Privacy Policy

Last updated: March 11, 2026

This Privacy Policy describes how LeanPBX ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our cloud communications platform and related services (the "Services"), visit our website, or interact with us. We are committed to protecting your privacy in compliance with applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number, business name, physical address, and account credentials when you create an account or contact us.
  • Payment Information: Billing address, credit card details, and payment method information processed through our secure payment processors.
  • Communications Content: Call recordings (when enabled by you), voicemail messages, SMS messages, support ticket content, and other communications you send or receive through the Services.
  • Contact Data: Information you store in the CRM, including contact names, phone numbers, email addresses, company information, notes, and deal information.
  • Support Interactions: Information provided when you contact our support team, including ticket content and attachments.

1.2 Information Collected Automatically

  • Usage Data: Call detail records (CDRs) including call date, time, duration, caller and recipient numbers, and call disposition. SMS metadata including send/receive timestamps and delivery status.
  • Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Log Data: Server logs, error logs, and security event logs generated during your use of the Services.
  • Cookies and Similar Technologies: See Section 10 (Cookies) below for details.

1.3 Information from Third Parties

We may receive information from telecommunications carriers in the course of providing voice and SMS services, including number portability data and carrier routing information.

2. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Services, including routing calls and messages, processing payments, and delivering customer support.
  • Account Management: To create and manage your account, verify your identity, process transactions, and communicate with you about your account.
  • Security and Fraud Prevention: To protect against unauthorized access, detect and prevent fraud, and ensure the security and integrity of the Services.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes, including telecommunications regulations, tax requirements, and law enforcement requests.
  • Service Improvement: To analyze usage patterns and trends in aggregate to improve the Services, develop new features, and optimize platform performance.
  • Communications: To send you service-related notifications, billing information, security alerts, and, with your consent, marketing communications.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Telecommunications Providers: We share necessary information with telecommunications carriers and network providers to route calls and messages and provision phone numbers.
  • Payment Processors: Payment information is shared with our payment processors to facilitate transactions.
  • Service Providers: We engage third-party service providers who perform services on our behalf, such as hosting, analytics, and email delivery. These providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.
  • Legal Requirements: We may disclose information when required by law, subpoena, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4. Customer Proprietary Network Information (CPNI)

As a provider of telecommunications services, we collect and maintain Customer Proprietary Network Information (CPNI) as defined under 47 U.S.C. § 222. CPNI includes:

  • The types and quantities of telecommunications services you purchase.
  • How you use those services (call patterns, usage volumes).
  • Related billing information.

We protect your CPNI in accordance with Federal Communications Commission (FCC) rules. We use CPNI to provide and bill for your telecommunications services and to offer you service upgrades or enhancements related to the services you currently use. We will not use or share your CPNI for marketing purposes unrelated to your existing services without your affirmative approval. You have the right to restrict our use of your CPNI by contacting us at support@leanpbx.com.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Account Data: Retained for the duration of your account and for a reasonable period thereafter as required for legal and business purposes.
  • Call Detail Records: Retained for a minimum of eighteen (18) months in compliance with FCC regulations (47 CFR § 42.6), and up to three (3) years for service and billing purposes.
  • Call Recordings: Retained in accordance with your account settings and subscription plan. You may delete recordings at any time through the Services.
  • SMS Messages: Message metadata retained for up to one (1) year. Message content retained for the duration of your account.
  • Payment Records: Retained for seven (7) years in compliance with tax and financial regulations.
  • Support Tickets: Retained for three (3) years after resolution.

Upon account termination, we will delete your data within ninety (90) days, except as required by law, regulation, or legitimate business purposes such as fraud prevention.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, regular security assessments, and secure data storage practices. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Correction

You may access and update your account information at any time through the Services. You may also request a copy of the personal information we hold about you by contacting us.

7.2 Deletion

You may request deletion of your personal information by contacting us. We will comply with your request subject to applicable legal retention requirements.

7.3 Data Portability

You may request a copy of your data in a commonly used, machine-readable format.

7.4 Marketing Communications

You may opt out of marketing communications by using the unsubscribe link in any marketing email or by contacting us. Opting out of marketing communications does not affect service-related communications.

7.5 CPNI Restrictions

You may restrict our use of your CPNI for marketing purposes at any time by contacting us. See Section 4 above.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights, contact us at support@leanpbx.com. We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf. We will respond to verifiable requests within forty-five (45) days, with the possibility of a forty-five (45) day extension for complex requests.

Categories of Personal Information Collected

Category Examples
Identifiers Name, email, phone number, IP address, account ID
Commercial Information Subscription plan, transaction history, billing records
Internet/Network Activity Browser type, pages viewed, feature usage, CDRs
Geolocation Data IP-based approximate location, registered service address
Sensory Data Call recordings, voicemail recordings (when enabled)
Professional Information Business name, job title, business address

9. European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the following additional provisions apply:

9.1 Legal Bases for Processing

We process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide the Services you have requested.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and service improvement, provided these interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations, including telecommunications regulations.
  • Consent: Processing based on your explicit consent, such as for marketing communications. You may withdraw consent at any time.

9.2 Your Rights Under GDPR

In addition to the rights described in Section 7, you have the right to:

  • Restrict the processing of your personal data in certain circumstances.
  • Object to processing based on legitimate interests.
  • Lodge a complaint with a supervisory authority in your country of residence.
  • Not be subject to automated decision-making, including profiling, that produces legal effects.

9.3 International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA/UK, including the United States, where our primary processing facilities are located. We ensure adequate protection for such transfers through appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and any applicable data transfer frameworks.

9.4 Data Protection Officer

For data protection inquiries, you may contact us at support@leanpbx.com.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

  • Essential Cookies: Required for the operation of our website and Services. These include session cookies, CSRF protection tokens, and authentication cookies. These cookies cannot be disabled as they are necessary for the Services to function.
  • Functional Cookies: Used to remember your preferences and settings, such as language selection and display preferences. These cookies enhance your experience but are not strictly necessary.
  • Analytics Cookies: Used to collect aggregate, anonymous information about how visitors use our website, including pages visited and time spent. This data helps us improve our website and Services.

10.2 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your cookie preferences at any time through the cookie settings link in our website footer. You can also control cookies through your browser settings; however, disabling essential cookies may impair the functionality of the Services.

11. Children's Privacy

The Services are not directed to individuals under the age of sixteen (16) in the EEA/UK or under the age of thirteen (13) in the United States. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on our website with a revised "Last updated" date. If we make material changes, we will provide notice through the Services or via email. Your continued use of the Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

LeanPBX
Email: support@leanpbx.com