Default Tenant privacy policy
Effective date: August 27, 2025 · Updated for branded tenants
Overview
Default Tenant is a privacy-first verification service. We only collect the minimum information required to approve or deny a call and never sell or share your data with third parties. This policy outlines what we collect, how it is used, and the controls available to you.
Information we collect
Required information
- Caller name for identity display to the recipient.
- Caller phone number to link the verification request.
- Reason for calling so recipients have context.
Optional information
- Voice message (3-12 seconds) if the caller records one.
- Device and browser metadata for security auditing.
How we use your information
- Generate and manage verification passes (vPasses).
- Send notifications to recipients over SMS or WhatsApp.
- Prevent abuse via rate limiting and anomaly detection.
- Maintain hashed audit logs for debugging and compliance.
Privacy-first design
- Phone number hashing: All identifiers are hashed in logs and analytics pipelines.
- Automatic voice deletion: Voice uploads are purged within 24 hours of verification.
- Temporary vPasses: Access expires automatically after the granted scope (30 minutes–30 days).
- No tracking pixels: We do not load ads, marketing pixels, or analytics SDKs.
Data retention
| Data type | Retention period | Purpose |
|---|
| Voice recordings | 24 hours | Deleted automatically to honor caller privacy. |
| Verification attempts | 24 hours | Supports duplicate detection and rate limiting. |
| Expired vPasses | 30 days after expiration | Allows audit trails for enterprise tenants. |
| System logs (hashed) | 30 days | Security monitoring, anomaly investigation. |
International data transfers
Infrastructure is provisioned in US regions by default. If your enterprise contract requires regional isolation, Default Tenant provisions dedicated data stores within specified regions and scopes all analytics exports to that geography.
Your rights
- Request a copy or deletion of verification records.
- Opt out of SMS notifications from the verification flow.
- Limit retention to the minimum scope allowed under your contract.