Privacy FAQs

Last Modified: 28 June 2022

What personal information does Aircall process in connection with the use of its services?

Aircall processes many categories of personal information – that is to say, personally identifiable information (PII), personal data, or however else such information is denominated by applicable privacy regulation - in connection with the use of Aircall’s services Aircall categorizes this personal information as follows:

• Customer's account data – Basic information needed to establish and maintain your account with Aircall, such as company name and contact details, including information about the main contact person.

• Customer's contact data (from contact list) – Name, telephone number, owner and other information about contacts in the contact lists of the users (agents).

• Customer's financial/payment data – Invoices and information about payment history. Please note that we do not store or in any other way process your full credit card information.

• Information about agent - Name, telephone number(s), role, metrics, IP address, device information of the users (agents).

• Call/SMS content – Content of messages sent via Aircall, call recordings and voicemails.

• Call/SMS metadata – Traffic data related to a particular communication, such as sender’s/caller’s and recipient’s telephone number or timestamp.

• Call data - other - Notes, tags, insight cards attached to a particular communication.

• Customer's scanned documents – Proof of user’s (agent’s) identity or address uploaded to Aircall account or sent to Aircall’s supporting team.

The examples provided for each category are indicative and may not constitute the full list of personal information processed as part of the said categories.

Is Aircall a processor under the GDPR?

Aircall, in most circumstances, processes the above-listed categories of personal information exclusively on behalf of its customers and acts as a data processor in the meaning of data protection laws of the European Economic Area (EEA). As a result of that, Aircall concludes a Data Processing Agreement with its customers. Please consult the Data Processing Agreement for more information about how Aircall processes personal data on behalf of its customers.

There are certain instances however where Aircall processes the personal data for its own purposes and acts as a data controller. Please see more detail about this processing in our Privacy Policy.

How does Aircall help me comply with privacy compliance efforts?

Aircall’s modern business phone solution provides customers with many features that can assist in bolstering your privacy compliance efforts under different privacy laws. Speaking more concretely, below are a few examples of how Aircall can help its customers comply with certain key privacy rights of individuals – data subjects.

Right to be forgotten: Delete agent or contact. If a customer of yours or a former user (agent) requests his/her information be deleted, you may do so directly through your dashboard. The data will be removed from the application however some personal information may remain in the call recordings or metadata. Use your options related to call recordings, as described in the next sections.

Right to information and consent for call recording: Compliant inbound. Create your own welcoming message for inbound calls – provide information on personal data processing and obtain consent for call recording via this feature. Your account manager and onboarding team will help you with the setting.

Right to access: Export from the dashboard. Explore your export options in the dashboard. You can, for example, export the list of calls made by a particular agent in the last 6 months.

Connecting to our API also provides a variety of options – please explore these in our API documentation.

Data minimization: Use your options related to call recordings, as described in next sections.

Ask for our assistance with a data subject request: If the self-service options described in the previous section do not satisfy your privacy compliance needs, you can also reach out to Aircall’s customer support with your request.

Such requests can only be accommodated if submitted by an admin user.

We proceed with your request according to the applicable law. Please note that within such procedures, we also assess whether we are required to accommodate such requests. If this is not the case, we inform you accordingly and discuss possible solutions.

For example, if you request that we delete call metadata related to a particular individual, who asked you to do so under GDPR, we may not be able to accommodate your request, as we may find ourselves obliged to keep such data for a certain period under applicable European telecommunications law. In such a case, we have a legitimate reason to keep the metadata (process them for our own purpose – providing access to such metadata upon request of a public authority) and we will reject your request.

Does Aircall provide specific privacy compliance features for call recordings?

Yes. As explained in the first section hereof, we process your call recordings (Call/SMS content category of personal information) exclusively on your behalf. We thus offer certain options to accommodate your instruction for their processing.

We by default store your call recording for one year after the respective call was made. This applies regardless of how long you can only see your call history in your dashboard. Would out like us to change this retention period? Proceed as described in the next section.

Would you like us to delete a particular call or a bulk of calls made in certain time period in your account or by your user (agent)? Reach out to Aircall’s customer support (request is only be accommodated if submitted by admin user) and explain your needs.

Do you prefer to store your call recordings on your own infrastructure instead of using Aircall’s? Do you want to download your call recordings on a regular basis? You can download the recordings or use a webhook. Please see our tutorials for both options:

https://developer.aircall.io/tutorials/logging-calls/

https://developer.aircall.io/tutorials/store-recordings-on-dedicated-server/

Is Aircall HIPAA compliant?

If you are a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and you are interested in using the Aircall product, you might be concerned about Aircall's compliance with the obligations set forth by HIPAA and applicable to Aircall as your potential business associate.

We offer our covered entity customers the opportunity to enter into Aircall’s Business Associate Agreement, which you should sign if you will disclose any protected health information (PHI) to Aircall. Our Business Associate Agreement is tailored to the specifics of Aircall's product and services. Please note that it is your responsibility to let us know that you are a covered entity or business associate and you plan to disclose PHI to Aircall.

