Legal & Trust
Legal & trust center
Every policy, agreement and control in one place — written to read like the real, publishable documents they are.
Policies and trust documents
Privacy Policy
What we collect through our forms and newsletter, why, and the rights you have over your data.
PolicyCookie Policy
How we use browser storage. We keep it minimal — preferences and consent only, no third-party tracking.
PolicyTerms of Use
The terms that govern this website — separate from the written agreement that governs the platform.
TermsGDPR & Data Processing
Our roles as controller and processor, transfer safeguards, and how a Data Processing Agreement fits in.
Data protectionSubprocessors
The categories of vendors that help us run TelVox — hosting, storage, transactional email and messaging.
VendorsSecurity & compliance
AES-256-GCM at rest, an append-only audit trail, org-scoped isolation and short-lived tokens — built in.
TrustAgreements & certification
A Data Processing Agreement (DPA) and a Business Associate Agreement (BAA) are available on request — TelVox is built for HIPAA workloads. The platform is engineered to SOC 2 Type II and ISO 27001 controls, with formal certification in progress. We don’t claim certifications we don’t yet hold.