuals who wish to access or update their personal information not accessible via a portal should direct such communications to Xobee Networks Legal Department at:

phonesupport@xobee.com

Third-Party Websites, Plugins or Widgets

Xobee Networks websites, Products and/or Services may include social network or other third-party plugins and widgets not operated by us. Accessing these links to other sites is done at your own option and is not part of any Xobee Networks’ offerings. Xobee Networks has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services. We strongly advise you to review each privacy policy provided at the respective site.

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is United States legislation that provides data privacy and security provisions for safeguarding medical information. Client acknowledges and agrees that unless the Xobee Networks Products and Services description expressly states otherwise, the Products and Services do not comply with the requirements of the Health Insurance Portability and Accountability Act, as amended, and its implemented regulations. Unless the Products and Services description expressly states otherwise, Client agrees that it will not use the Products and Services to create, receive, transmit, maintain, store, use, disclose, or otherwise cause the Products and Services to handle Protected Health Information (“PHI”) as defined under HIPAA. Client retains complete and full responsibility to ensure that the Products and Services are only applied to use-case scenarios where the Products and Services do provide the necessary level of security and privacy protections. CLIENT’S AGREEMENT TO THIS PROVISION IS A MATERIAL CONDITION OF MAKING THE PRODUCTS AND SERVICES AVAILABLE TO CLIENT. In addition to any indemnity requirements in these Terms, Client shall indemnify, defend and hold harmless Company, Company Affiliates and all of the directors, officers, managers, partners, employees, agents, representatives, heirs, successors and assigns of Company and each of Company’s Affiliates against all actions, claims, losses, penalties, fines, assessments, administrative costs, credit protection costs, damages and expenses (including reasonable attorneys’ fees) arising out of Client’s violation of the provisions of this section, caused in whole or in part by any act or omission of Client, or of anyone employed by or acting as a subcontractor, representative or agent of Client. Any limitation on liability set forth in the terms of the Master Services Agreement or any other agreement between Company or its Affiliates and Client shall not apply to Client’s liability under this provision.

California Privacy Rights

The California Data Protection Act (Cal. Civ. Code §§ 1798.83), also known as S.B. 27 “Shine the Light Law”, applies to a business that owns or retains California residents’ personal information and, requires such business to disclose to its California customers, upon request, the identity of any third parties to whom the business has disclosed personal information within the previous calendar year, along with the type of personal information disclosed, for the third-parties’ direct marketing purposes.

A business subject to California Business and Professions Code Section 22581 and the Privacy Rights for California Minors in the Digital World Act (Cal. Bus. & Prof. Code §§ 22580-22582) must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal or other forms of anonymization of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be so removed.

Our Products and Services do not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.

If you are a California resident and would like to make such a request, email or contact us at: phonesupport@xobee.com

CCPA/CPRA Privacy Notice

This privacy notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.

Please note that the categories and examples provided in the list below are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact collected by Us, but reflects our good faith belief to the best of Our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if You provided such personal information directly to Us.

Category A: Identifiers.

Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.

Collected: Yes.

Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

Collected: Yes.

Category C: Protected classification characteristics under California or federal law.

Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Collected: No.

Category D: Commercial information.

Examples: Records and history of products or services purchased or considered.

Collected: No.

Category E: Biometric information.

Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

Collected: No.

Category F: Internet or other similar network activity.

Examples: Interaction with our Service or advertisement.

Collected: Yes.

Category G: Geolocation data.

Examples: Approximate physical location.

Collected: No.

Category H: Sensory data.

Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

Collected: No.

Category I: Professional or employment-related information.

Examples: Current or past job history or performance evaluations.

Collected: No.

Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Collected: No.

Category K: Inferences drawn from other personal information.

Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Collected: No.

Category L: Sensitive personal information.

Examples: Account login and password information, geolocation data.

Collected: Yes.

