Privacy Policy

Adoptiv is a Communications Platform as a Service (CPaaS) used by businesses and developers to build communication-enabled applications — including an AI-powered Predictive Dialer, a complete CRM (Contacts, Accounts, Deals, Pipelines), and AI Automation (AI Voice Agents, AI Sales Agents, call transcription, sentiment analysis, and email intelligence).

For the purposes of data protection law, Adoptiv Inc acts as the Data Controller (under GDPR) and Data Fiduciary (under DPDPA) in respect of personal data it collects from visitors to our website, prospective customers, and registered platform users. Where Adoptiv processes personal data on behalf of our customers (e.g. their contact lists, call recordings, or CRM records), Adoptiv Inc acts as a Data Processor operating under your instructions and our Data Processing Agreement (DPA).

Legal correspondence: [email protected]

This Privacy Policy applies to all personal data collected through:

• Adoptiv Platform: All features accessed via adoptiv.com — Dialer, CRM, AI Agents, Dashboards, Workflows
• Marketing Website: adoptiv.com homepage, blog, pricing, landing pages, sign-up forms, and demo requests
• Communications: Inbound/outbound calls, SMS messages, email sequences, and voicemails processed via our platform
• Integrations: Data received from third-party integrations you connect (HubSpot, Salesforce, Pipedrive, Close, Gmail, Outlook, Stripe, etc.)
• Support interactions: Live chat, email, and phone support conversations with our Human Support team

This policy does not apply to the internal privacy practices of third-party integrations you connect to Adoptiv. We encourage you to review each third party's own privacy policy. It also does not apply to Adoptiv employees or contractors — a separate employee privacy notice governs those relationships.

The personal data we collect depends on your relationship with us and the features you use. Below is the complete inventory of data categories processed by Adoptiv:

3.1 Account & registration data

• Identity: First name, last name, job title, company name
• Contact: Business email address, phone number
• Credentials: Hashed passwords, MFA tokens, SSO/SAML identifiers, OAuth tokens (Google Workspace, Microsoft Entra ID)
• Billing: Company billing address, VAT/GST number; payment card details are processed exclusively by PCI-DSS compliant processors (Stripe / PayPal) — we do not store full card numbers

3.2 Telephony & communications data

Adoptiv is a communications platform. By its nature, it processes call metadata and communications content. This section is critical — please read carefully.

• Call metadata: Source and destination phone numbers, call direction (inbound/outbound), call date and time, call duration, call status (answered, voicemail, no-answer), routing information
• Call content: Call recordings (when recording is enabled by account administrators), voicemail audio files, AI transcriptions of calls
• SMS / text data: SMS message content, delivery status, source and destination numbers, timestamps
• AI voice analysis: Sentiment analysis scores, topic detection, keyword flags, conversation summaries generated by our AI engine
• CPNI: Customer Proprietary Network Information — see Section 7 for full disclosure

3.3 CRM data

• Contact records: Names, phone numbers, email addresses, company, title, custom fields imported or created by your team
• Deal & pipeline data: Deal names, values, stages, associated contacts, close dates, notes, and activity history
• Activity logs: Auto-logged call dispositions, SMS activities, email activities, tasks, meetings
• Custom fields: Unlimited custom fields your team configures — AI-assisted field suggestions may generate structured data from communications

3.4 AI-generated data

• Transcriptions: Text transcripts of calls and voicemails, generated by our AI transcription engine
• Sentiment scores: Emotional tone analysis (positive / neutral / negative) applied per call segment
• AI call summaries: Structured summaries of call content, key topics, and next-action suggestions generated by AI
• Lead scores: Predictive lead scoring and deal health scores generated by AI based on historical activity patterns
• Email intelligence: AI email parsing, sentiment, and auto-generated actions from connected Gmail/Outlook accounts

3.5 Technical & usage data

• Device & browser: IP address, browser type and version, operating system, screen resolution, unique device identifiers
• Log data: Access timestamps, features used, pages visited, API call logs, error logs, session tokens
• Performance metrics: Response times, latency, uptime data, infrastructure performance indicators

3.6 Third-party integration data

When you connect Adoptiv to third-party platforms (HubSpot, Salesforce, Pipedrive, Close, Gmail, Outlook, Stripe, Zapier, etc.), we receive data from those platforms as authorized by you. We use that data solely to deliver the integration functionality you configured. We do not use Connected Account Data for advertising or cross-customer analytics.