Aircall's privacy and security practices are designed to safeguard PHI disclosed to us pursuant to a business associate agreement in line with Aircall’s (and covered entities’) obligations under the HIPAA Privacy and Security Rules. You may at any time ask your Aircall sales representative or reach out to Aircall's privacy and security team for more information about these practices.

Does Aircall use third parties (sub-processors) to process personal information on our behalf? Can Aircall provide more detail about why and where such third parties process the personal information?

Yes, Aircall uses third parties - sub-processors - to process personal information on customers’ behalf.

Please see more information about why and where such third parties process the personal information here. The referred document forms an inseparable part of the Data Processing Agreement between Aircall and its customers.

Where does Aircall store my data ?

All personal information processed by Aircall in relation to your usage of its products and services is currently hosted on AWS US West servers in Oregon, USA. The personal information is encrypted (at transit using TLS 1.2, at rest AES-256).

In the near future we would like to offer our customers more variety of location of their data – both for regulatory and customer experience reasons. We are currently in the process of implementing a multi-regional solution, based on which we will be able to store our customers’ data also on servers located in the European Union and in Australia. This solution is currently available upon request for storage of call recordings and voicemails. If you want to have your call recordings and voicemails stored on servers located in the European Union and in Australia, please contact your Customer Success Manager or Aircall’s Privacy team.

What measures did Aircall implement following the invalidation of the Privacy Shield? How does Aircall justify personal data transfers from the EEA to non-adequate third countries?

Privacy Shield was invalidated by a decision of the Court of Justice of the European Union on July 16, 2020. Since the invalidation of Privacy Shield, Aircall is closely monitoring and following the relevant regulatory guidance, including the European Data Protection Board’s Recommendations nos. 1-2/2020 (though currently in version for public consultations only). Aircall has implemented and continues to implement the below-described measures.

Alternative transfer mechanisms: Aircall has implemented alternative mechanisms recognized by GDPR for legitimate transfer of personal data from the EEA to non-adequate third countries in collaboration with providers processing our customers' personal data. These mechanisms are: Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs). Aircall implemented Standard Contractual Clauses pursuant to the decision of the Commission (EU) 2021/914 of 4 June 2021 on Standard Contractual Clauses for the transfer of personal data to third countries.

Technical measures: Aircall will be offering its customers a multi-regional hosting solution and as a result European customer’s data will be hosted in Europe and will no longer be hosted in the US - see previous section for more details. All data processed by Aircall on behalf of its customers is encrypted in transit and at rest - see our Security page for more detail.

Contractual measures: In addition to localizing customer data, and while this solution is being implemented, Aircall is including additional contractual measures to safeguard the data processed by our US providers. We select the contractual measures in such a way that ensures that the data transferred to the third country is afforded a level of protection essentially equivalent to that guaranteed by the EEA data protection laws, considering the nature of services provided by our providers. You may at any time reach out to our privacy team for more information.

How does Aircall protect my data?

Aircall has established technical and organizational safeguards to protect your data including the personal information processed by Aircall on customers' behalf.

Aircall maintains an information security program striving to meet the ever-evolving industry standards, constantly assessing and monitoring the level of security provided to customers’ data and ensuring appropriate reaction to information security incidents, including personal data breaches.

The technical and organizational safeguards form a part of our commitment to our customers as described in our Data Processing Agreement.

Please see also our page on information security here for more detail on the currently applied technical and organizational safeguards.

How long does Aircall keep my Data For?

Aircall follows its Customer Data Retention Policy, which sets retention periods for the different categories of personal information, as described below.

For categories of personal information processed exclusively on behalf of the customer, we invite each customer: To use self-service options inside Aircall product for deletion of Customer's contact data (from contact list), Call data – other (notes, tags and insight cards) and Customer's scanned documents; and To inform our sales representative before opening your Aircall account or to contact Aircall’s customer support, once your account is created, in order to tell us your retention preference for Call/SMS content.

For categories of personal information processed for Aircall’s own purposes (whether exclusively or not), please see more detail in our Privacy Policy.

Where may I find additional information regarding Aircall’s processing of personal information?

For more detail about how we process personal information for our own purposes - as data controllers - please consult our Privacy Policy.

For more detail about how we process personal information on behalf of our customers, please consult our Data Processing Agreement.

If you are a developer and you are keen for more detail and options how to build in with the highest privacy standard (and compliance with privacy by design principles), we also suggest that you read through our API documentation, which offers a lot of tips for you to customize how different data is used and stored!

Who stands behind Aircall’s privacy management and who can I contact in case of further questions or concerns?

Aircall maintains a complex privacy management program consisting in, above all, internal policies, procedures, other organizational and technical measures and monitoring of privacy legislation development, regular update of Aircall’s privacy documentation and support with customers’ queries.

Our customers are invited to search answers to their queries in these FAQs, Aircall’s Data Processing Agreement and Aircall’s Privacy Policy; and share their remaining questions or concerns with Aircall’s privacy team at privacy@aircall.io.