Under CCPA/CPRA, personal information does not include:

Publicly available information from government records
Deidentified or aggregated consumer information
Information excluded from the CCPA/CPRA’s scope, such as:
Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

Directly from You. For example, from the forms You complete on our Service, preferences You express or provide through our Service.
Indirectly from You. For example, from observing Your activity on our Service.
Automatically from You. For example, through cookies We or our Service Providers set on Your Device as You navigate through our Service.
From Service Providers. For example, third-party vendors to monitor and analyze the use of our Service, third-party vendors to deliver targeted advertising to You, or other third-party vendors that We use to provide the Service to You.

Use of Personal Information

We may use or disclose personal information We collect for “business purposes” or “commercial purposes” (as defined under the CCPA/CPRA), which may include the following examples:

To operate our Service and provide You with Our Service.
To provide You with support and to respond to Your inquiries, including to investigate and address Your concerns and monitor and improve our Service.
To fulfill or meet the reason You provided the information. For example, if You share Your contact information to ask a question about our Service, We will use that personal information to respond to Your inquiry.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to You when collecting Your personal information or as otherwise set forth in the CCPA/CPRA.
For internal administrative and auditing purposes.
To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.
Other one-time uses.

Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how we use this information, please refer to the “Use of Your Personal Data” section.

If We decide to collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes We will update this Privacy Policy.

Disclosure of Personal Information

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:

Category A: Identifiers

Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Category F: Internet or other similar network activity

Please note that the categories listed above are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.

When We disclose personal information for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Share of Personal Information

We may share, and have shared in the last twelve (12) months, Your personal information identified in the above categories with the following categories of third parties:

Service Providers

Our affiliates

Our business partners

Third party vendors to whom You or Your agents authorize Us to disclose Your personal information in connection with products or services We provide to You

Sale of Personal Information

As defined in the CCPA/CPRA, “sell” and “sale” mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s personal information by the Business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.

We do not sell personal information as the term sell is commonly understood. We do allow Service Providers to use Your personal information for the business purposes described in Our Privacy Policy, for activities such as advertising, marketing, and analytics, and these may be deemed a sale under CCPA/CPRA.

We may sell and may have sold in the last twelve (12) months the following categories of personal information:

Category A: Identifiers

Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Category F: Internet or other similar network activity

Please note that the categories listed above are those defined in the CCPA/CPRA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of Our knowledge that some of that information from the applicable category may be and may have been shared for value in return.

Sale of Personal Information of Minors Under 16 Years of Age

We do not knowingly collect personal information from minors under the age of 16 through our Service, although certain third party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies and We encourage parents and legal guardians to monitor their children’s Internet usage and instruct their children to never provide information on other websites without their permission.

We do not sell the personal information of Consumers We actually know are less than 16 years of age, unless We receive affirmative authorization (the “right to opt-in”) from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, You (or Your authorized representative) may submit a request to Us by contacting Us.

If You have reason to believe that a child under the age of 13 (or 16) has provided Us with personal information, please contact Us with sufficient detail to enable Us to delete that information.

Your Rights under the CCPA/CPRA

The CCPA/CPRA provides California residents with specific rights regarding their personal information. If You are a resident of California, You have the following rights:

The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
The right to know/access. Under CCPA/CPRA, You have the right to request that We disclose information to You about Our collection, use, sale, disclosure for business purposes and share of personal information. Once We receive and confirm Your request, We will disclose to You:
The categories of personal information We collected about You
The categories of sources for the personal information We collected about You
Our business or commercial purposes for collecting or selling that personal information
The categories of third parties with whom We share that personal information
The specific pieces of personal information We collected about You
If we sold Your personal information or disclosed Your personal information for a business purpose, We will disclose to You:
The categories of personal information categories sold
The categories of personal information categories disclosed
The right to say no to the sale or sharing of Personal Data (opt-out). You have the right to direct Us to not sell Your personal information. To submit an opt-out request, please see the “Do Not Sell My Personal Information” section or contact Us.
The right to correct Personal Data. You have the right to correct or rectify any any inaccurate personal information about You that We collected. Once We receive and confirm Your request, We will use commercially reasonable efforts to correct (and direct our Service Providers to correct) Your personal information, unless an exception applies.
The right to limit use and disclosure of sensitive Personal Data. You have the right to request to limit the use or disclosure of certain sensitive personal information We collected about You, unless an exception applies. To submit, please see the “Limit the Use or Disclosure of My Sensitive Personal Information” section or contact Us.
The right to delete Personal Data. You have the right to request the deletion of Your Personal Data under certain circumstances, subject to certain exceptions. Once We receive and confirm Your request, We will delete (and direct Our Service Providers to delete) Your personal information from our records, unless an exception applies. We may deny Your deletion request if retaining the information is necessary for Us or Our Service Providers to:
Complete the transaction for which We collected the personal information, provide a good or service that You requested, take actions reasonably anticipated within the context of our ongoing business relationship with You, or otherwise perform our contract with You.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which You provided it.
The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your consumer’s rights, including by:
Denying goods or services to You
Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
Providing a different level or quality of goods or services to You
Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services

