Estech Systems, Inc. referred to as “ESI”, developed and adopted this Privacy and Security Policy to describe our privacy values and guide our processing of personal information. By purchasing, subscribing to, or utilizing the ESI products or services, or registering to attend, attending and/or participating in any ESI sponsored events or other events in which ESI participates, you agree to be bound by the terms and conditions of this Privacy Policy.
The obligations and responsibilities set out in this Privacy Policy are applicable to ESI and its personnel, in addition to any other applicable policies or agreements entered into with ESI and any applicable laws and/or regulations.
ESI respects the privacy of its customers, partners, agents, subscribers, suppliers, sub-processors (“Clients”) and other individuals with whom ESI has business interactions.
This policy applies to personally identifiable information regardless of format. For example, the policy applies to computerized records and electronic information as well as paper-based files.
It is also applicable to all personally identifiable information that is collected, stored, maintained or processed by ESI. The concepts enumerated in this policy will guide ESI’s expectations of its Clients and/or contractors to whom ESI transfers and relies on for processing of personally identifiable information.
ESI provides the technology platform for hosted or “cloud” unified communications as a service offerings (UCaaS) as well as premise-based PBX solution (collectively, the “Services”). These Services merely act as a conduit for data transmitted by third parties and the end users of our Services (“Subscribers”). ESI processes personal information that is controlled by or originated from other companies, such as our Clients or other business partners. ESI also processes personal information in the course of providing support for ESI communications products such as telephone equipment (“Products”). ESI shall protect the personal information, comply with all applicable laws that regulate the processing of such personal information, and process the information only as authorized by the data controller and the data subject as appropriate. Accordingly, ESI relies on guidance and direction of the Client (as the data controller), who determines the purposes of processing such personal information. In some cases, ESI may collect and process personal information for our own business purposes and shall comply with the applicable privacy laws concerning ESI processing.
In providing its Services, ESI relies on various Sub-processors. Below is a list of ESI Sub-processors, where personal data may be processed in order to enable the use of features and ancillary services offered with ESI Products and Services.
ESI processes and in certain situations collects personal information as needed to deliver its Products and Services and manage its business. When collecting personal information, ESI does so in a reasonable and lawful manner.
The types of information and the purposes for which ESI collects or processes personal information may include:
Indirect End User Phone Contact Information (Personally Identifiable Information or “PII”)
ESI acts as a data processor with regard to indirect end user personally identifiable information and our Clients act as the data controller of such data. In the course of ESI’S processing and protection of such data, ESI will endeavor to use such data in conformity with the data controller’s instructions.
Specifically, only when enabled via system permission on ePhoneGO2 Android and ePhoneGO2 iOS, ESI shows personal contacts within the respective application. When the user sends an SMS message to one of their phone contacts, or when the user initiates a call to one of their phone contacts, the phone number is sent securely through ESI’s API. ESI does not store this number with any other PII, and it cannot be directly or indirectly attributed to any person or persons; ESI stores only the phone number and pertinent metadata so as to be compliant with all applicable state and federal laws, and ESI does not share this data with any advertisers or third parties under any circumstances subject to the exceptions provided in this policy or the Basic Services Agreement. A user can revoke phone contact access on their mobile device at any time, and their app experience is not hindered or interrupted.
ePhoneGO2 Android and iOS also uses Gravatar, only when enabled via Settings and UIConfigs, which is a service that provides avatar images linked to the MD5 hash of the user’s email address. This means that, only when Gravatar use is enabled, we hash each contact’s email address and send it to Gravatar to try and retrieve an avatar image. MD5 hashes cannot be directly or indirectly attributed to any person or persons, and we only send the MD5 hash to Gravatar, never the email address in plain text. As with phone contacts, a user can revoke Gravatar access at any time in Settings or via UIConfig, and their app experience is not hindered or interrupted.
Clients
ESI uses such personally identifiable information only for relevant, appropriate, and customary purposes. ESI will not share or disclose personal information for purposes other than as described herein. “Clients” include ESI customers, partners, agents, subscribers, suppliers, sub-processors and contractors.
Business Contact Information
ESI may collect and use personal information about individual contacts of Clients and others who access ESI public websites, knowledge bases, forums, ticket systems, or provide personal information through other means. Such information may include but is not limited to account information, first/last name, company name, title, and responsibilities, work email address, work mailing address, telephone numbers, login information, device identifiers, as well as additional information provided by such individuals in the course of receiving Products and Services from ESI and/or requesting information about ESI. We will use such information for the purposes of providing Products and Services, support, conducting data analytics and product assessments and related activities, and providing information regarding ESI Products and Services.
