Privacy Policy
This Privacy Policy explains how Limited Liability Company "VoipTower" ("VoipTower", "we", "us", "our") collects, uses, and protects personal data when you visit our website and use our services.
We believe in describing what we do plainly. If anything here is unclear, contact us at the address below.
Who we are
Limited Liability Company "VoipTower"
Ukraine, 49000, Dnipropetrovsk region, Dnipro city, Heroiv ave., building 30, apt. 337
Legal entity registration number (EDRPOU): 45469468
Data enquiries: privacy@voiptower.company
What data we collect
1. Information you give us directly
When you submit a form on our website (onboarding request, service enquiry, contact form, or KYC verification), we collect the information you provide. Depending on the form, this may include:
- Contact details (name, company, email, phone, preferred messenger)
- Details about the services you are interested in
- Identity and company verification documents submitted for KYC (Know Your Customer) purposes — for example, company registration documents, director identification, address details, or a Letter of Intent, depending on the destination and operator requirements. These are sensitive documents and we treat them accordingly (see "How we store and protect data" below).
2. Information collected automatically
When you visit our website, certain data is collected automatically:
- Technical and security data processed by our infrastructure provider, Cloudflare, including your IP address, browser type, and request metadata. This is used to deliver the site, protect against abuse, and keep the service secure.
- Analytics and advertising data collected through cookies and similar technologies, where you have consented (see our Cookie Policy). This includes how you found our site, which pages you view, and interactions with our advertising.
3. Third-party services that may process your data
We use the following third-party services that may collect or receive data from your visit:
- Google Analytics 4 — website analytics (consent-based).
- Google Ads — advertising and conversion measurement (consent-based).
- Cloudflare — website delivery, security, and our application infrastructure (Workers).
- SendPulse — our live-chat provider processes messages you send through the chat widget. See the SendPulse Privacy Policy: https://sendpulse.com/legal/pp
Why we use your data
We use personal data to:
- Respond to your enquiries and process onboarding requests
- Perform identity and regulatory KYC verification required to provision services
- Deliver, secure, and maintain our website and services
- Measure and improve our website and advertising (where you have consented)
- Meet legal, regulatory, and financial-reporting obligations
How we store and protect data
- Form submissions are stored in our secure cloud storage (Cloudflare R2). A copy is also delivered to our internal email during the first 4 hours after submission, after which the email copy is no longer retained. Retention periods for stored submissions are set out in "How long we keep data" below.
- Access is limited to the people who need it to deliver the service: our support leads (to arrange provisioning with the operator), our head of sales (for verification), and the company owner.
- KYC documents are handled with restricted access as described above and are not used for any purpose other than verification and provisioning.
How long we keep data
Contact and enquiry data (email copies): email copies of form submissions are retained for the first 4 hours after submission only.
Analytics data (Google Analytics 4): event-level data is retained for 2 months and user-level data for 14 months, per our current GA4 configuration.
KYC / CDD documents and data. We collect, process, and store client KYC/CDD documents to the extent necessary to identify the client, verify their legal capacity, assess risk, perform contractual obligations, and comply with applicable law, including sanctions, AML/CFT, and fraud-prevention requirements.
KYC/CDD documents and data include, among others: client registration documents; documents confirming the authority of representatives; information on ultimate beneficial owners; identity documents of individuals; proof of address; the results of sanctions and compliance checks; risk assessments; and correspondence and other materials related to client verification and to establishing or maintaining the business relationship.
We retain a client's KYC/CDD documents for the entire duration of the business relationship and for no less than 5 years after it ends, unless a longer period is required by applicable law, by a competent regulator, by contract, by our internal compliance policies, or by the need to protect the rights and legitimate interests of the Company. Where the law applicable to the client, the transaction, the client's country of registration, the country where services are provided, the location of beneficial owners, or another material part of the relationship prescribes a longer retention period, we apply that longer period — for example, retaining documents for 7 or 10 years in jurisdictions where such periods apply.
The retention period is counted from the date the business relationship ends, the account is closed, the provision of services is completed, or the relevant one-off transaction is finalised — whichever occurs later and whichever basis applies to the particular type of document.
Documents and data relating to individual transactions, technical events, payments, routing, investigations, claims, disputes, chargebacks, fraud/abuse incidents, sanctions matches, or requests from public authorities may be stored separately and for a longer period where necessary to comply with the law, protect the Company's rights, conduct an internal investigation, respond to an official request, or resolve a dispute.
Once the applicable retention period expires, KYC/CDD documents are deleted, anonymised, or otherwise securely destroyed, unless the Company has a lawful basis for continued retention. We do not keep KYC/CDD documents longer than necessary for the purposes for which they were collected, except where longer retention is required by law, by a regulatory requirement, by a judicial, administrative, or other official process, or is necessary to protect the rights and legitimate interests of the Company.
Restricted jurisdictions
We do not provide services to, and restrict onboarding from, certain jurisdictions (Russia, North Korea, Iran, Belarus, and occupied territories of Ukraine).
International transfers
Some of our service providers (for example, Google and Cloudflare) may process data outside Ukraine and outside the EU.
Your rights
Depending on your location, you may have the right to access, correct, delete, or restrict the processing of your personal data, to object to processing, and to withdraw consent at any time. To exercise any of these rights, contact us at privacy@voiptower.company.
For visitors in the EU, you also have the right to lodge a complaint with your local data protection authority.
Cookies
We use cookies and similar technologies as described in our Cookie Policy. For visitors in the EU, analytics and advertising cookies are only set after you give consent through our cookie banner.
Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent version.
Governing law
This Privacy Policy is governed by the laws of Ukraine.
Contact
Questions about this policy or your data: privacy@voiptower.company