Privacy Policy

Last Updated: 11 April 2026

1. Introduction

This Privacy Policy explains how Netavo Global Data Services Ltd ("Netavo", "we", "us", or "our") collects, uses, discloses, and protects personal information when you use our hosted telephony platform, including our web administration portal and our mobile applications ("Beacon Softphone" and other branded softphone apps) published on Google Play and the Apple App Store (collectively, the "Services").

We provide business telephony services to organisations ("Customers"). If you are using the Services as an employee, contractor, or end user of a Customer, that Customer is the controller of your personal data and this policy operates alongside the Customer's own privacy notice. Netavo acts as a data processor on the Customer's behalf for communications data, and as a data controller for information we collect directly from you (for example, when you contact us).

By using the Services you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Services.

2. Information We Collect

2.1 Account and Identity Information

  • Name, email address, and telephone number
  • Organisation name and role
  • Authentication credentials (passwords are stored as salted hashes; we never store them in plain text)
  • SIP account credentials required for your device to register with our voice platform

2.2 Communications Data

  • Call metadata: calling and called numbers, call start and end times, duration, direction, outcome, and routing information
  • Call recordings, when recording is enabled for your account by your administrator
  • Voicemail messages and transcriptions, where those features are enabled
  • Message content and delivery metadata for SMS and in-app messaging, where those features are used

2.3 Device and Technical Information

  • Device model, operating system and version, and app version
  • IP address, network type, carrier, and general location derived from IP (city/country level only — we do not collect GPS location)
  • Push notification tokens (FCM on Android, APNs/PushKit on iOS) used to deliver incoming-call notifications
  • Crash reports, performance telemetry, and diagnostic logs to help us maintain service quality

2.4 Information From Device Permissions

Our mobile applications request the device permissions listed in section 3. Data accessed under those permissions is used solely to deliver the features described and is processed on your device. We do not upload your contacts, camera images, or microphone audio to our servers except as strictly required to place or receive a call, as described below.

3. Mobile App Permissions

The following table lists every permission our mobile applications may request, why we request it, and how the data is used. Permissions are requested only when the related feature is used. You can revoke any permission at any time in your device settings, although doing so may disable the related feature.

3.1 Android Permissions

Permission Purpose
INTERNET, ACCESS_NETWORK_STATE Required to connect to our SIP and API servers, and to detect changes in network connectivity so calls can be maintained or re-registered.
RECORD_AUDIO, MODIFY_AUDIO_SETTINGS Required to capture your voice and manage audio routing during voice calls. Audio is streamed in real time to the other party via our SIP/media servers and is not stored unless call recording has been explicitly enabled for your account.
USE_SIP, CALL_PHONE, MANAGE_OWN_CALLS, BIND_TELECOM_CONNECTION_SERVICE Required to place and receive VoIP calls through the Android telecom framework so incoming calls appear in the native call UI and integrate with the device's call state.
READ_PHONE_STATE Used to detect when a native cellular call starts or ends so we can pause or resume VoIP audio and avoid audio conflicts. We do not read your phone number, SIM, or call log with this permission.
READ_CONTACTS Used, only if you choose to enable it, to look up names for numbers you dial or receive calls from, and to let you pick contacts when placing a call. Contact data is read on-device and is not uploaded to our servers.
CAMERA Used exclusively to scan QR codes during one-touch account provisioning. The camera is activated only on the QR scanner screen and is released immediately after. Camera frames are processed on-device and are never transmitted, uploaded, or stored.
POST_NOTIFICATIONS, VIBRATE, USE_FULL_SCREEN_INTENT Required to display incoming-call notifications, ringtones, and full-screen incoming-call UI on the lock screen.
FOREGROUND_SERVICE, FOREGROUND_SERVICE_PHONE_CALL, FOREGROUND_SERVICE_MICROPHONE, WAKE_LOCK Required so that an active call continues running reliably in the background and so the device does not sleep mid-call.
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Used, with your explicit consent, to ask Android to exempt the app from aggressive battery optimisation so incoming call notifications are not delayed or suppressed.
RECEIVE (Google Cloud Messaging / FCM) Required to receive incoming-call push notifications from Firebase Cloud Messaging.

3.2 iOS Permissions

Permission Purpose
Microphone (NSMicrophoneUsageDescription) Required to capture your voice during calls. Audio is streamed in real time to the other party and not stored unless call recording is explicitly enabled for your account.
Contacts (NSContactsUsageDescription) Optional. Used to look up names for known numbers and let you pick contacts when placing calls. Contact data is read on-device and not uploaded.
Camera (NSCameraUsageDescription) Used exclusively to scan QR codes during account provisioning. Camera frames are processed on-device only and never transmitted or stored.
Local Network (NSLocalNetworkUsageDescription) Required by the VoIP stack to establish local network sockets used for SIP and RTP media.
Speech Recognition (NSSpeechRecognitionUsageDescription) Used, where enabled, to process in-call voice commands. Speech recognition is performed by Apple's on-device speech framework.
Bluetooth (NSBluetoothAlwaysUsageDescription) Used to route audio to Bluetooth headsets during a call. We do not scan for or track other nearby Bluetooth devices.
Push Notifications & VoIP Push (APNs / PushKit) Required to deliver incoming-call notifications and wake the app to present the native call UI.