Customer Proprietary Network Information (CPNI)
Customer Proprietary Network Information (CPNI) may include information regarding quantity, destination, technical configuration, location, and amount of use and related billing information of telecommunications, interconnected and/or non-interconnected Voice over Internet Protocol (VoIP) services. This may include but is not limited to the phone numbers that you call or send messages to (or the phone numbers that you receive these calls and messages from) through our Products and Services. The date, time and duration of the calls may also be collected.
ESI provides Products and Services that are primarily for the benefit of Clients and Subscribers in that ESI transmits, routers, switches or caches information. These Products and Services merely act as a conduit for data transmitted by third parties and Subscribers.
ESI does not determine the purposes and means of processing this personal information. Except for Subscriber data provided by the Client (the Subscribers service provider) for which ESI is merely providing a conduit for transmission, the subscribed services are of such a nature that, in most instances, ESI requires and collects only essential CPNI and billing information; and opting out or declining to provide the requested data may hinder the provision or delivery of subscribed Services. However, for CPNI data that is collected by ESI that is not subject to the control of others, ESI shall obtain consent from the Subscriber or other owner of such data for the processing of this data.
ESI collects CPNI in the course of providing technical support. This data may pertain to Clients of ESI or Subscribers (eg: end users of ESI’s direct Clients). This data may include IP address, telephone number, email address, call detail records, call recordings and other information sufficient to identify an individual end user.
Indirect End User’s CPNI
ESI acts as a data processor with regard to indirect end user (Subscriber) personal information and our Clients act as the data controller of such data. ESI’s access and use of such information are governed by contractual agreements with our business customers, who retain primary responsibility for obtaining necessary consents from their end users.
Direct End User’s CPNI
ESI typically collects and processes direct end user (eg: Clients, vendors, and partners) personal information for the purposes of providing Products and Services, support, conducting data analytics and managing product performance.
Messaging, Voicemail, Video and Media Files
ESI provides Products and Services that facilitate the recording and storage of audio and video by way of features such as but not limited to voicemail, call and conference recording. Users may elect to store or record personal information within these resources at their discretion.
Anonymized, Non-Identifying Voice and Traffic Data
ESI may use anonymized, non-identifying data collected from use of our ESI Products and Services. This anonymized, non-identifying data may be used to enhance such items, but is not limited to, voice activation, improving traffic analysis algorithms and techniques, and recognition algorithms. This processing is executed under applicable terms and supports ESI’S legitimate interests in tuning, maintaining and enhancing these Products and Services.
Cookies
ESI websites may use cookies to collect certain kinds of personal information about Subscribers or users of its Products, Services or websites. For more information on how ESI uses cookies and choices available to Subscribers and users please refer Cookies.
We collect information in various ways, including the following:
When you use one of our Products or Services, ESI collects, and stores certain information that you provide directly. We also collect information about your use of the Products and Services.
Cookies
A cookie (also known as an HTTP cookie, web cookie, or browser cookie) is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity. Cookies were designed to be a reliable mechanism for websites to remember useful information (such as items in a shopping cart) or to record the user’s browsing activity (including clicking particular or specific buttons, logging in or recording which pages were visited by the user as far back as months or years ago).
Utilization of Cookies
A visit to a page on www.esi-estech.com or www.esi-legal.com may generate the following types of cookie(s):
Anonymous Analytics Cookies
Every time a user visits an ESI website, software provided by another organization (such as Google Analytics) generates an ‘anonymous analytics cookie’. These cookies can tell us whether you have visited the site before. Your browser will inform us if you have these cookies and, if you don’t, our website generates new ones. This allows ESI to track how many individual users we have and how often they visit the site. Unless you are signed in to www.esihs.net or any other applicable ESI websites, we cannot use these cookies to identify individuals. We use these cookies to gather statistics: for example, the number of visits to a page. If you are logged in to the ESI website, we will also be provided the details you gave to us for this, such as but not limited to your username and email address.
Registration Cookies
When you register with an ESI website, such as www.esihs.net, ESI generates cookies that inform us whether you are signed in or not. Our servers use these cookies to determine which account you are signed in with and whether you are allowed access to a particular Product or Service.
Advertising (Ad) Cookies
These cookies allow ESI to know whether you’ve seen a specific ad or the type of ad, and for how long you have viewed it. We also utilize cookies to help us direct targeted advertising.
