tipcall.io Privacy Policy


Last updated: January 8, 2024.


Our Privacy Policy provides detailed information on how we collect, use, store, and transfer your personal data. It covers purposes of processing data and legal basis, the types of data we collect, storage duration, data recipients, our obligations, your rights, and how to exercise them. If you need more detailed information or if you have any doubts after reading this privacy policy, please contact us: info@tipcall.io


1. CONTACT INFORMATION OF THE DATA CONTROLLER


SIA tipcall.io, registration number 40203422843, legal address Satekles street 2C, Riga, LV-1050, Latvia, (hereinafter referred to as "we," "us," or "company") is the controller of the personal data.

When handling personal data, we adhere to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016, commonly known as the General Data Protection Regulation (GDPR). Additionally, we comply with other relevant legal frameworks governing personal data protection, alongside the guidelines outlined in this Privacy Policy.


For inquiries regarding the protection of personal data in our company, as well as the handling of your complaints or requests, please contact us: info@tipcall.io.


The Privacy Policy is regularly updated to reflect necessary changes. Please visit the www.tipcall.io for the latest version. 


2. LEGAL BASIS FOR PERSONAL DATA PROCESSING


We may process your personal data according to the following legal basis:


Description

Legal basis

Consent

We will process your personal data if you have explicitly provided your consent for one or more specific purposes. Your consent will be obtained before any processing takes place, and you have the right to withdraw your consent at any time 

GDPR Article 6 (1) (a) 

Conclusion and performance of an agreement

We may need to process your personal data when it is necessary for the conclusion and performance of an agreement between data subject and the company. This includes fulfilling our agreement obligations and any necessary steps taken prior to entering an agreement

GDPR Article 6 (1) (b)

Legitimate interests

In certain situations, we may process your personal data based on our legitimate interests, provided that such processing is not overridden by your rights and interests. This may include pursuing legitimate business interests, such as improving our services, protecting our rights, or conducting necessary internal administrative tasks

GDPR Article 6 (1) (f)


We ensure that your personal data is processed in accordance with applicable data protection laws and regulations. We only process the personal data that is necessary and relevant for the specified purposes. Additionally, we implement appropriate security measures to protect your personal data from unauthorized access, loss, or alteration.


3. PERSONAL DATA WE COLLECT 


To provide our services, we collect certain personal data from hosts and clients, provided below:

The types of personal data we collect related to hosts and purposes for processing may include

Basic data

Full name, 

Identification data

Identity verification data such as full name, personal identification number or date of birth, country of residence

Contact information

E-mail address, phone number;

Professional qualification data

Relevant certifications or licenses; profession or occupation;


Authentication credentials

Username, password;

User account information

User ID, profile picture.


The types of personal data we collect related to clients and purposes for processing may include

Basic data

Full name,;

Identification data

Identity verification data such as full name, e-mail confirmation;

Contact information

E-mail address, phone number;

Authentication credentials

Username, password;

Payment information

Data provided by Stripe, such as name, email, billing address, payment method information (such as credit or debit card number, bank account information or payment card image) 


We only collect the necessary personal data that is relevant and essential to fulfil the purposes for which it is collected.


4. SOURCES FROM WHICH WE COLLECT DATA


We collect information from various sources to provide and enhance our services. The sources of information may include:

Directly from you

Information you provide directly through your interactions with our platform, such as during account creation for Hosts, information collected during your communication with Hosts, us as the company or when you seek support, including customer service interactions, feedback, and inquiries.

Data processing within the platform

Information generated through your usage of our services, including transaction data, logs, and other related data. Information collected through automated technologies, including cookies and similar tracking tools, when you access and navigate our website or use our services.

Received from third parties

Information obtained from third-party sources, where permissible by law, such as third party services, publicly available sources, or social media platforms.


5. THE RETENTION OF DATA


We retain your personal data for the duration necessary to fulfill the purposes outlined in this Privacy Policy. The specific retention periods may vary based on the nature of the data and the purposes for which it was collected. Once the data is no longer required for its intended purpose, we will take steps to securely and irreversibly delete it.


