Privacy Policy

1. Data Controller

The data controller for your personal information is Fusion Calling. For any privacy-related inquiries, contact support@fusioncalling.com.

2. Information We Collect

a. Account and Business Information

• Email address (primary identifier)
• Full name and business details
• Profile image (if provided via OAuth)
• Account preferences and settings

b. Call and Communication Data

• Call metadata (timestamps, duration, routing)
• Call recordings or transcripts when enabled by you
• Contacts you upload or connect through integrations
• Engagement metrics and analytics

c. Visitor and Usage Analytics

• IP-based approximate location, device, and browser information
• Page visits, clicks, and interaction data
• Session, performance, and error logs

d. Payment Information

• Payments are processed by our payment partners. We receive payment status/confirmation but do not store full card details.

3. Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data based on:

• Consent (e.g., marketing communications, non-essential cookies)
• Contract (to provide and support the Service)
• Legitimate interest (security, fraud prevention, service improvement)
• Legal obligation (compliance with applicable laws)

4. How We Use Your Information

For customers and users:

• Authenticate and maintain your account
• Operate calling workflows and related features
• Process payments via trusted partners
• Provide support, updates, and service notifications
• Improve the platform and develop new capabilities

For call recipients and contacts:

• Deliver calls, messages, and requested information
• Provide analytics on call performance to the customer
• Track engagement to optimize call flows

5. Third-Party Services and Data Sharing

We integrate with third-party services for authentication, payments, messaging, storage, and analytics. By using the Service, you also agree to their respective terms and privacy policies. We do not sell or rent your personal information for marketing purposes.

• Identity providers (e.g., Google OAuth) for secure sign-in
• Payment processors for billing and subscriptions
• Messaging/voice providers to route calls and messages
• Analytics and infrastructure providers for performance and security

5.1. Google Calendar API Integration

What We Access: When you authorize our application to access your Google Calendar, we request specific permissions to:

• Read event details (event titles, times, duration, and descriptions)
• Read calendar settings to determine your availability
• Perform these functions solely for scheduling AI-powered calls and meetings

What We Do NOT Access: We do not request, store, or use:

• Write or modify permissions to your Google Calendar
• Delete events or calendar data
• Share your calendar data with third parties
• Use your calendar data for any purpose other than coordinating with our calling platform
• Use your calendar data for marketing, advertising, or profiling

Data Retention: Google Calendar event information is retained only as long as necessary to provide the scheduling functionality. When you disconnect your Google Calendar from our platform or delete your account, we immediately cease accessing your calendar data and securely delete any cached information within 30 days.

Your Control: You can revoke our access to your Google Calendar at any time through your Google Account settings or by contacting support@fusioncalling.com. Revocation is immediate and will prevent future calendar-based scheduling.

5.2. Limited Scope Usage

In accordance with the Google API Services User Data Policy, we strictly limit our use of Google API scopes to the minimum necessary to provide scheduling and calendar coordination features. We do not use any data accessed through Google APIs for purposes unrelated to the specific service you requested.

5.3. OAuth Scope Transparency

Requested Scopes: When you connect your Google Account to Fusion Calling, we request the following specific OAuth scopes:

• calendar.readonly — Read-only access to your Google Calendar events and settings

Why We Need This Scope:

• To check your availability before scheduling AI-powered calls
• To prevent scheduling conflicts with existing meetings
• To coordinate optimal call times based on your calendar

Scope Justification: We use the minimum read-only scope necessary. We explicitly do NOT request write permissions (calendar.events), which means we cannot modify, create, or delete your calendar events.

6. Data Retention

We retain personal data for as long as needed to provide the Service and fulfill the purposes outlined here, unless a longer retention period is required by law. Call recordings, transcripts, and related data are retained based on your configuration and applicable law. Payment data is retained by payment processors per their policies.

