tipcall.io Privacy Policy
Last updated: January 8, 2024.
Our Privacy Policy provides detailed information on how we collect, use, store, and transfer your personal data. It covers purposes of processing data and legal basis, the types of data we collect, storage duration, data recipients, our obligations, your rights, and how to exercise them. If you need more detailed information or if you have any doubts after reading this privacy policy, please contact us: info@tipcall.io.
SIA tipcall.io, registration number 40203422843, legal address Satekles street 2C, Riga, LV-1050, Latvia, (hereinafter referred to as "we," "us," or "company") is the controller of the personal data.
When handling personal data, we adhere to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016, commonly known as the General Data Protection Regulation (GDPR). Additionally, we comply with other relevant legal frameworks governing personal data protection, alongside the guidelines outlined in this Privacy Policy.
For inquiries regarding the protection of personal data in our company, as well as the handling of your complaints or requests, please contact us: info@tipcall.io.
The Privacy Policy is regularly updated to reflect necessary changes. Please visit the www.tipcall.io for the latest version.
We may process your personal data according to the following legal basis:
|
|
Description |
Legal basis |
|
Consent |
We will process your personal data if you have explicitly provided your consent for one or more specific purposes. Your consent will be obtained before any processing takes place, and you have the right to withdraw your consent at any time |
GDPR Article 6 (1) (a) |
|
Conclusion and performance of an agreement |
We may need to process your personal data when it is necessary for the conclusion and performance of an agreement between data subject and the company. This includes fulfilling our agreement obligations and any necessary steps taken prior to entering an agreement |
GDPR Article 6 (1) (b) |
|
Legitimate interests |
In certain situations, we may process your personal data based on our legitimate interests, provided that such processing is not overridden by your rights and interests. This may include pursuing legitimate business interests, such as improving our services, protecting our rights, or conducting necessary internal administrative tasks |
GDPR Article 6 (1) (f) |
We ensure that your personal data is processed in accordance with applicable data protection laws and regulations. We only process the personal data that is necessary and relevant for the specified purposes. Additionally, we implement appropriate security measures to protect your personal data from unauthorized access, loss, or alteration.
To provide our services, we collect certain personal data from hosts and clients, provided below:
|
The types of personal data we collect related to hosts and purposes for processing may include |
|
|
Basic data |
Full name, |
|
Identification data |
Identity verification data such as full name, personal identification number or date of birth, country of residence |
|
Contact information |
E-mail address, phone number; |
|
Professional qualification data |
Relevant certifications or licenses; profession or occupation; |
|
Authentication credentials |
Username, password; |
|
User account information |
User ID, profile picture. |
|
The types of personal data we collect related to clients and purposes for processing may include |
|
|
Basic data |
Full name,; |
|
Identification data |
Identity verification data such as full name, e-mail confirmation; |
|
Contact information |
E-mail address, phone number; |
|
Authentication credentials |
Username, password; |
|
Payment information |
Data provided by Stripe, such as name, email, billing address, payment method information (such as credit or debit card number, bank account information or payment card image) |
For users who connect their Google accounts, we also collect calendar data, which is used as described in our 'Google User Data and Limited Use Requirements' section.
We only collect the necessary personal data that is relevant and essential to fulfil the purposes for which it is collected.
We collect information from various sources to provide and enhance our services. The sources of information may include:
|
Directly from you |
Information you provide directly through your interactions with our platform, such as during account creation for Hosts, information collected during your communication with Hosts, us as the company or when you seek support, including customer service interactions, feedback, and inquiries. |
|
Data processing within the platform |
Information generated through your usage of our services, including transaction data, logs, and other related data. Information collected through automated technologies, including cookies and similar tracking tools, when you access and navigate our website or use our services. |
|
Received from third parties |
Information obtained from third-party sources, where permissible by law, such as third party services, publicly available sources, or social media platforms. When you choose to connect your Google account, we access data through Google's OAuth service. |
We retain your personal data for the duration necessary to fulfill the purposes outlined in this Privacy Policy. The specific retention periods may vary based on the nature of the data and the purposes for which it was collected. Once the data is no longer required for its intended purpose, we will take steps to securely and irreversibly delete it.
We have established specific retention periods for different categories of personal data based on the purpose for which the data was collected and any legal or regulatory requirements.
