Version: 2026-07-04 — DRAFT, pending legal review
Dialviction Privacy Policy
This policy explains what data Dialviction (dialviction.com), operated by 99medias ("we," "us"), collects when a Tenant workspace and its Agents use the platform, and how we handle it.
1. Data we collect
- Account data: the email address and workspace slug used to sign up
- Agent data: names and email addresses of Agents, added by Tenant admins
- Call metadata: caller number, call timestamps, duration, and routing outcome — not the content of the call (see Section 2)
- Billing data: balance ledger entries and deposit transaction IDs
- Signup data: IP address and country code captured at signup
- Call recordings: only for Tenants that have enabled the recording feature — see Section 2
- Technical logs: standard application and infrastructure logs (e.g., request logs, error logs) generated by operating the service
2. Call recording
Call media flows through LiveKit's WebRTC infrastructure between caller and Agent. Call recording is optional, off by default, and controlled entirely by the Tenant. A Tenant admin must explicitly enable the feature and attest to their consent obligations before any call in their workspace is recorded (see Section 7).
When a Tenant enables recording, call audio is captured by our media processor (LiveKit egress) and stored in object storage under that Tenant's own workspace. We access stored recordings only as needed to operate the service (e.g., to serve a playback request from that Tenant's admin, or to enforce retention). Tenants that do not enable recording have no call audio captured or stored at any point.
3. Processors and subprocessors
We use the following third-party processors to operate the service:
| Processor | Purpose |
|---|---|
| LiveKit Cloud | WebRTC call media and SIP routing; call recording (egress) for Tenants that enable it |
| Resend | Transactional email (e.g., magic-link sign-in) |
| Cloudflare | DNS and reverse proxy; recording storage (R2) for Tenants that enable call recording |
| Crypto payment processor | USDT (TRC20) deposit processing |
| Sentry | Error monitoring — configured to exclude PII |
Each processor receives only the data necessary to perform its function. We do not sell access to any processor beyond what is required to run the service.
4. Why we use this data
- Service delivery: routing calls, authenticating Agents, running the softphone
- Billing: metering per-minute usage against deposited balance
- Abuse prevention: detecting and responding to violations of our Acceptable Use Policy
- Legal compliance: responding to lawful requests and meeting regulatory obligations
5. Retention
- Account and Agent data is retained for the life of the Tenant workspace, plus a wind-down period after closure to allow for account recovery and dispute resolution
- Balance ledger and deposit transaction records are retained for accounting and audit purposes, consistent with standard financial record-keeping practice
- Technical logs are rotated on a routine schedule and not retained indefinitely
- Call recordings, for Tenants that enable the feature, are deleted automatically after the Tenant-configured retention window (default 30 days), and on Tenant request
6. Sharing
We do not sell your data. We disclose data only:
- To the processors listed in Section 3, to operate the service
- When legally compelled (e.g., subpoena, court order, lawful government request)
7. Tenant responsibilities
Tenants control the data of their own Agents and callers. When a Tenant adds an Agent or handles a caller's information, the Tenant acts as the data controller for that relationship, and we process that data on the Tenant's behalf as a service provider. Tenants are responsible for having a lawful basis to collect and process their Agents' and callers' data, including any consent required under applicable law.
Tenants who enable call recording are solely responsible for obtaining any legally required consent from callers and Agents, and for complying with call-recording and wiretap laws in the jurisdictions relevant to their calls (including two-party-consent states and GDPR, where applicable).
8. Your rights and contact
To request access to or deletion of your data, contact [email protected]. We will respond in a reasonable timeframe and verify your identity before acting on the request.
Our operating jurisdiction for legal purposes is TBD, pending legal review — this section will be finalized before publication.