We have established specific retention periods for different categories of personal data based on the purpose for which the data was collected and any legal or regulatory requirements. 


Our retention periods are as follows:


Description

Retention period

We do not keep personal data linked to incomplete registrations. However, as a company, we have access to browser-related records containing IP addresses.

This data is stored for 7 days and is then securely and irreversibly erased.


Once you start using our services, we will retain your personal data for as long as you continue using the services and your consent is valid. This allows us to provide ongoing support, ensure the proper functioning of our services, and maintain accurate records of your usage of our services. We may retain your data even after you stop using our services for a certain period to ensure evidence in case of any disputes with you (legitimate interests). 


The length of such a period will cover the limitation period specified by applicable laws, which may be up to 10 years.


If a person decides to withdraw their consent for receiving marketing emails, we will promptly delete their data associated with such communication. This means that their email address and any related information will be securely removed from our marketing lists, ensuring that no further marketing emails will be sent to them. We prioritise the privacy and control of Individuals data and will fully honour their withdrawal of consent for marketing communications.


Once consent is withdrawn, we do not retain any data that would enable the sending of further marketing emails.


6. DATA SUBJECT RIGHTS


We process your data, providing you with the opportunity to inquire about the nature and extent of our processing. In some cases, you may request a reduction in the processing extent, in accordance with applicable regulatory enactments.


Your rights include the following, as per applicable regulatory enactments:

Right

Description

Access Your Personal Data

You have the right to request access, update, or deletion of the information we hold about you. If possible, you can directly access, update, or request the deletion of your personal data through your account settings. If you require assistance with these actions, please contact us. This also allows you to obtain a copy of the personal data we have about you.


Correct Your Personal Data

If the personal data we have about you is incomplete or inaccurate, you have the right to request its correction or correct them yourself on the website;


Object to Processing

You have the right to object to the processing of your personal data when we rely on legitimate interest as the legal basis for processing, and there is something specific about your situation that leads you to object to the processing. You also have the right to object to the processing of your personal data for direct marketing purposes.


Right to be forgotten or erased

If there is no valid reason for us to continue processing your personal data, you can request us to delete or remove it.


Transfer Your Personal Data

Upon your request, we will provide your personal data in a structured, commonly used, machine-readable format to you or a third party of your choice. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform an Agreement with you.


Withdraw Your Consent

You have the right to withdraw your consent for us to use your personal data. However, please note that withdrawing consent may restrict your access to certain specific functionalities of the service we provide.



To exercise your rights of access, rectification, erasure, and objection, please contact us: info@tipcall.io.  Kindly note that we may ask you to verify your identity before responding to such requests. We will make our best efforts to respond to your requests as promptly as possible.


Additionally, if you are in the EEA, you have the right to lodge a complaint with the Data Protection Authority regarding our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EU/EEA.


We have the right not to fulfill your request:

If it is not clearly formulated;

If we cannot identify you;


If we have already provided an answer to such a request;


If the amount of requested information is disproportionate;


If the request is unfounded;


If the regulatory acts stipulate that we are not entitled to provide you with such information or we are obliged to store certain of your data.



7. THIRD PARTY SERVICES WE USE


We employ third-party services to enhance and support our platform. By using our services, you acknowledge that your data may be processed by these services according to their privacy policies. While we choose reputable providers, we recommend reviewing their policies for a full understanding. We do not control these services policies, but we prioritize privacy and security in our selections. 