Our retention periods are as follows:
|
Description |
Retention period |
|
We do not keep personal data linked to incomplete registrations. However, as a company, we have access to browser-related records containing IP addresses. |
This data is stored for 7 days and is then securely and irreversibly erased. |
|
Once you start using our services, we will retain your personal data for as long as you continue using the services and your consent is valid. This allows us to provide ongoing support, ensure the proper functioning of our services, and maintain accurate records of your usage of our services. We may retain your data even after you stop using our services for a certain period to ensure evidence in case of any disputes with you (legitimate interests). |
The length of such a period will cover the limitation period specified by applicable laws, which may be up to 10 years. |
|
If a person decides to withdraw their consent for receiving marketing emails, we will promptly delete their data associated with such communication. This means that their email address and any related information will be securely removed from our marketing lists, ensuring that no further marketing emails will be sent to them. We prioritise the privacy and control of Individuals data and will fully honour their withdrawal of consent for marketing communications. |
Once consent is withdrawn, we do not retain any data that would enable the sending of further marketing emails. |
We process your data, providing you with the opportunity to inquire about the nature and extent of our processing. In some cases, you may request a reduction in the processing extent, in accordance with applicable regulatory enactments.
Your rights include the following, as per applicable regulatory enactments:
|
Right |
Description |
|
Access Your Personal Data |
You have the right to request access, update, or deletion of the information we hold about you. If possible, you can directly access, update, or request the deletion of your personal data through your account settings. If you require assistance with these actions, please contact us. This also allows you to obtain a copy of the personal data we have about you. |
|
Correct Your Personal Data |
If the personal data we have about you is incomplete or inaccurate, you have the right to request its correction or correct them yourself on the website; |
|
Object to Processing |
You have the right to object to the processing of your personal data when we rely on legitimate interest as the legal basis for processing, and there is something specific about your situation that leads you to object to the processing. You also have the right to object to the processing of your personal data for direct marketing purposes. |
|
Right to be forgotten or erased |
If there is no valid reason for us to continue processing your personal data, you can request us to delete or remove it. |
|
Transfer Your Personal Data |
Upon your request, we will provide your personal data in a structured, commonly used, machine-readable format to you or a third party of your choice. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform an Agreement with you. |
|
Withdraw Your Consent |
You have the right to withdraw your consent for us to use your personal data. However, please note that withdrawing consent may restrict your access to certain specific functionalities of the service we provide. |
To exercise your rights of access, rectification, erasure, and objection, please contact us: info@tipcall.io. Kindly note that we may ask you to verify your identity before responding to such requests. We will make our best efforts to respond to your requests as promptly as possible.
Additionally, if you are in the EEA, you have the right to lodge a complaint with the Data Protection Authority regarding our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EU/EEA.
|
We have the right not to fulfill your request: |
|
If it is not clearly formulated; |
|
If we cannot identify you; |
|
If we have already provided an answer to such a request; |
|
If the amount of requested information is disproportionate; |
|
If the request is unfounded; |
|
If the regulatory acts stipulate that we are not entitled to provide you with such information or we are obliged to store certain of your data. |
When you choose to connect your Google account to our service, we access and use certain information from your Google account in accordance with Google's Limited Use requirements. This includes:
- Types of Data: We access your calendar event data and email address from your Google account.
- Use of Data: This data is used solely for the purpose of providing and improving our service's core functionality. Specifically:
- Calendar data is used to facilitate scheduling within our application.
- Your email is used for account identification and communication purposes.
- Data Storage: We store this data securely in our database. It is not published publicly or made visible to other authenticated users.
- Limited Use: In compliance with Google's Limited Use requirements:
- We only use your Google user data to provide or improve user-facing features that are prominent in our application's user interface.
- We do not transfer this data to others unless doing so is necessary to provide and improve these features, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets (with user consent).
- We do not use or transfer your Google user data for serving ads, including retargeting, personalized, or interest-based advertising.
- We do not allow humans to read this data unless: a. We have your affirmative agreement for specific messages, files, or other data, b. It is necessary for security purposes such as investigating abuse, c. It is required to comply with applicable laws.
- Data Protection: We employ industry-standard security measures, including encryption and secure cloud infrastructure, to protect your Google user data.
- User Control: You can revoke our access to your Google user data at any time through your Google account settings or by contacting us at info@tipcall.io.
We employ third-party services to enhance and support our platform. By using our services, you acknowledge that your data may be processed by these services according to their privacy policies. While we choose reputable providers, we recommend reviewing their policies for a full understanding. We do not control these services policies, but we prioritize privacy and security in our selections.