Direct input

Registration forms, free trial sign-up, profile settings, manual CRM data entry, support tickets, and survey responses

Automated platform activity

Calls, SMS, and emails processed through Adoptiv are logged automatically — zero manual entry by design

Third-party integrations

Connected CRM platforms, email clients, payment processors, and automation tools (Zapier, Make) share data per your integration configuration

Cookies & tracking

Marketing website uses cookies for analytics, session management, and advertising — see Section 16

AI inference

AI engines derive structured data (transcriptions, sentiment, summaries, scores) from communications processed through the platform

Public sources

Contractually licensed enrichment providers (e.g., Clearbit, ZoomInfo) to supplement account information for customers we contact for sales or support. We do not scrape third-party platforms or use data in violation of any provider's terms.

We process personal data only for specified, legitimate purposes and never for purposes incompatible with those listed below.

We do not sell your personal data to third-party data brokers, list brokers, or mailing list companies. We do not use your data to train generalised AI/ML models for third parties.

Adoptiv's platform supports call recording. This section explains exactly how recordings are governed, stored, and protected.

6.1 Recording enablement

Call recording is off by default. It is enabled only by the account administrator at the organization level or at the individual call campaign level. When recording is enabled, Adoptiv supports the following notification methods to help Customers comply with applicable consent laws:

• Auto-announcement: Configurable IVR or audio message informing the called party that the call may be recorded, prior to connection
• Beep notification: Periodic beep tones inserted into the call stream to indicate ongoing recording
• Agent disclosure: Training and compliance tooling for agents to verbally disclose recording at the start of the call

Customer responsibility: You, as the Adoptiv account holder, are solely responsible for ensuring that call recording complies with all applicable laws in your jurisdiction. Adoptiv provides the technical tools; legal compliance obligations remain with the account holder.

6.2 International consent baseline

6.3 Recording access & storage

• Encryption at rest: All recordings encrypted with AES-256
• Encryption in transit: Calls encrypted using SRTP (Secure Real-Time Transport Protocol); API calls over TLS 1.3
• Role-based access: Recordings accessible only to authorised users per your RBAC configuration
• Retention control: Account administrators set recording retention periods; records deleted automatically upon period expiry
• Deletion on request: Individual recordings can be deleted from the platform dashboard; deletion is permanent and non-recoverable after confirmation

6.4 AI processing of recordings

Where AI transcription and analysis features are enabled, recordings are processed by our AI engine to produce transcripts, sentiment scores, and summaries. This processing occurs within your assigned data residency region. Recordings are not used to train or improve generalised AI models shared with other customers.

As a provider of Voice over Internet Protocol (VoIP) and communications services, Adoptiv is subject to US federal regulations governing Customer Proprietary Network Information (CPNI) under the Communications Act (47 U.S.C. § 222) and FCC rules.

7.1 What is CPNI?

CPNI is information that Adoptiv obtains by virtue of providing you with communications services. It includes: the number of calls made, call destinations and duration, call type and service configuration, and technical network information. CPNI does not include your name, billing address, or the content of calls.

7.2 How we use CPNI

Without your affirmative consent, we use CPNI exclusively for:

• Service delivery: Initiating, routing, billing, and maintaining your communications services
• Fraud prevention: Protecting you and other users from unauthorised use of services
• Legal compliance: Responding to lawful government requests, court orders, or subpoenas

With your consent, we may use CPNI to inform you of Adoptiv-related services or add-ons that may be of interest based on your usage patterns.

7.3 Your CPNI rights

You have the right to deny, restrict, or withdraw Adoptiv's use of your CPNI for marketing purposes at any time without affecting the services you receive. To exercise this right, email [email protected] with subject line "CPNI Opt-Out." Restrictions remain valid until affirmatively revoked or your services are discontinued.

