Owners: NUSO Privacy Office and Director of Compliance

Introduction

At NUSO, we understand that privacy is essential to maintaining the trust of our customers, partners, employees, and users of our communications services worldwide. We are committed to handling all personal data lawfully, transparently, and securely in accordance with global data-protection regulations.

Including the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, California Consumer Privacy Act (CCPA), and relevant telecommunications privacy obligations (FCC CPNI rules).

Who we are

NUSO is a global cloud communications provider that brings together AI powered voice, messaging, collaboration, contact center, and carrier-grade infrastructure in one secure platform. NUSO helps partners and enterprises scale faster, meet compliance demands, and deliver better customer experiences. With NUSO, organizations move beyond call routing to orchestrating the outcomes that matter

In this policy, “NUSO,” “we,” and “us” refer to:

• NUSO, LLC, United States
• NUSO Cloud UK Ltd, United Kingdom
• NUSO Italia S.r.l., Italy

These companies, together the “NUSO Group,” act as data controllers for the personal data described here. When we process personal data on behalf of our customers under a services agreement, we act as a data processor and follow our customer’s instructions and the applicable data processing agreement.

What this policy covers

This policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and the choices you have. It applies to:

• Visitors and account users of our websites and portals
• Users of our mobile and desktop apps
• Customers, partners, suppliers, and prospects, and their staff who interact with us

The personal data we collect

We collect only what we need for the purposes below.

Identification and contact data
Name, job title, business email, business phone number, postal address.

Account and service data
Account credentials, support tickets, preferences, usage settings.

Communications and network metadata
Call or message routing details, timestamps, device identifiers, IP address, quality metrics, and similar technical logs. For telecom services, this may include CPNI as defined by FCC rules.

Billing and commercial data
Orders, invoices, payment method details handled by secure processors, contract documents.

Website and app data
Cookie and analytics data, pages viewed, app diagnostics, crash logs.

Applicant data
If you apply for a job, CV details and screening information as permitted by law. In the UK, screening may follow BS 7858:2019 where appropriate.

We do not intentionally collect special category data such as health or religion through our websites or apps. If such data is required for employment or legal reasons, we apply additional safeguards.

How we collect data

• Directly from you when you create an account, use our services, contact support, or attend our events
• Automatically when you use our websites and apps, through cookies and analytics and service telemetry
• From third parties such as partners, carriers, fraud prevention providers, and public sources, where lawful

How we use personal data, and our legal bases

We use personal data to provide and improve our services and to communicate with you. We rely on one or more lawful bases under GDPR and UK GDPR, and equivalent requirements in other laws.

Purposes

• Provide, operate, and support our services, including routing communications and maintaining network quality
• Manage accounts, billing, orders, and customer care
• Improve our products, websites, and apps through analytics and feedback
• Prevent fraud and protect our networks and users
• Send service notices and important updates
• Send marketing communications where permitted, you can opt out at any time
• Meet legal and regulatory obligations, including FCC CPNI, data protection, tax, and security requirements
• Process job applications and onboard employees where applicable

Legal bases

• Contract, to deliver the services you requested
• Legitimate interests, for security, service improvement, and business operations, balanced with your rights
• Consent, for optional activities like certain cookies or email marketing in some regions
• Legal obligation, to comply with laws and regulations
• Vital interests, to protect someone’s life in emergencies

We do not use personal data for automated decision making or profiling that produces legal or similarly significant effects.

Mobile applications, contacts, and avatars

With your permission on NUSO Android and NUSO iOS, the app may access your device contacts so you can place calls or send messages easily.

• When you message or call a contact, the phone number is sent securely through NUSO’s API for service delivery.
• We do not associate that phone number with other personal identifiers, and we store only what is needed for lawful service and support.
• We do not share this data with advertisers or unrelated third parties.
• You can revoke contact permissions at any time in device settings, core app features continue to work.

Optional Gravatar
If enabled in Settings or by your administrator, the app may generate an MD5 hash of a contact’s email to request an avatar from Gravatar. We send only the hash, not the plain email. You can turn this off at any time.

Cookies and analytics

Cookies are small text files stored on your device when you access most websites on the internet.

