Privacy Policy

Regulatory issues and security concerns are realities for all companies today. Protecting data – yours, as well as the data belonging to your customers – is of the utmost importance to ESI. (For ePhone GO 2™ privacy policy click here.)

Security

ESI's data centers are designed to keep your data safe.

Compliance & Accreditations

ESI data centers are designed to adhere to domestic and international compliancy and environmental standards. Annual audits verify our compliance.

Protecting Customer Card Information

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

PCI DSS applies to all entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

Google Limited Use Policy

We adhere to Google OAuth API Scopes to safeguard your data. Our requests for access are limited to Google-approved application types, and any data we collect is solely for the purpose of enhancing your user experience and improving our features. Your data is not shared without your explicit consent, except when necessary for security, legal compliance, or during company transitions, with your prior approval. Your data is only accessed by humans when required for security or legal reasons or with your explicit permission. We do not sell or misuse your data for advertising, credit assessment, or lending purposes. Our team is dedicated to upholding these principles and maintains robust security measures, including annual security assessments. Your data security is our top priority.

Any use and sharing of information obtained from Google APIs to other applications are subject to Google API Services User Data Policy, including the Limited Use requirements.

Process & Privacy

PCI DSS

Payment Card Industry Data Security Standard is a requirement designed to protect cardholder data and the environments in which cardholder data is stored, processed or transmitted. ESI’s managed hosting and colocation services are in compliance with the latest PCI DSS standards and are certified annually by a PCI Quality Assessor.

HIPAA

The Health Insurance Portability and Accountability Act instituted regulations protecting the privacy and security of certain health information. ESI provides a HIPAA-compliant environment for our customers.

SOC 2 Type II

ESI’s SOC 2 Type II reports not only confirm that ESI’s data center security and operational procedures have been reviewed and tested by an independently certified auditor, but they also validate that our facilities’ controls and processes are designed to safeguard our customers’ data.

Hosted Virtual Fax Services

ESI's hosted virtual fax services can be encrypted to ensure all faxes are secure, assisting end-users with their security requirements such as HIPAA. Email- to-Fax, Fax-to-Email, PC-to-Fax, Web-to-Fax and Fax-to-Fax are all TLS encrypted. For end- users without TLS enabled mail services, SSL fax is available that enables end-users to securely download any fax they receive via the portal.

Green Certifications

Energy Star

ENERGY STAR is a joint program of the U.S. Environmental Protection Agency (EPA) and the U.S. Department of Energy. Founded in 1992 for the purpose of saving money and protecting the environment through energy-efficient products and practices, the ENERGY STAR label is now on major appliances, office equipment, lighting, home electronics and more. ESI’s Dallas data center in Plano, TX and New York/New Jersey data center in Secaucus, NJ, both achieved the ENERGY STAR rating.

LEED

Leadership in Energy and Environmental Design is a building rating achievement given to facilities that meet the standards of the U.S. Green Building Council. ESI’s facilities are LEED Accredited Professional. ESI’s New York/New Jersey facility in Secaucus, NJ is LEED Platinum certified and our Dallas facility is LEED Gold certified.

ESI ePhoneGO 2™ Privacy Policy

DEFINITIONS (for the purpose of this ePhoneGO 2™ privacy policy):

Application refers to the ePhone GO 2™ application for iOS, the ePhone GO 2™ application for Android, and the ePhone GO 2™ application for desktop platforms; published by ESTECH SYSTEMS INC.;
Company (referred to as either "the Company", “Our”, “Us” or "We" in this privacy policy) refers to ESTECH SYSTEMS INC., whose head office is at 3701 E. Plano Parkway, Ste. 300, Plano TX 75074-1819
Service means - VoIP service for calls, instant messaging and collaboration provided via the Application
Personal Data is any information that specifically identifies an individual (such as your name, user name, address or e-mail address), processed by the Company for the purposes set forth in this privacy policy. Personal Data also includes any information about an individual that is directly linked to personally identifiable information, and is processed by the Company for the purposes set forth in this privacy policy. Personal information does not include “aggregate” information, which is data Company collects about the use of the Service (such as automated crash reports) or about a group or category of users, from which individual identities or other personal information has been removed. This privacy policy in no way restricts or limits our collection and use of aggregate information.
Company (referred to as either "the Company", “Our”, “Us” or "We" in this privacy policy) refers to ESTECH SYSTEMS INC., whose head office is at 3701 E. Plano Parkway, Ste. 300, Plano TX 75074-1819
Device means any device that can access the Service such as a cell phone, tablet or a computer, that allows the Application to be downloaded and the Service to be used
User means a natural person using the Application for personal or professional purposes.

PRIVACY INFORMATION ACCESS PREFACE

Company is very concerned for the privacy of the users of our products. To this extent, no user information is collected except when necessary for using a specific feature of our products (Apple Push Notification Service, Firebase Cloud Messaging) and is never shared with any third parties. The only time information is requested other than listed here is for use in troubleshooting technical issues and of course, the user has the option to refuse in that case (though that may negatively affect our ability to resolve any issues).

This privacy policy contains the full list of features built into the Application that in any way process users’ private information. Whether a feature is enabled or not, and thus whether the private information required for the feature to work is accessed, depends solely on the SIP account configuration in the Application.

