Privacy Policy

1. Data collected by the website

We collect the following data through our website:

• Identification data: name, corporate email, phone, job title
• Company data: tax ID (CNPJ), legal name, industry segment
• Navigation data: pages visited, time on page (via anonymous analytics)
• Form data: information provided in qualification and contact forms

2. Data collected by the mobile applications

Our mobile applications (SIP softphones such as CrossCall) collect only the data strictly required for telephony to work:

• SIP credentials: username, password and SIP server provided by you or your administrator, stored encrypted on the device and used only to register the application with the configured SIP server.
• Device contacts (optional): when you grant permission, we read the local address book to display names and numbers on the dialer and call history. Contacts stay on the device; they are not sent to our servers or to any third party.
• Call audio and video: transmitted in real time over SIP/SRTP directly to the configured SIP server only during active calls. We do not record, store or analyze the content of your calls.
• Call metadata: dialed number, date, duration and status (answered, missed, rejected), stored locally on the device to build the call history.
• Technical data: operating system version, install identifier and diagnostic logs, used only for stability and technical support.

3. How device permissions are used

We request only the permissions strictly necessary for softphone functionality:

• Microphone: used exclusively to capture your voice during active voice calls. Never accessed outside of calls.
• Camera: used exclusively for video calls when you start or accept a call with video. Never accessed outside of video calls.
• Contacts: used only to display names in the dialer, call history and contact search. The address book is read locally; no contact is sent to the server.
• Notifications: used to alert you about incoming calls, messages and softphone events.
• Network and telephony: used to manage calls (pause music, route audio to Bluetooth, prioritize network), integrate with the system's native call UI and keep the SIP registration alive.

4. Data transmission

SIP signaling and media (audio/video over SRTP) are transmitted directly between your device and the SIP server configured by you or your administrator. SipPulse does not proxy, route, record or analyze the content of your calls. We do not share usage data, contacts or media with third parties, advertising networks or data brokers.

5. Push notifications (Firebase/FCM and APNs)

To deliver incoming call notifications while the application is in the background, we use Firebase Cloud Messaging (FCM) on Android and Apple Push Notification service (APNs) on iOS. A push token is generated by the device and sent to the SIP server so it can trigger a notification when there is a call. The token is a technical identifier and does not reveal call content, contacts or messages. Call media never flows through FCM or APNs.

6. Data sharing

We do not sell or share personal data with third parties, except:

• Strictly necessary infrastructure providers (Google Firebase/FCM and Apple APNs for call notifications)
• Consulting partners, only for redirected leads, with consent
• CRM tools (Ploomes) for commercial management of contacts originated by the website
• When required by legal obligation or court order

7. Legal basis (LGPD)

SipPulse processes personal data based on the performance of a contract and preliminary procedures (art. 7, V of the LGPD) for use of the applications, on legitimate interest (art. 7, IX) for commercial prospecting and technical support, and on the data subject's consent (art. 7, I) for specific purposes such as marketing communications and access to device contacts.

8. Data retention

SIP credentials, call history and contacts accessed by the application remain on the user's device and are removed when the app is uninstalled or its data is cleared. Lead and prospect data collected by the website is retained while there is an active commercial relationship and, after termination, for the legal period required for tax purposes and defense in judicial proceedings.

9. Data subject rights

Under the LGPD, you have the right to:

• Confirm the existence of processing of your data
• Access your personal data
• Request correction of incomplete, inaccurate or outdated data
• Request anonymization, blocking or deletion of unnecessary data or data processed in non-compliance
• Request data portability to another provider
• Request deletion of data processed based on consent
• Obtain information about public and private entities with which we share data
• Revoke consent at any time

10. Account and application data deletion

To delete all local application data, uninstall the app or use the "Clear data" option in the operating system settings. To request deletion of data stored in our commercial systems, send a request to the email below; we will respond within 15 calendar days, as provided by the LGPD.

11. Contact and data protection officer (DPO)

To exercise your rights, clarify questions about this policy or request deletion of your data, contact us by email: info@sippulse.com

SipPulse Soluções em Telecomunicações Ltda., a Brazilian company, controller of the personal data processed under this policy.