1. Data Controller

Voiping, operating under the domain voip.ing ("we," "us," or "our"), is the data controller responsible for the processing of your personal data. We are committed to protecting your privacy and processing your data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

For any privacy-related inquiries, please contact us at privacy@voip.ing.

2. Data We Collect

We collect and process the following categories of personal data:

Account Information:

  • Name, email address, phone number, and billing address.
  • Company name, VAT number, and business registration details (for business accounts).
  • Payment information (credit card details are processed by our payment provider and not stored on our servers).

Service Usage Data:

  • SMS message metadata: sender, recipient number, timestamp, delivery status, message segment count. We do not store message content after delivery.
  • Voice call metadata (CDRs): caller number, called number, call start/end time, duration, disposition. We do not record call audio unless explicitly requested and configured by you.
  • API request logs: endpoint, timestamp, IP address, request/response metadata.
  • DID number inventory and configuration data.

Technical Data:

  • IP addresses, browser type, operating system, and device information when accessing our web portal.
  • SIP registration data: SIP user agent, IP address, registration timestamps.
  • Session cookies and authentication tokens.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide our services, manage your account, process payments, and deliver SMS and voice services.
  • Legitimate Interest (Art. 6(1)(f) GDPR): Processing for fraud prevention, security monitoring, service improvement, and analytics. Our legitimate interests do not override your fundamental rights.
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing required to comply with telecommunications regulations, tax obligations, and law enforcement requests.
  • Consent (Art. 6(1)(a) GDPR): Processing for marketing communications and non-essential cookies. You may withdraw consent at any time.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained for the duration of your account plus 12 months after closure for dispute resolution and legal compliance.
  • SMS metadata: Retained for 6 months for delivery reporting and troubleshooting, then anonymized.
  • Call detail records (CDRs): Retained for 12 months for billing verification and regulatory compliance, then anonymized.
  • API logs: Retained for 90 days for debugging and security purposes.
  • Billing and tax records: Retained for 7 years as required by tax legislation.
  • Support tickets: Retained for 24 months after resolution.

5. Third-Party Processors

We share your data with the following categories of third-party processors, all of whom are contractually bound to protect your data:

  • Telecommunications carriers: Upstream SMS aggregators and voice carriers who deliver your messages and calls. They receive only the minimum data necessary (recipient number, message content for SMS, caller/called numbers for voice).
  • Payment processors: For processing credit card and bank transfer payments. They operate under PCI DSS compliance.
  • Infrastructure providers: European-based data center and hosting providers where our servers are located.
  • Analytics tools: For website analytics (aggregated, non-personal data only).

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.

6. International Data Transfers

Our primary infrastructure is located within the European Economic Area (EEA). When we need to transfer data outside the EEA (for example, to deliver SMS or voice calls to international destinations), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where the European Commission has determined the recipient country provides adequate data protection.
  • For telecommunications data (message delivery), transfers are necessary for the performance of the contract between you and us.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interest or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent for processing based on consent at any time.

To exercise any of these rights, please contact us at privacy@voip.ing. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

8. Cookie Policy

We use cookies and similar technologies on our website:

  • Essential Cookies: Required for the website to function (session management, authentication, CSRF protection). These cannot be disabled.
  • Functional Cookies: Remember your preferences (language, dark/light mode, currency). These enhance your experience.
  • Analytics Cookies: Help us understand how visitors use our website. Data is aggregated and anonymized.

We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest.
  • Access controls and authentication for all systems processing personal data.
  • Regular security assessments and vulnerability scanning.
  • Employee training on data protection and security practices.
  • Incident response procedures with 72-hour breach notification to supervisory authorities as required by GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on our website at least 30 days before they take effect.

We encourage you to review this policy periodically. The "Last updated" date at the bottom of this page indicates when this policy was last revised.

Enterprise SMS & Voice Platform — Programmable communications for growing businesses.

Copyright © 2026 Voip.Ing. All Rights Reserved.