4. How We Use Your Information

We use the information described above for the following purposes:

  • To register your device with our SIP infrastructure and place and receive calls
  • To route, connect, and bill calls and messages
  • To authenticate you and secure your account
  • To deliver incoming-call push notifications
  • To provide features such as contact lookup, QR code provisioning, voicemail, and call recording (where enabled)
  • To monitor, diagnose, and improve reliability, performance, and security
  • To detect and prevent fraud, abuse, and violations of our acceptable use policy
  • To comply with legal, regulatory, and lawful interception obligations applicable to telecommunications providers
  • To respond to your support requests and communicate important service notices

5. Legal Bases for Processing (UK / EU)

If you are located in the United Kingdom, European Economic Area, or Switzerland, we process your personal data on the following legal bases:

  • Contract — processing necessary to provide the Services to you or to the Customer you represent.
  • Legitimate interests — to maintain, secure, and improve the Services, prevent fraud and abuse, and administer our business, where those interests are not overridden by your rights.
  • Legal obligation — to comply with telecommunications, tax, anti-fraud, and other laws we are subject to.
  • Consent — for optional features that require your explicit permission, such as contact access or call recording where applicable. You may withdraw consent at any time.

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following categories of recipient, and only as needed to deliver the Services:

  • Your organisation (Customer) — administrators of the Customer account may access call records, user data, and usage reports relating to users on their tenant.
  • Interconnect carriers — to deliver your calls to and from the public telephone network, we pass signalling and media information to upstream SIP carriers.
  • Cloud infrastructure providers — Microsoft Azure and similar providers host our servers, databases, and blob storage (including call recordings and prompt audio).
  • Push notification services — Google Firebase Cloud Messaging (Android) and Apple Push Notification Service / PushKit (iOS) are used to deliver incoming-call notifications.
  • Analytics and crash reporting — we use Google Firebase Analytics and crash reporting to monitor app stability and usage. This data is pseudonymous and is used only to improve the Services.
  • Payment and billing providers — where applicable, to process payments made to Netavo.
  • Law enforcement and regulators — where we are legally required to disclose information, for example in response to a valid court order, production notice, or lawful interception request.
  • Professional advisers — our lawyers, auditors, and insurers, where necessary and under a duty of confidentiality.

7. International Data Transfers

Our primary infrastructure is hosted in the United Kingdom and the European Union. Some third-party service providers (for example, Firebase and Apple Push Notification Service) may process data in the United States or other countries. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision.

8. Data Storage and Security

We apply industry-standard technical and organisational measures to protect your personal data. These include encryption in transit (TLS for API traffic and SRTP where supported for media), encryption at rest for stored audio files and database backups, role-based access controls, audit logging, and regular security reviews. No method of electronic transmission or storage is perfectly secure, but we take reasonable steps to protect your data from unauthorised access, loss, or misuse.

9. Data Retention

We retain personal data for as long as we need it to provide the Services and to meet legal, accounting, and regulatory obligations:

  • Account data — retained for the life of the account and for a reasonable period afterwards for dispute resolution and legal compliance.
  • Call metadata and billing records — retained for up to six years to meet telecommunications and tax retention requirements.
  • Call recordings and voicemail — retained according to the retention period configured by your organisation, and deleted automatically once that period elapses.
  • Diagnostic logs and crash reports — retained for up to 90 days for troubleshooting.

When data is no longer needed, we securely delete or anonymise it.

10. Your Rights

Depending on where you live, you may have the following rights over your personal data:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data ("right to erasure")
  • Restrict or object to certain processing
  • Receive a copy of your data in a portable format
  • Withdraw any consent you previously gave
  • Lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office at ico.org.uk)

If you use the app as part of an organisation's account, please contact your organisation's administrator first, as they control your user account. You can also contact us directly using the details in section 14 and we will work with your organisation to honour valid requests.

11. Children's Privacy

The Services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Tracking, Advertising, and Analytics

We do not use the Services to deliver third-party advertising, and we do not sell or share your data with advertisers. We use only first-party analytics and crash reporting strictly to operate, secure, and improve the Services. Our mobile apps do not implement the iOS App Tracking Transparency framework because we do not track you across other companies' apps and websites.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last Updated" date at the top of this page and, where appropriate, notify you in the app or by email. Your continued use of the Services after changes take effect means you accept the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise any of your rights, or wish to raise a concern, please contact us at:

Netavo Global Data Services Ltd
Email: privacy@netavo.com
Post: Data Protection, Netavo Global Data Services Ltd, United Kingdom

Return to Home