Other Third-Party Cookies
ESI does not use third-party cookies on their websites.
How To Turn Cookies Off
It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a specific website. Most modern browsers allow you to change your cookie settings. You can usually find these settings in the ‘options’ or ‘preferences’ menu of your browser. To understand these settings, you can use the ‘Help’ option in your browser for more details. It is solely your responsibility to stop cookies in your browser if desired.
Note: If you block the use of cookies, then this will limit the service that we are able to provide to you and may affect your visitor/user experience.
Other Passive Site Tracking
Websites may also utilize Internet Protocol (IP) addresses and log files to identify network and server concerns and problems. ESI also utilizes web beacons and other passive tracking mechanisms to perform standard website traffic analysis in a similar manner to how we utilize cookies.
Credit Card Information
ESI only collects credit card information in order to bill for purchased or subscribed to Products and Services. ESI utilizes third-party credit card payment processing agents (where these agents are required to implement reasonable and appropriate measures to protect and secure this information from loss or misuse) solely for the purpose of processing payments for those Products and Services purchased or subscribed to. These payment processors use of your personal information is governed by their privacy policies, as well as adhering to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of major credit card brands.
Vendors, Suppliers and Contractors
ESI may collect personal information about individuals who are employed by our suppliers and vendors. This business contact and payment information are strictly used to administer existing and future business arrangements.
We use your information primarily and as necessary to provide you with the various ESI Products and Services, including but not limited to one or more of the following ways: to create your accounts and allow use of our Products, to provide technical support and respond to Client inquiries, to prevent fraud or potentially illegal activities, for legal compliance purposes, including regulatory reporting, investigation of allegations of wrongdoing, and the management and defense of legal claims and actions, and compliance with subpoenas, court orders, and other legal obligations, to enforce our other agreements with you, to notify Clients and/or Subscribers of application updates, and to inform Clients and/or Subscribers about new products or promotional offers.
Service Portals
If you have created a user profile on any ESI service portal (www.esi-estech.com/support, www.estech.billcenter.net), you may access and revise the personal information in your user profile when you log into your account. In general, these portals will only require minimal personal information that is necessary to provide and administer the service.
Marketing Materials
If you provide us with your email address or other business contact information to enable us to provide communications and information to you, we may use the information for providing such communications including the delivery of press releases and other ESI marketing materials. You may request to no longer receive ESI marketing communications by following the “unsubscribe” instructions in emails from ESI or by sending a request to the contact identified below.
In the rare and unlikely event that ESI wishes to use an individual’s personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals, ESI will seek consent in advance as required by applicable law.
We may disclose or report information that individually identifies Clients, Subscribers or devices in certain circumstances, such as:
(i) if we have a good faith belief that we are required to disclose the information in response to a valid legal process (for example, a court order, search warrant or subpoena, or to defend or respond to legal actions, and as otherwise authorized by law, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements); (ii) to satisfy applicable laws, (iii) if we believe that the Products and Services are being used in an unauthorized, unlawful or abusive manner, such as to commit a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction, (iv) if we have a good faith belief that there is an emergency that poses a threat to the health or safety of a person or the general public, (v) in order to protect the rights or property of ESI, including enforcement of our Intellectual Property Rights and terms of the Agreement(s), and (vi) for all other purposes with your consent. We may also provide your information to third party companies to perform services on our behalf, including but not limited to payment processing, data analysis, message delivery, hosting services, customer service, and marketing.
If ESI enters into or is conducting preliminary steps which might lead to a merger, acquisition or sale of all or a portion of its assets or business, Client and Subscriber information, including personal information, may be disclosed in due diligence subject to reasonable confidentiality provisions and will also be transferred as part of or in connection with the transaction as necessary.
Information Disclosure
Internal Disclosure
In general, personal information may be shared within ESI, where legally permitted for reasonable and appropriate corporate purposes. However, even within ESI, we restrict access to personal information to those employees, agents, or contractors who need access to carry out their assigned functions.
External Disclosure
ESI uses vendors and partners for a variety of business purposes, such as to help us develop, deploy and invoice for the various Products and Services we provide. We share information with those vendors and partners when it is necessary for them to perform work on our behalf.
ESI requires that these vendors and partners protect the customer information we provide to them and limit their use of such information to their respective processing activity. ESI will only transfer or provide direct access to personal information covered by this policy to third parties that have made a commitment to respect the privacy rights of the data subject; limit processing of personal information to comply with data controller instructions; and provide ESI contractual assurances that they will provide at least the same level of privacy protection as is required by applicable privacy laws.