Across all NUSO websites and customer portals, we use cookies and similar technologies to help manage site performance, remember preferences, make navigation easier, and provide relevant information and functionality. Cookies also help us understand how our websites are used so we can keep them accurate, up-to-date, and operating smoothly, while improving your overall experience. You can manage your cookie preferences via your browser or our cookie banner. Some cookies are essential for the site to work.

Sharing personal data

We share data only as needed for the purposes above.

Within NUSO Group
NUSO, LLC, NUSO Cloud UK Ltd, and NUSO Italia S.r.l. may share data to provide group services and support, following this policy and applicable laws.

Service providers and partners
Cloud hosting, carriers for routing, billing and payment providers, CRM and support tools, security and fraud prevention vendors. These parties act under contract and only process data on our instructions.

Legal and regulatory
Courts, regulators, law enforcement, and emergency services when required by law.

Business changes
If we enter into a merger, acquisition, or corporate reorganization, we may transfer data to the new owners, who must continue to protect it.

We do not sell personal data.

International transfers

We operate globally. When personal data leaves the UK or EEA, we use approved safeguards such as UK International Data Transfer Agreements, EU Standard Contractual Clauses, or an adequacy decision. We also apply technical and organizational measures consistent with ISO 27001.

Retention

We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected, such as delivering the services you requested, and to meet our legal, contractual, accounting, or reporting obligations.

We securely delete or anonymize data when it is no longer needed.

Security

We use layered security controls aligned with ISO 27001, NIS2 and industry practices. These include access controls, encryption in transit and at rest, network monitoring, logging, vulnerability management, and regular testing. No system is perfectly secure, so we work to prevent incidents and limit impact if they occur.

Your privacy rights

Your rights depend on where you live. In many regions you can:

• Request access to the personal data we hold about you
• Ask us to correct inaccurate data
• Ask us to delete your data, subject to legal limits
• Object to or restrict certain processing
• Ask for a copy of your data in a portable format
• Withdraw consent where we rely on consent

We will respond in line with local laws. If we cannot act on a request, we will explain why.

CCPA rights for California residents

California residents have rights to know, access, correct, delete, and opt out of certain data sharing defined as “sale” or “sharing” under California law. NUSO does not sell personal data in the common sense. If we engage in activities that qualify as “sharing” for cross-context advertising, you can opt out using our cookie banner or by contacting us. We do not knowingly collect or share data of children under 16.

Children’s data

Our services are for business users. We do not knowingly collect personal data from children under 16.

How to contact us

If you have any questions or concerns about this policy you can contact us at:

Phone Number: 844-438-6876

Email: contact@nuso.cloud

U.S. mail: NUSO Privacy Office, 7777 Bonhomme Ave, Suite 1100, Clayton, MO 63105, USA

EU and UK contacts

• NUSO Cloud UK Ltd, registered address: C/O Gowling Wlg (UK) Llp, 4 More London Riverside,London SE12AU
• NUSO Italia S.r.l., registered address: via San Crispino 46, 35129 Padua, IT
  We will provide local contact details, including our EU or UK representative where required, on our website privacy page.

Changes to this policy

We may update this policy from time to time. We will post updates with a new effective date. If changes are significant, we will provide a clear notice.

Regional addenda, short form

A. EU and UK addendum

• Controllers: NUSO Cloud UK Ltd and NUSO Italia S.r.l. act as controllers for their operations, NUSO, LLC may be a joint controller for shared services.
• Legal bases: contract, legitimate interests, consent, legal obligation, and vital interests.
• Transfers: safeguarded by SCCs or IDTAs or adequacy.
• Supervisory authorities: you can complain to your local data protection authority, for example the ICO in the UK or the Garante in Italy.

B. California addendum

• You have the right to know, delete, correct, and opt out of sale or sharing as defined by California law.
• Submit requests at privacy@nuso.cloud or through links on our websites.
• We do not use sensitive personal information for inferring characteristics.

Short definitions

• Personal data, any information that identifies or can be reasonably linked to a person.
• Processing, any action on personal data, such as collecting, storing, using, sharing, or deleting.
• CPNI, Customer Proprietary Network Information, service details protected by FCC rules.

Quick summary

We collect only what we need, we use it to provide and improve our services, we share it only with trusted parties and authorities where required, we protect it with appropriate security, and you stay in control through your privacy rights.

‍