Privacy at CloudTalk

Welcome to the CloudTalk Privacy Center. Protecting your data is our top priority, and we are committed to maintaining the highest standards of security and privacy. On this page, you’ll find everything you need to understand how we handle and safeguard your information, our privacy policies, and details about our data privacy compliance.

Privacy and Cookie Notice

Our Privacy Notice provides a detailed overview of how we, as a data controller, collect, process, and protect your personal data in line with applicable regulations. It also explains the cookies and other tracking technologies we use on our websites to improve your experience, deliver personalized content, and analyze site performance. Additionally, the notice includes guidance on how to exercise control over your data.

GDPR Compliance

We are fully committed to GDPR compliance, adhering to the highest standards of data privacy and protection. We ensure that all personal data is processed in accordance with GDPR requirements, maintaining transparency, accountability, and security throughout our operations. Below, you will find detailed documentation outlining our GDPR policies, practices, and the measures we take to safeguard your data in full compliance with the regulation.

Data Protection Officer

We have appointed a dedicated Data Protection Officer (DPO) who oversees our compliance with GDPR and other applicable data protection regulations. The DPO is responsible for ensuring the lawful and transparent handling of personal data, advising on privacy matters, and acting as the primary contact point for data protection authorities and individuals whose data we process.

You can contact our DPO at privacy@cloudtalk.io.

Frequently Asked Questions

Where is my data stored?

Call recordings and AI data, such as call transcripts are stored in Germany, EU. Other data maybe processed and stored in secure Amazon AWS data centres, located in four AWS regions: Frankfurt (eu-central-1), Northern Virginia (us-east-1), Singapore (ap-southeast-1), and Sydney (ap-southeast-2). Leveraging multiple AWS regions enhances our disaster recovery capabilities, also ensuring high availability and low call latency.

Do you store or transfer my data outside the EU?

Yes, some data is transferred to partners outside the EU, but always under GDPR-compliant safeguards (see below). You can view the list of our sub-processors and their location here.

Is it compliant with GDPR to transfer my data outside the EU?

Yes. GDPR allows international data transfers if appropriate safeguards are in place. CloudTalk ensures all such safeguards are met. We have entered into Data Processing Agreements (DPAs) that incorporate Standard Contractual Clauses (SCCs) with each sub-processor. Additionally, we have conducted a Transfer Impact Assessment (TIA) for all non-EEA data transfers, as per GDPR requirements. Every sub-processors is assessed to ensure their technical and organisational measures are compliant with GDPR and international standards such as SOC 2 and ISO 27001. The TIA and other relevant documentation is available at trust.cloudtalk.io.

What is the legal basis for processing my data?

We describe the categories, purpose and legal basis for processing your data at cloudtalk.io/privacy-notice.

Do you have a Data Processing Agreement (DPA)?

Yes, our DPA is available at cloudtalk.io/dpa and forms an inseparable part of our standard service agreement.

Do you use sub-processors?

Yes. We work with carefully selected sub-processors who meet GDPR standards. You can find the full list at cloudtalk.io/sub-processors.

How do you ensure sub-processors are GDPR-compliant?

We have entered into Data Processing Agreements (DPAs) that incorporate Standard Contractual Clauses (SCCs) with each sub-processor. Additionally, we have conducted a Transfer Impact Assessment (TIA) for all non-EEA data transfers, as per GDPR requirements. Every sub-processors is assessed to ensure their technical and organisational measures are compliant with GDPR and international standards such as SOC 2 and ISO 27001. You can find all supporting documentation at trust.cloudtalk.io.

How do you protect my data?

We implement strict security measures including encryption, access controls, and regular audits, in line with our ISO 27001 certification and SOC 2 audit. All measures are described in our Security Whitepaper.

Do you have a data protection officer?

Yes. You can contact our dpo at privacy@cloudtalk.io.

How can I exercise my rights under GDPR (access, deletion, etc.)?

You can contact us at privacy@cloudtalk.io to request data access, correction, deletion, or portability.

CCPA Compliance

We adhere to all CCPA requirements, ensuring the protection of personal data and the privacy rights of California residents. Our practices are designed to provide transparency and control over data usage. Learn more about our CCPA compliance here: