Privacy Policy

1. Introduction

Voley ("Voley," "we," "us," or "our") operates a business messaging platform at letsvoley.com (the "Platform"). Our Platform enables independent insurance agencies and other businesses ("Customers" or "Agencies") to communicate with their clients and prospects ("End Users") via SMS text messaging and related channels.

This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our Platform, including information about our Customers, their authorized users, and the End Users they communicate with.

2. Information We Collect

Information Provided by Customers

• Account information: Business name, address, EIN, website URL, contact name, email address, and phone number
• User credentials: Names, email addresses, and authentication data for authorized team members
• Billing information: Payment method details (processed by our payment processor; we do not store full payment card numbers)
• Integration data: Credentials and configuration for third-party integrations (e.g., HawkSoft)

End User Information (Processed on Behalf of Customers)

• Contact details: Phone numbers, names, and other contact identifiers provided by the Customer or the End User
• Message content: The content of SMS messages sent and received through the Platform
• Message metadata: Timestamps (sent, delivered, read), delivery status, and message direction
• Consent and opt-out records: Records of End User opt-in, opt-out, and HELP requests

Information Collected Automatically

• Device and browser data: IP address, browser type, operating system, and device identifiers when Customers access the Platform
• Usage analytics: Pages viewed, features used, session duration, and interaction patterns within the Platform
• Log data: Server logs including access times, error logs, and API call records
• Cookies and similar technologies: Session cookies, authentication tokens, and analytics identifiers (see our Cookie section below)

Cookies

We use cookies and similar technologies for authentication, security, preferences, and analytics. You can control cookies through your browser settings, though disabling certain cookies may impair Platform functionality.

3. How We Use Information

We use the information we collect for the following purposes:

• Provide and operate the Platform: Route and deliver messages, manage conversations, sync contacts, and enable collaboration features
• Customer support: Respond to inquiries, troubleshoot issues, and provide technical assistance
• Compliance and legal obligations: Process opt-out and HELP requests, maintain message logs for regulatory compliance, support A2P 10DLC registration, and respond to lawful requests
• Security and fraud prevention: Detect and prevent unauthorized access, abuse, spam, and other harmful activity
• Billing and account management: Process payments, manage subscriptions, and send account-related communications
• Platform improvement: Analyze usage patterns to improve reliability, performance, and user experience
• Onboarding and registration: Submit carrier registration (A2P 10DLC) on behalf of Customers through Twilio

4. How We Share Information

We share information only in the following circumstances:

Service Providers and Subprocessors

We use trusted third-party service providers to help us operate the Platform. These providers process data only on our behalf and are contractually obligated to protect it. Key subprocessors include:

• Twilio: Telecommunications provider for SMS message routing and delivery, phone number provisioning, and A2P 10DLC registration
• Cloud infrastructure providers: Hosting, storage, and database services
• Payment processors: Secure payment processing for billing
• Analytics providers: Platform usage analytics and error monitoring

Legal and Regulatory Disclosures

We may disclose information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of Voley, our Customers, or others
• Detect, prevent, or address fraud, security, or technical issues

Business Transfers

If Voley is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected parties of any change in ownership or use of personal information.

With Customer's Consent

We may share information with third parties when a Customer has directed or authorized such sharing (for example, enabling an integration with a third-party service).

5. SMS Messaging Data

Because our Platform is centered on SMS communication, we want to be transparent about how messaging data is handled:

• Message routing: Message content is transmitted to and from End Users through Twilio's telecommunications network. Twilio processes message data as a subprocessor to deliver messages to mobile carriers.
• Message storage: Message content and metadata are stored on our Platform so Customers can view conversation history and maintain records.
• Opt-out processing: We automatically detect opt-out keywords (STOP, UNSUBSCRIBE, etc.) and update contact records to prevent further messaging. Opt-out status is shared with the Customer.
• HELP responses: We process HELP keyword requests and provide the Customer's support contact information to the End User.
• No message content selling: We do not sell, share for advertising purposes, or use message content for any purpose other than providing the Platform service to the Customer.

6. Data Retention and Deletion

Retention Periods

• Account data: Retained for the duration of the Customer's active account, plus a reasonable period afterward for administrative purposes
• Message data: Retained in accordance with the Customer's account settings and applicable regulatory requirements. Customers may configure retention periods within the Platform.
• Opt-out records: Retained indefinitely to ensure continued compliance with opt-out requests
• Billing records: Retained as required by applicable tax and financial regulations
• Log data: Retained for a reasonable period for security, debugging, and compliance purposes

Deletion

Customers may request deletion of their account and associated data by contacting us at [SUPPORT_EMAIL]. Upon account termination, we will delete or anonymize Customer data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (such as maintaining opt-out lists).