Adoptiv is an AI-native platform. This section provides full transparency about how AI systems process data, make decisions, and interact with personal information — in compliance with the EU AI Act, GDPR Article 22, relevant US AI governance frameworks, and our commitments to our customers.

8.1 AI features & their data use

8.2 Automated decision-making

Adoptiv uses automated systems to make certain operational decisions, including answering machine detection (AMD), lead routing, and DNC scrubbing. None of these decisions produce legal or similarly significant effects on individuals as defined under GDPR Article 22. Where AI-generated scores or suggestions influence sales outcomes, a human sales representative is always in the decision loop.

If any future AI feature introduces fully automated decisions with significant individual impact, we will notify affected users, implement GDPR Article 22 safeguards, and update this policy prior to deployment.

8.3 AI statutes applied

• EU AI Act (Regulation (EU) 2024/1689) — AI Voice Agents disclose they are AI systems (Art. 50 limited-risk transparency); synthetic voice is labelled (Art. 50(4)); practices prohibited under Art. 5 are not offered.
• GDPR Article 22 — no solely automated decisions with significant individual effect without human review.
• FCC AI voice declaratory ruling (Feb 2024) — AI-generated calls treated as robocalls; PEWC required.
• California AB 2905 — AI disclosure on voice calls when asked.
• Colorado AI Act (SB 24-205) — deployer impact assessments and consumer disclosures (effective 1 Feb 2026).
• MeitY AI Advisory (India, Mar 2024) — synthetic-media labelling and originator traceability.

8.4 AI governance principles

• Transparency — All AI features disclose when AI is generating output. AI-generated transcripts, summaries, and scores are clearly labelled in the platform UI.
• Data boundaries — AI processing occurs within your assigned data residency region. No cross-tenant or cross-border AI data flows are introduced by AI features.
• Human control — Super Admins can view AI access logs, enable or disable individual AI features, and override all AI-generated outputs from the platform dashboard.
• No model training — Your call recordings, CRM data, and communications content are never used to train or improve generalised AI models shared across other customers or sold to third parties.

8.5 Third-party AI providers

Certain AI features in Adoptiv are powered by third-party AI services (such as speech-to-text, LLM inference, or sentiment analysis providers). All third-party AI providers are bound by data processing agreements with Adoptiv and may only process data for the specified purpose. You may request the current list of AI sub-processors by emailing [email protected].

We share personal data only in the limited circumstances below. We do not sell personal data to data brokers, advertisers, or mailing list companies.

Mobile opt-in data (SMS consent records) is never shared with third parties for their marketing purposes. (This reflects US 10DLC / CTIA industry expectations and Adoptiv's global policy.)

Adoptiv serves customers globally. Personal data may be transferred across borders as part of our platform operations. Adoptiv Inc is the controlling / processing entity for international transfers; the transfer mechanisms below apply:

Where neither DPF nor SCCs are applicable, we rely on adequacy decisions as adopted by the relevant jurisdiction. Where no adequacy decision exists, we use binding contractual protections with all sub-processors.

Data residency control: Adoptiv provides regional data residency selection as a platform feature. Enterprise customers can select the data region in which their data is stored and processed — ensuring compliance with local data localisation laws. Available regions include US, EU, UK, Canada, Australia, and India.

Adoptiv applies enterprise-grade security controls across all layers of the platform. Our security posture is independently audited where applicable:

GDPR-aligned · TCPA-aligned · AES-256 encryption · TLS 1.3 in transit · SRTP for calls

• Encryption — AES-256 at rest, TLS 1.3 in transit, SRTP for call media streams. End-to-end encrypted credential storage.
• Access control — RBAC, MFA (SMS / authenticator app / hardware key), SSO via SAML 2.0 and OAuth 2.0, IP whitelisting, per-endpoint rate limiting.
• Infrastructure — Multi-node redundancy, automatic failover, schema-per-tenant isolation, 99.9% uptime SLA.
• Audits & pen-testing — Annual third-party penetration testing, continuous vulnerability scanning.
• Backup & recovery — Automated daily backups with point-in-time recovery. Backups encrypted at rest in geographically separate locations.
• Incident response — 24/7 security monitoring. In the event of a personal data breach, we will notify affected customers and relevant supervisory authorities within 72 hours (GDPR Art. 33) or as otherwise required by applicable law; Indian CERT-In Directive 6-hour timing applies where Indian systems are affected.