PUSH NOTIFICATIONS

In order for Push Notifications to work, we must register your account remotely when the Application is in the background or closed on your iOS or Android device. To accomplish this, we transmit your SIP account details to SIPIS (our server that handles push notifications) over a https – secure connection. This information is shared with no one and is erased immediately when the push instance expires (usually within 3-6 days, depending on SIP account configuration) or the user disables Push Notifications in the Application. If the SIP account is configured to use one of our methods for multitasking instead of Push Notifications, this information is not sent to SIPIS.

MOBILE APP CONTACTS USAGE

This part of the privacy statement describes how the Company collects and uses the contact information you provide by granting the contacts access permission
in the Application. It also describes the choices available to you regarding our use of your information and how you can access and update this information.

We access the following personal information from your address book:

Contacts’ names
Contacts’ email
Contacts’ telephones
Contacts’ organization
Contacts’ postal address
Contacts’ birthday
Contacts’ gender

We use this information to:

Populate your Contacts data in the app.
To import your favorite contacts into the QuickDial list, if you also enable the “Busy Lamp Field” feature on a contact, the favorite contact’s number (URI) will be included in your SIP traffic, but will not be stored anywhere.
Enable the Smart Contacts feature, which helps you to make free calls and enjoy seamless communication with other users with SIP accounts on the same provider. If your SIP account is configured to use the Smart Contacts feature, we securely upload your contacts to the server in order to recognize Application users among your contacts.

We will only use your Contacts information for the specific reason for which it was provided to us.

MOBILE APP LOCATIONS INFORMATION USAGE

This part of the privacy statement describes how the Company uses the location information you provide by granting the Location access permission in the Application.

We ask the location access permission only if the SIP account is configured to do so, and only in the following use cases:

When the SIP account is used in a country with Dispatchable Location for emergency calls legal requirement. In this situation, the app attempts to acquire your location information in case a call to an emergency number is placed. Please note that emergency calls are usually routed to your phones' native dialer instead of requesting location access. Please consult with support to learn how emergency calls are handled for your account.
When the SIP account is configured to send location data during SIP registration

We will only use your Location information for the specific reason for which it was provided to us.

MOBILE APP MEDIA FILES AND DOCUMENTS USAGE

This part of the privacy statement describes how the Company uses media files and documents shared with the Application. Depending on the operating system, you may need to grant additional file access related permissions to the Application in order for the Application to access files.

We process your files such as photos, videos, documents; only if the SIP account is configured to do so, and only in the following use cases:

When you select the option to share a media or file attachment via a multimedia message. We always access only the files that have been explicitly shared with the Application. The attached files are always being encrypted and securely uploaded to a server in order for the message recipient to download them later.
Other use cases in which the files never leave your device. An example of such use case is adding a photo avatar to a favorite contact (also referenced to as “QuickDial”).

We will only use your files for the specific reason for which they were provided to us.

MOBILE APP ANALYTICS USAGE

The Company may collect aggregate data that no longer identifies individual users for purposes of usage and performance analysis. This may include diagnostic data such as login counts, screen view counts or crash information.

TROUBLESHOOTING LOGS USAGE

For the sole purpose of troubleshooting, the Company might ask users to provide debug logs from the Application. The debug logs contain full network traffic information for application provisioning, calls, messaging and other network in-app events generated by user activity.

RETENTION OF INFORMATION

We maintain your personal information in our regular business records while you are a customer of your Service. We may also maintain this information for a period of time after you are no longer a customer if the information is necessary for the purposes for which it was collected or to satisfy our legal requirements and/or obligations. These purposes typically include business, legal, or tax purposes. If there are no pending requests, orders, or court orders for access to this personal information, we may destroy the information once it becomes unnecessary to those purposes for which it was collected.

SECURITY

The security of personal information is important to us. We take commercially reasonable measures and follow generally accepted standards to protect the information you provide us, both during transmission and once we receive it. For example, the information you provide is transmitted via encryption using technologies such as secure socket layer technology (SSL).

DISCLOSURE TO THIRD PARTIES

We do not share or sell your personal information to third parties.

We disclose information only in the following cases: as required by law, such as to comply with a subpoena or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, to investigate fraud, or to respond to a government request if we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice through our app of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information to any other third party with your prior consent to do so.

PRIVACY STATEMENT UPDATES

We may update this privacy statement to reflect changes to our business or this app as it pertains to the information collected from you and our use of it. If the change impacts how we use or handle information collected from you, we will email you and/or your company’s Google administrator, or post a notice where you first access this app prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

SUPPORT

As a user, you can request the following:

Confirmation of access of personal data concerning you
Access to the processed personal data concerning you.
- Please note that pieces of personal data stored in encrypted format can only be provided in its encrypted form.
- Please note that once data is removed it cannot be restored.
Correct inaccurate or incomplete personal data concerning you
Erase processed personal data concerning you
Arrange how personal data concerning you should be processed in event of your death

To process a request, please send an email to support@esi-estech.com with the following:
Subject of request, your name(s) and first name(s);
Scan of both sides of your passport or identity card to enable us to verify your identity

Company support will respond to requests in a timely manner (within 30 days of request).

Company support might ask you for further information, such as username or a phone number, in order to determine what information has been collected about you.

If you have any questions or concerns about our privacy policy, please contact us at support@esi-estech.com.

0455-0044 Rev. B (last updated in September 2022.)