We implement security measures we believe are reasonable to protect your information. These safeguards include reasonable administrative, technical and physical measures to safeguard the confidentiality and security of personal information against anticipated threats and unauthorized access to personal information. It is important that you protect and maintain the security of your account and you need to immediately notify us of any unauthorized use of your account. Remember, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot and do not guarantee its absolute security.
Personal information collected by ESI will be retained for as long as necessary and legally permitted for the purposes for which it was collected, to provide you with Products and Services, enforce our legal agreements and policies and to conduct our legitimate business interests or where otherwise required by law.
ESI employs reasonable means to keep personal information accurate, complete, and current, as needed for the purposes for which it was collected.
We generally provide individuals with an opportunity to examine their own personal information, confirm the accuracy and completeness of their personal information, and have their personal information updated, if appropriate.
The ability of an individual to access his or her personal information is not unlimited, however. An individual’s ability to access personal information may be limited, for example, where (i) the burden or expense of providing access would be unreasonable or disproportionate to the risks to the individual’s privacy, (ii) the information should not be disclosed due to legal or security reasons or to protect confidential commercial information; or (iii) providing access would compromise the privacy of another person.
If you have created a user profile on a portal, you may also access and revise the personal information in your user profile when you log into your account.
Individuals who wish to access or update their personal information not accessible via a portal should direct such communications to marketing@esi-estech.com.
ESI websites, Products and/or Services may include social network or other third-party plugins and widgets not operated by us. Accessing these links to other sites is done at your own option and is not part of any ESI’s offerings. ESI has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services. We strongly advise you to review each privacy policy provided at the respective site.
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is United States legislation that provides data privacy and security provisions for safeguarding medical information. Subscriber acknowledges and agrees that unless the ESI Products and Services description expressly states otherwise, the Products and Services do not comply with the requirements of the Health Insurance Portability and Accountability Act, as amended, and its implemented regulations. Unless the Products and Services description expressly states otherwise or ESI has entered into a Business Associate Agreement with the Subscriber allowing it, Subscriber agrees that it will not use the Products and Services to create, receive, transmit, maintain, store, use, disclose, or otherwise cause the Products and Services to handle Protected Health Information (“PHI”) as defined under HIPAA. Subscriber retains complete and full responsibility to ensure that the Products and Services are only applied to use-case scenarios where the Products and Services do provide the necessary level of security and privacy protections. SUBSCRIBER’S AGREEMENT TO THIS PROVISION IS A MATERIAL CONDITION OF MAKING THE PRODUCTS AND SERVICES AVAILABLE TO SUBSCRIBER. In addition to any indemnity requirements in these Terms, Subscriber shall indemnify, defend and hold harmless Company, Company Affiliates and all of the directors, officers, managers, partners, employees, agents, representatives, heirs, successors and assigns of Company and each of Company’s Affiliates against all actions, claims, losses, penalties, fines, assessments, administrative costs, credit protection costs, damages and expenses (including reasonable attorneys’ fees) arising out of Subscriber’s violation of the provisions of this section, caused in whole or in part by any act or omission of Subscriber, or of anyone employed by or acting as a subcontractor, representative or agent of Subscriber. Any limitation on liability set forth in the terms of the Basic Services Agreement or any other agreement between Company or its Affiliates and Subscriber shall not apply to Subscriber’s liability under this provision.
The California Data Protection Act (Cal. Civ. Code §§ 1798.83), also known as S.B. 27 “Shine the Light Law”, applies to a business that owns or retains California residents’ personal information and, requires such business to disclose to its California customers, upon request, the identity of any third parties to whom the business has disclosed personal information within the previous calendar year, along with the type of personal information disclosed, for the third-parties’ direct marketing purposes.
A business subject to California Business and Professions Code Section 22581 and the Privacy Rights for California Minors in the Digital World Act (Cal. Bus. & Prof. Code §§ 22580-22582) must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal or other forms of anonymization of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be so removed.
Our Products and Services do not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.
If you are a California resident and would like to make such a request, email or contact us at marketing@esi-estech.com.
ESI leverages proprietary and trusted third-party AI technologies to provide services and features to our Clients. These include AI intelligence features such as conversational intelligence, productivity and efficiency enhancements for the workplace, as well as sales and usage intelligence. For example, ESI can generate summaries and highlights from recorded calls, and create action items and next steps, providing a seamless experience for call participants. For our events-focused services, ESI leverages AI to assist event hosts in creating descriptions of the events and organizing questions and answers.
