Privacy Policy

VoIP Services

Last updated: June 25, 2026 | Effective date: June 25, 2026

Hex Consulting ("we," "us," or "our") is committed to protecting the privacy and security of our customers and users of our Voice over Internet Protocol (VoIP) services. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and the choices you have regarding your data.

By accessing or using Hex Consulting VoIP services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our VoIP services and contact us to close your account.

Information We Collect
How We Use Your Information
Call Data Records (CDRs) and Call Content
Data Sharing and Disclosure
Data Retention
Security of Your Information
Your Rights and Choices
CPNI — Customer Proprietary Network Information
Emergency Services (E911)
Cookies and Tracking Technologies
Children's Privacy
Changes to This Policy
Contact Us

1. Information We Collect

When you use our VoIP services, we may collect the following categories of information:

Account & Identity Information

Full name, business name, and billing address
Email address and phone number(s)
Username, password (stored in hashed form), and account preferences
Government-issued ID or tax identification numbers (for business accounts)
Payment information (credit card numbers are tokenized; we do not store raw card data)

VoIP Usage Data

Call Detail Records (CDRs): originating and destination numbers, call timestamps, call duration, and call disposition (connected, voicemail, missed)
SMS/MMS message metadata (sender, recipient, timestamp, message size) where applicable
Fax transmission records (if fax-over-IP is enabled on your account)
Voicemail data including audio recordings and transcriptions
Conference call and collaboration session metadata

Technical & Device Data

IP addresses, SIP endpoint identifiers, and device MAC addresses
VoIP client type and version (softphone, IP desk phone, mobile app)
Network quality metrics (jitter, packet loss, latency, MOS scores)
System logs, error reports, and diagnostic data
Geolocation data associated with registered E911 addresses

Communications with Us

Support ticket content, chat transcripts, and email correspondence
Survey responses and feedback submissions
Recorded support or training calls (with notice)

2. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

Provision, activation, and configuration of VoIP services
Routing, completing, and recording call activity
Delivering voicemail, transcriptions, and call recordings to authorized users
Enabling number portability (porting your existing phone numbers)

Billing and Account Management

Processing payments and issuing invoices
Calculating usage-based charges from CDRs
Fraud detection and prevention
Managing account upgrades, downgrades, and cancellations

Network Operations and Quality

Monitoring network performance and resolving call quality issues
Capacity planning, load balancing, and infrastructure improvements
Security event detection and incident response
Compliance with telecommunications regulations

Customer Support

Responding to support requests and troubleshooting technical issues
Training our support staff using anonymized or consented call data

Legal and Regulatory Compliance

Complying with lawful intercept obligations and government orders
Fulfilling CPNI requirements under FCC rules (see Section 8)
Maintaining records required by applicable telecommunications law

3. Call Data Records (CDRs) and Call Content

We make an important distinction between call metadata and call content:

Call Metadata (CDRs)

We automatically collect CDRs for every call routed through our platform. CDRs include who called whom, when, and for how long, but do not include the actual audio content of the conversation. CDRs are used for billing, fraud detection, and regulatory compliance.

Call Recordings

Call recording is an optional feature that must be explicitly enabled by the account administrator. When enabled, recorded calls are stored in our secure cloud environment. Access is restricted to authorized users on your account. You are responsible for notifying all parties that a call is being recorded in accordance with applicable wiretapping and consent laws (which vary by state and jurisdiction).

Voicemail

Voicemail audio files and, where enabled, voicemail-to-text transcriptions are stored on our servers and accessible through your account portal. Transcriptions are generated via automated speech recognition and may not be 100% accurate.

Hex Consulting does not listen to, analyze, or use the content of your voice calls for advertising or marketing purposes.

4. Data Sharing and Disclosure

We do not sell your personal information or call data to third parties. We may share your information only in the following limited circumstances:

Service Providers

We work with trusted third-party vendors who assist in delivering our services, including cloud infrastructure providers, payment processors, and SMS/MMS gateway providers. These parties are contractually bound to use your data only as directed by Hex Consulting and in accordance with this policy.

Telecommunications Partners

To complete calls, we exchange necessary call routing information (such as called and calling party numbers) with upstream carriers, interconnected carriers, and number portability databases. This is an inherent part of how telephone networks operate.

Legal Obligations

We may disclose information when required by law, court order, subpoena, or lawful government request — including compliance with Communications Assistance for Law Enforcement Act (CALEA) obligations. Where permitted by law, we will notify you of such requests.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you before your data is subject to a materially different privacy policy.