For full security documentation, visit adoptiv.com/security or contact [email protected].

We retain personal data for the minimum period necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes.

After expiry of retention periods, personal data is securely deleted or irreversibly anonymised. Aggregated, non-identifiable data derived from platform usage may be retained indefinitely for product improvement analytics.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under GDPR / UK GDPR / Swiss FADP in respect of personal data we process as a controller:

Categories of Personal Information Collected (California — 12-month lookback)

• Identifiers: Name, email, phone number, IP address, account ID, device identifiers
• Commercial information: Subscription plan, purchase history, deal pipeline data
• Communications content: Call recordings and metadata (where recording is enabled), SMS, voicemails
• Internet / network activity: Usage data, feature access logs, browser/device data, session information
• Inferences: AI-generated lead scores, sentiment analysis, deal health predictions, next-action recommendations
• Professional information: Job title, company name, professional contact details

We respond to verified California consumer requests within 45 days, extendable by an additional 45 days with notice.

In addition to California (Section 14), residents of the following US states have rights under their respective privacy laws. We respond to verified requests within the statutory timeframe (generally 45 days, extendable by 45 days with notice).

To exercise any of these rights, email [email protected] with the subject line "State Privacy Rights Request — [state name]."

Adoptiv's marketing website (adoptiv.com) uses cookies and similar tracking technologies. The Adoptiv platform application uses strictly necessary session cookies only — no advertising cookies are placed in the authenticated product.

You can manage cookie preferences at any time by clicking the "Cookie Preferences" link in the footer of adoptiv.com. Cookie consent choices are stored for 6 months and are browser/device-specific. Full details in our Cookie Policy at adoptiv.com/cookies.

If you are a Data Principal resident in India, you have the following rights under the Digital Personal Data Protection Act, 2023. Adoptiv Inc is the Data Fiduciary for personal data processed through the Adoptiv Platform.

Cross-border transfers of personal data of Indian Data Principals are made in accordance with §16 of the DPDPA 2023 and the MeitY-notified negative list of restricted jurisdictions. We do not transfer Indian personal data to any jurisdiction notified on the restricted list.

Adoptiv is a business-to-business (B2B) enterprise software platform. It is not directed to, and is not intended for use by, minors.

We do not knowingly collect personal data from minors below the applicable threshold. If we become aware that we have received personal data from such a minor, we will take immediate steps to delete that data. If you believe a minor has created an account on our platform, please contact [email protected] immediately with the subject line "Minor Account Report."

We may update this Privacy Policy periodically to reflect changes in our practices, product features, regulatory requirements, or for clarification. When we make material changes, we will:

• In-platform notification: Display a banner within the Adoptiv dashboard at least 30 days before material changes take effect
• Email notification: Send an email to the account administrator email address on file describing the material changes
• Version history: Maintain a changelog of this policy at adoptiv.com/privacy-and-policy noting each material revision date

Your continued use of the Adoptiv platform after a policy update constitutes acceptance of the revised terms. If you do not agree with a material change, you may terminate your subscription in accordance with our Terms of Service.

The current version of this policy is always accessible at adoptiv.com/privacy-and-policy.

For any questions, concerns, complaints, or rights requests relating to this Privacy Policy or our data processing practices, please contact us:

Privacy Team

General privacy enquiries, rights requests, consent withdrawal, opt-outs. [email protected]

Security Team

Security vulnerabilities, breach reporting, security certifications. [email protected]

Legal / DPO

Legal notices, law-enforcement requests, and privacy complaint escalation. [email protected]

Dispute resolution

We commit to investigating and responding to privacy complaints within 30 days. If you are not satisfied with our response, you may escalate to the relevant supervisory authority.

Thank you for trusting Adoptiv. We are committed to the highest standards of data privacy and security. If you have any questions, please reach out at [email protected].