Artificial Intelligence
ESI is committed to an AI program that supports and develops trustworthy AI. Below are the core ESI principles for trustworthy AI and how we align with each:
AI Models and Customer Data
ESI may use proprietary and/or third-party AI models to provide ESI’s AI features. ESI AI uses:
Third-Party Vendors
We contract only with third-party service providers that provide equivalent levels of data protection and security as we provide. We do not permit our third-party vendors to use Client or Subscriber data to train or improve the third-party’s AI underlying models. This includes AI functionalities or features, such as analyzing the transcript of a recorded call to generate a sentiment (tone, attitude) analysis.
Automated Decision-Making and Human Review
ESI AI products are designed to include human review of outputs for accuracy, and customers should not use outcomes or metrics generated by the service to make decisions, for instance, concerning employment, creditworthiness, buying decisions or insurability. Any high-risk information produced from AI should be validated.
Security
ESI is committed to security and maintains technical, organizational, and contractual safeguards to protect customers’ data processed by our services, including with AI capabilities. We apply the same security requirements for our AI products as we do for all our Products and Services.
ESI’s approach to AI and security focuses on these tenets:
ESI’s AI use requirements and restrictions cover proper licensing of AI solutions, what types of data may be used as inputs, scope of usage for AI system outputs internally, and use of source code from generative AI systems. With respect to training model restrictions, ESI’s AI systems development standards set forth restrictions around AI model training, including data used for training, proper recordkeeping, storage, and access restrictions. Furthermore, ESI implements operational security for access to and management of backend resources to prevent access to data by unauthorized personnel or modifications without permission.
Shared Responsibilities
Implementation of AI is a shared responsibility with our customers. While ESI has based the development of our services on the core principles for trustworthy AI as described above, customers also share a responsibility to use the products safely and securely, and to ensure human oversight into how the services are being used within their organization.
At ESI, we value the security and privacy of our Clients’ and Subscribers’ data and systems. We believe in fostering a collaborative environment where ethical hackers and security researchers can help us identify and address potential vulnerabilities in our products and services. We appreciate the contributions made by the security community to enhance the security of our offerings. If you have discovered a security vulnerability in any of our systems, we encourage you to report it to us responsibly, following the guidelines outlined in this Responsible Disclosure Statement.
What You Can Expect From Us
Legal Considerations
ESI acknowledges that, in some jurisdictions, vulnerability research and reporting may be subject to legal restrictions. We commit to handling all reports in good faith and will not initiate legal action against you if you comply with the guidelines mentioned in this Responsible Disclosure Statement.
By reporting a vulnerability to ESI, you agree to comply with the guidelines outlined in this statement and acknowledge that ESI reserves the right to update or modify this statement at any time.
Thank you for your commitment to responsible disclosure and your dedication to helping us improve the security of our products and services. We appreciate your cooperation.
ESI reserves the right to change this Privacy Policy at our discretion subject to business or legal requirements. You are advised to review and check this Privacy Policy from time to time and particularly before you provide personal information to ESI. Changes to this Privacy Policy are effective when they are posted on this webpage. By continuing to use our Products and/or Services you are agreeing to be bound by any changes or revisions made to this privacy policy.
If you have any questions, comments, or concerns regarding our Privacy Policy or practices, please contact us at:
ESI
3701 East Plano Parkway, Ste 300
Plano, TX 75074
Email: marketing@esi-estech.com
Other ESI legal documents can be found at https://www.esi-estech.com/legal.
ESI Version 0455-0232-B
We adhere to Google OAuth API Scopes to safeguard your data. Our requests for access are limited to Google-approved application types, and any data we collect is solely for the purpose of enhancing your user experience and improving our features. Your data is not shared without your explicit consent, except when necessary for security, legal compliance, or during company transitions, with your prior approval. Your data is only accessed by humans when required for security or legal reasons or with your explicit permission. We do not sell or misuse your data for advertising, credit assessment, or lending purposes. Our team is dedicated to upholding these principles and maintains robust security measures, including annual security assessments. Your data security is our top priority.
Any use and sharing of information obtained from Google APIs to other applications are subject to Google API Services User Data Policy, including the Limited Use requirements.
Estech Systems, Inc (ESI)
3701 E. Plano Parkway, Ste. 300
Plano, TX 75074-1819
P: 972-422-9700 | F: 972-422-9705