7. Your Rights (where applicable, incl. GDPR/CCPA)

Subject to local law, you may have rights to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion (erasure) of your personal data
• Restrict or object to certain processing
• Receive your data in a portable format
• Withdraw consent where processing is based on consent

To exercise these rights, contact support@fusioncalling.com. We aim to respond within 30 days.

8. Data Security and API Data Protection

For Google API Data Specifically: We implement industry-leading security practices to protect data accessed through Google APIs, including:

• End-to-end encryption for API data in transit and at rest
• Restricted access controls limiting employee access to production data
• Regular security audits and penetration testing
• Compliance with OWASP Top 10 security standards
• Secure deletion protocols for cached Google data
• No sharing of Google API data with third parties
• Separate data retention policies for API-sourced information

General Security: We implement industry-standard security measures, including encryption in transit, access controls, authentication safeguards, and regular assessments. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Prohibited Uses of API Data

In compliance with the Google API Services User Data Policy, we explicitly prohibit the use of Google Calendar data for:

• Targeted advertising or creating advertising profiles
• Selling, trading, or transferring personal information to third parties
• Building a competitive service or scraping calendar information
• Combining with other data sources for purposes beyond service delivery
• Training machine learning or AI models using your calendar data
• Any use that violates applicable laws or Google's policies

10. International Data Transfers

Your data may be processed outside your country or the European Economic Area. We use appropriate safeguards for such transfers, including standard contractual clauses or equivalent measures where required.

11. Cookies and Tracking

We use essential cookies for authentication and functionality. With consent, we may use analytics cookies to improve our services. You can manage cookie preferences through your browser settings.

12. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, please contact us for deletion.

13. Data Export and Portability

Right to Data Access: You have the right to request an export of your personal data in a commonly-used, machine-readable format (e.g., CSV, JSON). To exercise this right, contact support@fusioncalling.com.

Timeframe: We will provide your data export within 30 days of your request. For large data sets, we may require additional time but will keep you informed of progress.

Data Retention After Deletion: Upon account deletion, personal data will be removed from active systems within 30 days. Residual data in backups and logs may persist for an additional period but will not be accessed or processed for any purpose.

14. Security Incident Notification

Incident Response: In the event of a security breach or unauthorized access to your personal data, we will:

• Investigate the incident promptly
• Notify you without unreasonable delay (typically within 72 hours)
• Provide details about the nature, scope, and data affected
• Recommend steps you can take to protect yourself

Responsible Disclosure: If you discover a security vulnerability, please report it to security@fusioncalling.com rather than publicly disclosing it. We appreciate responsible disclosure and will work to address vulnerabilities promptly.

15. Third-Party Sub-Processors and Data Sharing

Sub-Processors: To deliver the Service, Fusion Calling may engage third-party sub-processors (such as cloud infrastructure providers, analytics vendors, and payment processors). These sub-processors are contractually bound to protect your data in accordance with applicable privacy laws.

Sub-Processor List: We maintain a current list of sub-processors. For the most up-to-date information, please contact privacy@fusioncalling.com.

Data Transfer Mechanisms: Where your data is transferred internationally, we employ appropriate safeguards including standard contractual clauses, adequacy decisions, or other mechanisms required by applicable data protection laws.

16. Changes to This Policy

We may update this Privacy Policy to reflect changes in practices or law. We will update the "Last updated" date and notify users of material changes when required. Continued use after changes constitutes acceptance.

17. Contact Information

For questions about this Privacy Policy, to exercise your rights, or to request account deletion, contact:

18. Data Protection & API Compliance Officer

For questions specific to Google API data handling, compliance with the Google API Services User Data Policy, or concerns about how we handle your Google Calendar information, please contact:

We maintain a commitment to transparency and accountability regarding all data accessed through Google APIs. All such data is handled with the highest standards of security and care.

19. Supervisory Authority

If you are not satisfied with our response, you may lodge a complaint with your local data protection authority. You can also contact us at support@fusioncalling.com so we can help resolve your concerns.