Viamo (“us”, “we”, or “our”) operates the https://viamo.io website (the “Service”).
Viamo recognizes to deliver calls and messages to the requested end users, and to serve end users with the appropriate content when they access Viamo voice and messaging services, we must process and store information that can identify them – most often, their phone number. Storing and processing personal data is an unavoidable and necessary part of delivering value to Viamo’s end users and partners. This overview outlines the data security and privacy measures that we have in place. If you have additional requirements, please don’t hesitate to get in touch to see if these can be accommodated.
At rest, the data that you collect with the Viamo Communications Platform (VCP) (including phone numbers and responses) is stored in a secure database in cloud infrastructure, protected with physical and network security, and encryption. When you are issued a Viamo username and password, this provides you with exclusive access to your own organization’s data. We use third-party security audits to maximize the security of our web application and architecture.
We encrypt all data during data transfer, both in transferring internally from our in-country local servers to our cloud, and when transferring data to you as the web application user (or API user). We use IPSEC VPN technology internally, and HTTPS with TLS within the web application. We use modern industry-standard encryption methods: 2048-bit keys and AES-128 ciphers.
Viamo has a GDPR Data Protection Officer (DPO) through a contract with TechGDPR, a Germany-based law firm that advises us on GDPR compliance. We can implement your project in compliance with GDPR and are happy to discuss the details upon request.
Your data is stored in two locations: temporarily on our in-country servers during data collection (and for up to 90 days after collection), and for the full data retention period in our Canada-based cloud infrastructure. Both locations are secured against physical and network access, and data is encrypted on disk. The EU recognizes Canada’s PIPEDA privacy legislation as adequate under GDPR, which means that we can transfer data into and out of Canada in compliance with GDPR and without additional approvals/consent required.
Viamo will never share your data with third parties, or use it for our own purposes, except with your express written consent. The one exception to this is that we reserve the right to use bulk anonymized data, aggregated across all accounts, to help us understand factors that affect mobile engagement, and advise all of our partners accordingly; for example, we would use this to analyze what times of day in a specific country are optimal for response rates.
Internally, a limited number of trained and authorized Viamo staff will have access to collected data, for the purpose of technical troubleshooting and customer support. All of these staff have received training and signed a confidentiality agreement to ensure they comply with the data protection measures described in this document.
We maintain daily and monthly off-site backups of your data. Daily backups are retained for 30 days, and monthly backups are retained for 2 years. These backups are replicated to multiple data centers to ensure disaster recovery and survivability.
There are multiple levels of privacy control available in the VCP:
You may choose to use our Permissions and User Roles feature to create a set of users that do not have access to personal data; this includes phone numbers and any subscriber-specific variables that you store. These users will not be able to see any personal data within the web application, or export this information. However, this data is maintained and stored securely so that other authorized users can still access it if required.
A stronger privacy mode is available on request for specific accounts, which maintains all personal data exclusively on Viamo’s in-country servers, and fully de-identifies all data stored in our cloud.
To permanently delete all information from your account from our servers, send a request to our support team authorizing us to do so. Note that the VCP allows you to download a copy of your data at any time through the user interface. If you need to retain your data, it is important that you do this prior to sending us a request to delete your data.
Depending on timing, it’s possible that information may be retained in our monthly database backup archives, which are stored for 2 years. This archived information is not accessible through any online methods or services.
An appropriate data protection and security strategy depends on the unique risks of each mobile communication project. Please don’t hesitate to get in touch should you require any additional data protection measures.
If you need more information or have additional requirements, please don’t hesitate to write to us to email@example.com.