With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain different categories of data for different periods based on operational and legal requirements:

CDRs and billing records: Retained for a minimum of 18 months, and up to 7 years where required for tax or regulatory purposes.
Call recordings: Retained for 90 days by default; customizable up to 3 years via account settings.
Voicemail: Retained until deleted by the user, subject to a maximum of 365 days of inactivity.
Account information: Retained for the duration of the service agreement and up to 5 years after account closure.
Security and access logs: Retained for 12 months.

Upon account closure, we will delete or anonymize personal data within 90 days, unless retention is required by law or for legitimate business purposes such as dispute resolution.

6. Security of Your Information

We implement industry-standard technical and organizational measures to protect your information, including:

Transport Layer Security (TLS) encryption for all web portal and API communications
Secure Real-time Transport Protocol (SRTP) for encrypting voice media streams where supported by endpoints
SIP over TLS (SIPS) for signaling encryption
AES-256 encryption for stored call recordings and voicemail files
Role-based access controls and multi-factor authentication (MFA) for account portal access
Regular third-party security audits and penetration testing
SOC 2 Type II certified data centers

No method of transmission over the Internet or method of electronic storage is 100% secure. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable breach notification laws.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability

You may request a copy of the personal information we hold about you, including your CDRs and account data, in a structured, machine-readable format.

Correction

You may update your account information at any time through the customer portal, or contact us to correct inaccurate data.

Deletion

You may request deletion of your personal information. Note that some data may be retained where required by law or for legitimate business purposes (e.g., billing disputes, fraud prevention).

Opt-Out of Marketing

You may opt out of promotional communications at any time by using the unsubscribe link in any marketing email or contacting us directly. Note that service-related communications (invoices, outage notices, security alerts) are not subject to opt-out.

Call Recording Controls

Account administrators can enable or disable call recording at any time through the account portal. Individual call recordings can be deleted by authorized users.

To exercise any of the above rights, please contact us at privacy@hexconsulting.com. We will respond within 30 days. We may need to verify your identity before processing your request.

8. CPNI — Customer Proprietary Network Information

As a provider of telecommunications services, Hex Consulting is subject to the Federal Communications Commission (FCC) rules regarding Customer Proprietary Network Information (CPNI) under 47 U.S.C. § 222.

CPNI includes information relating to the quantity, technical configuration, type, destination, location, and amount of use of your telecommunications services. We use CPNI to:

Provide and improve the telecommunications services you subscribe to
Bill you accurately for services rendered
Protect you and our network from fraudulent use

We will not use CPNI to market additional services to you beyond the services you already subscribe to without your affirmative consent, except as permitted by applicable law. You have the right to restrict our use of your CPNI for marketing purposes by contacting us at privacy@hexconsulting.com.

9. Emergency Services (E911)

Our VoIP service supports Enhanced 911 (E911) calling. To enable accurate emergency dispatch, we collect and store your registered service address associated with each VoIP line. This address is transmitted to the relevant Public Safety Answering Point (PSAP) when you dial 911 from your VoIP device.

Important: VoIP E911 has limitations compared to traditional landline 911. Your E911 service address must be kept current in your account portal. Emergency dispatch may not function correctly if you use your VoIP device from a location different from your registered address. Always keep a backup means of contacting emergency services.

We may share your registered E911 address and device information with emergency service providers solely for the purpose of routing emergency calls and complying with applicable law.

10. Cookies and Tracking Technologies

Our web portal and customer dashboard use cookies and similar technologies to:

Maintain your authenticated session
Remember your preferences (e.g., language, dashboard layout)
Analyze portal usage to improve user experience
Detect and prevent fraudulent activity

We use strictly necessary, functional, and analytics cookies. We do not use third-party advertising or cross-site tracking cookies on our VoIP management portal. You can manage cookie preferences through your browser settings; disabling certain cookies may affect portal functionality.

11. Children's Privacy

Our VoIP services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@hexconsulting.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or industry practices. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Notify account administrators via email at least 30 days before the effective date of material changes
Post a prominent notice in the customer portal

We encourage you to review this policy periodically. Your continued use of our VoIP services after the effective date of any changes constitutes your acceptance of the updated policy.

13. Contact Us

Privacy Inquiries

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

Email: privacy@hexconsulting.com
Phone: (305) 900-5033 — Mon–Fri, 9am–6pm CST
Mail: Hex Consulting — Privacy Office
5810 Ingersoll Ave, Des Moines, IA 50312
General inquiries: info@hexconsulting.com

We will respond to all privacy requests within 30 days of receipt.

Table of Contents