We use third party services, such as:
|
Name of service provider |
Purpose |
Privacy Policies |
|
Google Sign-In |
Allows hosts to register and clients log in (authenticate) using Google Account. Data sent: e-mail address. |
|
|
Google OAuth |
Google OAuth: Allows users to grant our application access to specific Google services data, such as calendar events. Data received: calendar data, email address, and basic profile information as authorised by the user. |
|
|
Stripe |
Provides payments, holds funds hosts receive from clients in connected accounts. Connected account is registered for each Host upon creating an account in Tipcall and successful verification is mandatory requirement for Host to complete onboarding and be able to publish its profile and share links to its services. Hosts can't directly log into their Stripe accounts; transfers are done by Tipcall using API. Data sent: email, call title, call cost. |
|
|
Twilio |
Provides online video call technology and infrastructure, chat. Tipcall embeds Twilio using its API. Data sent: host full name or client e-mail address. |
|
|
PostHog |
Collects anonymous user behavior with the aim to enhance UX |
|
|
Google Analytics |
Captures any interaction with a webapp, allows to analyze main statistics like user acquisition, engagement, bounce rate etc. Data sent: approximate geographic location, device information, browser information, general user information, operating system, URLs (visited, came from, exited from), event data (clicks on buttons, video views, file downloads) |
|
|
Cookiebot |
Handles cookie consent settings, manages cookies depending on user, whether you are the host or client, selection, provides cookie policy text. |
We are dedicated to safeguarding your data through a robust and continually evolving set of security measures. Our commitment extends to shielding your information from unauthorized access, accidental loss, disclosure, or destruction.
To achieve this, we employ cutting-edge technology and adhere to stringent technical and organizational requirements designed to fortify the security of your data.
|
Access Controls and Confidentiality |
To safeguard your data, we have established stringent policies, procedures, and access controls to ensure that only authorized personnel have access. Our team undergoes regular training on data protection practices and is bound by strict confidentiality obligations. |
|
Data Minimization and Retention |
Adhering to the principle of data minimization, we collect, process, and retain only the minimum personal data necessary for the intended purpose. Regular reviews of our data retention practices are conducted to ensure data is not retained for longer than necessary. |
|
Third-Party Service Providers |
When engaging third-party service providers, we uphold rigorous data protection standards. Our selection process involves careful assessment to ensure our partners have appropriate security measures in place, guaranteeing the protection of your data. These safeguards apply to all data we collect, including data obtained from connected Google accounts. |
|
International Data Transfers |
In cases where data is transferred outside your jurisdiction, we take measures to ensure appropriate safeguards are in place. This may involve utilizing data transfer agreements, standard agreement clauses, or relying on recognized data protection mechanisms. |
|
Compliance with Data Protection Laws |
We diligently comply with applicable data protection laws and regulations. Staying updated on legal requirements, we adapt our practices accordingly to ensure ongoing compliance and the highest level of data protection. |
These measures collectively reflect our unwavering commitment to maintaining the confidentiality, security, and lawful processing of your data.
By using our services, you acknowledge and agree that your personal data may be transferred to, stored, and processed in locations where we or our service providers operate. We ensure that any such transfer of personal data is conducted in compliance with applicable data protection laws. Additionally, we take measures to safeguard your privacy and security in accordance with our Privacy Policy.
We may utilise cookies and similar technologies to enhance your browsing experience and provide personalised services. To learn more about cookies and other technologies we use, please visit our Cookie Policy: www.tipcall.io/cookie-policy
If you have any concerns about how we use your personal data, you can lodge a complaint with us by contacting us via email: info@tipcall.io.
If you believe that we have processed your data inappropriately, you have the right to file a complaint with the data protection supervisory authority regarding the processing of your personal data by our organisation. The relevant authority: State Data Inspectorate of the Republic of Latvia (Datu Valsts Inspekcija), address: Elijas street 17, Riga, LV-1050, Latvia. Contacting via e-mail: pasts@dvi.gov.lv or by phone: 67223131
We take all complaints seriously and will cooperate fully with the supervisory authority to resolve any issues related to the processing of your personal data.
Contact us:
Tipcall SIA
Satekles street 2C, Riga, LV-1050, Latvia
Phone: +371 67288887
E-mail: info@tipcall.io