Exercising Your CCPA/CPRA Data Protection Rights

Please see the “Do Not Sell My Personal Information” section and “Limit the Use or Disclosure of My Sensitive Personal Information” section for more information on how to opt out and limit the use of sensitive information collected.

Additionally, in order to exercise any of Your rights under the CCPA/CPRA, and if You are a California resident, You can contact Us:

By visiting this page on our website: https://xobee.com/contact-us/

Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable request related to Your personal information.

Your request to Us must:

Provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative
Describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it

We cannot respond to Your request or provide You with the required information if We cannot:

Verify Your identity or authority to make the request
And confirm that the personal information relates to You

We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

Any disclosures We provide will only cover the 12-month period preceding the verifiable request’s receipt.

For data portability requests, We will select a format to provide Your personal information that is readily usable and should allow You to transmit the information from one entity to another entity without hindrance.

Do Not Sell My Personal Information

You have the right to opt-out of the sale of Your personal information. Once We receive and confirm a verifiable consumer request from You, we will stop selling Your personal information. To exercise Your right to opt-out, please contact Us.

The Service Providers we partner with (for example, our analytics or advertising partners) may use technology on the Service that sells personal information as defined by the CCPA/CPRA law. If you wish to opt out of the use of Your personal information for interest-based advertising purposes and these potential sales as defined under CCPA/CPRA law, you may do so by following the instructions below.

Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that You use.

Website

If applicable, click “Privacy Preferences”, “Update Privacy Preferences” or “Do Not Sell My Personal Information” buttons listed on the Service to review your privacy preferences and opt out of cookies and other technologies that We may use. Please note that You will need to opt out from each browser that You use to access the Service.

Additionally, You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:

The NAI’s opt-out platform: http://www.networkadvertising.org/choices/
The EDAA’s opt-out platform http://www.youronlinechoices.com/
The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by your browser, You will need to opt out again.

Mobile Devices

Your mobile device may give You the ability to opt out of the use of information about the apps You use in order to serve You ads that are targeted to Your interests:

“Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices
“Limit Ad Tracking” on iOS devices

You can also stop the collection of location information from Your mobile device by changing the preferences on Your mobile device.

Limit the Use or Disclosure of My Sensitive Personal Information

If You are a California resident, You have the right to limit the use and disclosure of Your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average Consumer who requests such services or goods.

We collect, use and disclose sensitive personal information in ways that are necessary to provide the Service. For more information on how We use Your personal information, please see the “Use of Your Personal Data” section or contact us.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

Changes to Our Privacy Policy

Xobee Networks reserves the right to change this Privacy Policy at our discretion subject to business or legal requirements. You are advised to review and check this Privacy Policy from time to time and particularly before you provide personal information to Xobee Networks. Changes to this Privacy Policy are effective when they are posted on this page. By continuing to use our Products and/or Services you are agreeing to be bound by any changes or revisions made to this privacy policy.

Contacting Us

If you have any questions, comments, or concerns regarding our Privacy Policy or practices, please send an email to phonesupport@xobee.com

Trust the Local Tech Experts

Ready to get started?

Speak with a representative right now, we’ll answer any questions you may have and provide you with an estimated cost for your project.

(844) 490-2800

Fill out a quick form to help us put you in touch with someone who is an expert on your inquiry. We’ll contact you within 24 hours.

Email us

Xobee Voice Privacy Policy