End Users who wish to exercise data deletion rights should contact the Customer (Agency) that holds their information. We will cooperate with Customers to fulfill such requests.

7. Security Measures

We implement reasonable administrative, technical, and physical safeguards designed to protect the information we process. These include:

• Encryption of data in transit (TLS) and at rest
• Access controls and authentication requirements for Platform users
• Regular security assessments and monitoring
• Incident response procedures
• Employee access limited to those with a business need
• Secure development practices

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect personal information, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Opt-out of SMS: Reply STOP to any message to opt out of further SMS communications from a Customer
• Data portability: Request your data in a structured, commonly used format
• Withdraw consent: Where processing is based on consent, withdraw that consent at any time
• Non-discrimination: Exercise your rights without receiving discriminatory treatment

For Customers: Exercise your rights by contacting us at [SUPPORT_EMAIL].

For End Users: Because Voley processes End User data on behalf of our Customers, End Users should direct privacy requests to the Agency that holds their information. We will cooperate with Customers to fulfill valid requests. If you are unable to reach the Agency, you may contact us and we will make reasonable efforts to direct your request appropriately.

9. Agency / Customer Responsibilities

Our Customers are responsible for:

• Lawful basis for processing: Ensuring they have a lawful basis (such as consent) to collect and share End User personal information with Voley for messaging purposes
• Privacy disclosures: Providing their own privacy notices to End Users that accurately describe how End User information will be processed, including through the use of Voley
• Consent collection: Obtaining and documenting valid consent from End Users before initiating SMS communications through the Platform
• Data accuracy: Ensuring the accuracy of contact information uploaded to the Platform
• End User requests: Responding to End User requests regarding their personal information and coordinating with Voley as needed to fulfill those requests
• Compliance with laws: Complying with all applicable privacy, telecommunications, and marketing laws in their jurisdiction, including TCPA, state privacy laws, and industry-specific regulations

10. Children's Privacy

The Platform is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [SUPPORT_EMAIL].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page and update the "Last Updated" date. For material changes, we will provide notice through the Platform or by email to our Customers. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Appendix A: California Consumer Privacy Act (CCPA) Supplement

This section applies to California residents and supplements the information in this Privacy Policy.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, phone number, IP address, account credentials
• Commercial information: Billing records, subscription history
• Internet or electronic network activity: Browser type, pages viewed, interaction data
• Professional or employment-related information: Business name, role, title (for Customer accounts)
• Inferences: Usage patterns and preferences derived from Platform activity

Your California Rights

California residents have the right to:

• Know what personal information we collect, use, and disclose
• Delete personal information we hold about you (subject to exceptions)
• Opt out of the sale of personal information — we do not sell personal information
• Non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at [SUPPORT_EMAIL]. We will verify your identity before processing requests.

Service Provider Status

Where we process End User personal information on behalf of our Customers, we do so as a "Service Provider" under the CCPA. We do not sell or share (for cross-context behavioral advertising) End User personal information.

Appendix B: General Data Protection Regulation (GDPR) Supplement

This section applies to individuals in the European Economic Area (EEA), United Kingdom, or Switzerland and supplements the information in this Privacy Policy.

Legal Bases for Processing

We process personal data on the following legal bases:

• Performance of a contract: To provide the Platform and fulfill our obligations to Customers
• Legitimate interests: To operate, improve, and secure the Platform, and to communicate with Customers about their accounts
• Legal obligations: To comply with applicable laws and regulations
• Consent: Where specifically required, such as for certain cookie usage

Your GDPR Rights

In addition to the rights described in Section 8, EEA/UK/Swiss individuals have the right to:

• Restrict processing of your personal data in certain circumstances
• Object to processing based on legitimate interests
• Lodge a complaint with your local data protection authority

International Transfers

Voley is based in the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States. We implement appropriate safeguards for international data transfers, including standard contractual clauses where applicable.

Data Processor Role

Where we process End User personal data on behalf of our Customers, we act as a Data Processor. Our Customers are the Data Controllers. We process personal data only in accordance with our Customers' documented instructions and our Data Processing Agreement.