We use third party services, such as:

Name of service provider 

Purpose

Privacy Policies

Google Sign-In

Allows hosts to register and clients log in (authenticate) using Google Account. Data sent: e-mail address.

https://policies.google.com/privacy?hl=en-US 

Stripe

Provides payments, holds funds hosts receive from clients in connected accounts. Connected account is registered for each Host upon creating an account in Tipcall and successful verification is mandatory requirement for Host to complete onboarding and be able to publish its profile and share links to its services. Hosts can't directly log into their Stripe accounts; transfers are done by Tipcall using API. Data sent: email, call title, call cost.

https://stripe.com/en-gb-lv/privacy 

Twilio

Provides online video call technology and infrastructure, chat. Tipcall embeds Twilio using its API. Data sent: host full name or client e-mail address.

https://www.twilio.com/en-us/legal/privacy 

PostHog

Collects anonymous user behavior with the aim to enhance UX

https://posthog.com/privacy 

Google Analytics

Captures any interaction with a webapp, allows to analyze main statistics like user acquisition, engagement, bounce rate etc. Data sent: approximate geographic location, device information, browser information, general user information, operating system, URLs (visited, came from, exited from), event data (clicks on buttons, video views, file downloads)

https://support.google.com/analytics/answer/7318509?hl=en 

Cookiebot

Handles cookie consent settings, manages cookies depending on user, whether you are the host or client, selection, provides cookie policy text.

https://www.cookiebot.com/en/privacy-policy/ 


8. SAFEGUARDS FOR DATA PROTECTION


We are dedicated to safeguarding your data through a robust and continually evolving set of security measures. Our commitment extends to shielding your information from unauthorized access, accidental loss, disclosure, or destruction. 


To achieve this, we employ cutting-edge technology and adhere to stringent technical and organizational requirements designed to fortify the security of your data.


Access Controls and Confidentiality

To safeguard your data, we have established stringent policies, procedures, and access controls to ensure that only authorized personnel have access. Our team undergoes regular training on data protection practices and is bound by strict confidentiality obligations.


Data Minimization and Retention

Adhering to the principle of data minimization, we collect, process, and retain only the minimum personal data necessary for the intended purpose. Regular reviews of our data retention practices are conducted to ensure data is not retained for longer than necessary.


Third-Party Service Providers

When engaging third-party service providers, we uphold rigorous data protection standards. Our selection process involves careful assessment to ensure our partners have appropriate security measures in place, guaranteeing the protection of your data


International Data Transfers

In cases where data is transferred outside your jurisdiction, we take measures to ensure appropriate safeguards are in place. This may involve utilizing data transfer agreements, standard agreement clauses, or relying on recognized data protection mechanisms.


Compliance with Data Protection Laws

We diligently comply with applicable data protection laws and regulations. Staying updated on legal requirements, we adapt our practices accordingly to ensure ongoing compliance and the highest level of data protection.



These measures collectively reflect our unwavering commitment to maintaining the confidentiality, security, and lawful processing of your data.


9. TRANSFER OF YOUR DATA


By using our services, you acknowledge and agree that your personal data may be transferred to, stored, and processed in locations where we or our service providers operate. We ensure that any such transfer of personal data is conducted in compliance with applicable data protection laws. Additionally, we take measures to safeguard your privacy and security in accordance with our Privacy Policy.


10. COOKIES AND OTHER TECHONOLOGIES 


We may utilise cookies and similar technologies to enhance your browsing experience and provide personalised services. To learn more about cookies and other technologies we use, please visit our Cookie Policy: www.tipcall.io/cookie-policy 


11. CONTACTING US 


If you have any concerns about how we use your personal data, you can lodge a complaint with us by contacting us via email: info@tipcall.io.


If you believe that we have processed your data inappropriately, you have the right to file a complaint with the data protection supervisory authority regarding the processing of your personal data by our organisation. The relevant authority: State Data Inspectorate of the Republic of Latvia (Datu Valsts Inspekcija), address: Elijas street 17, Riga, LV-1050, Latvia. Contacting via e-mail: pasts@dvi.gov.lv or by phone: 67223131


We take all complaints seriously and will cooperate fully with the supervisory authority to resolve any issues related to the processing of your personal data.


Contact us:

Tipcall SIA

Satekles street 2C, Riga, LV-1050, Latvia 

Phone: +371 67288887

E-mail: info@tipcall.io