title: Privacy Policy description: How D Line by Davinci Tech Solutions collects, uses, and protects your data. lastUpdated: 2026-06-05

Privacy Policy

Effective Date: June 5, 2026

Davinci Tech Solutions ("we," "us," "our," or "Company") operates D Line, a cloud-based VoIP softphone application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service across iOS, Android, macOS, Windows, and web platforms.

Support Contact: support@davincitechsolutions.com

Important — Emergency 911 Notice: D Line is an interconnected VoIP service. It may not reliably connect you to emergency services (911). For full details on limitations, how to register your address, and what to do in an emergency, read our E911 Notice before using the Service.

1. Information We Collect

1.1 Account Information

When you create a D Line account, we collect:

• Your name, email address, and phone number
• Password (encrypted using bcrypt; we do not store plaintext passwords)
• Organization/tenant affiliation
• User role and permissions within your organization

1.2 Telephony and Call Data

• Phone Numbers: Direct Inward Dial (DID) numbers leased from carriers (Telnyx, Twilio)
• Call Detail Records (CDR): Timestamp, duration, calling party, called party, call status, and billing information
• Call Recordings: Only collected if your organization enables recording; stored separately with encryption at rest
• SMS/MMS: Message body and attached media URLs when messaging features are enabled

1.3 Voice and Media

• Real-time Audio: RTP (Secure Real-time Transport Protocol) streams are transmitted live during calls but not stored unless recording is explicitly enabled
• SDP Signaling: Session description protocol information exchanged for call setup (codec negotiation, device capabilities)
• Microphone Access: Required to transmit your voice during calls; we request explicit permission via your device

1.4 Push Notification Tokens

• iOS: Apple Push Notification service (APNs) tokens for incoming call routing
• Android & Web: Firebase Cloud Messaging (FCM) tokens and device identifiers
• Purpose: To deliver incoming call notifications when the app is in the background or not running

1.5 Crash and Error Telemetry

• Sentry Integration: We automatically collect crash reports and error diagnostics
• Data Included: Stack traces, device type, OS version, app version
• Data Excluded: Phone numbers, credentials, and message content are scrubbed before transmission
• Opt-out: Contact support@davincitechsolutions.com to disable telemetry

1.6 Device and Usage Information

• Device type, operating system, app version, and locale
• IP address and connection type (to optimize media quality)
• Usage analytics: feature adoption, call frequency, session duration (non-call-specific)

2. How We Use Your Information

2.1 Service Delivery

• Authenticate your identity and manage your account
• Establish and maintain SIP sessions for calling and messaging
• Route incoming calls and notifications to your device
• Generate accurate call records and billing

2.2 Security and Compliance

• Detect, prevent, and investigate fraud or abuse
• Enforce our Terms of Service and legal agreements
• Retain call records to comply with U.S. telecommunications regulations
• Respond to lawful requests from government agencies

2.3 Service Improvement

• Aggregate usage metrics to identify performance issues
• Improve audio quality, call routing, and reliability
• Debug technical issues via crash reports
• Train machine learning models on anonymized, non-call data

2.4 Communication

• Send service-related notifications (account changes, billing alerts, security warnings)
• Support inquiries via email or in-app messaging
• We do not send marketing emails without explicit opt-in

3. Legal Basis for Processing (GDPR & CCPA)

3.1 GDPR (European Union)

We process personal data based on:

• Contract: Processing necessary to provide the Service to you
• Legal Obligation: Retention of CDR for telecommunications compliance
• Legitimate Interests: Security, fraud prevention, service improvement
• Consent: Optional crash telemetry and analytics (opt-in only)

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion (subject to legal retention requirements)
• Restrict or object to processing
• Data portability
• Lodge a complaint with your national data protection authority

3.2 CCPA / CPRA (California)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, and shared
• Request deletion of personal information (subject to exceptions)
• Correct inaccurate personal information
• Opt-out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Non-discrimination for exercising your privacy rights
• Limit use of sensitive personal information

We do not sell or share personal information for cross-context behavioral advertising. We also honor Global Privacy Control (GPC) signals. When our web services detect a GPC opt-out signal from your browser, we treat it as a "do not sell or share" instruction for that session and any subsequent visits from that browser.

To submit a request, email support@davincitechsolutions.com with your name, account email, and specific request.

3.3 Other U.S. State Privacy Rights

Residents of the following states have rights similar to those described above (access, correction, deletion, portability, opt-out of profiling) under their respective state laws:

• Virginia (VCDPA): Right to access, correct, delete, and opt out of targeted advertising and profiling
• Colorado (CPA): Right to access, correct, delete, opt out of targeted advertising and profiling
• Connecticut (CTDPA): Same rights as Virginia; we will respond within 45 days, with one 45-day extension where permitted
• Texas (TDPSA): Right to access, correction, deletion, and opt out of the processing of sensitive data

For all other states with active privacy statutes, we extend comparable rights to the extent required by applicable law. To exercise any of these rights, email support@davincitechsolutions.com with your state of residence and specific request.

4. Data Retention

| Data Category | Retention Period | Reason | |---|---|---| | Account information | Duration of contract + 30 days | Service continuity and wind-down | | Call Detail Records | 18 months minimum (FCC); up to 7 years (state/contractual) | U.S. telecom regulatory requirement — jurisdiction-dependent | | Call Recordings | 90 days (configurable by organization) | Storage cost optimization | | Crash/error reports | 30 days | Debugging and security investigation | | Push notification tokens | While device is registered | Incoming call delivery |

Deleted data is purged from our primary databases within 30 days and from backups within 180 days.

Note on CDR retention: The FCC mandates a minimum 18-month retention period for call detail records. State utility commissions and enterprise contracts may require longer retention — up to 7 years in some jurisdictions. We apply the longer period where required.

5. Third-Party Data Processors

We share data with the following processors under Data Processing Agreements (DPA):

5.1 Telecommunications Carriers

• Twilio: PSTN voice and SMS routing, DID management, emergency calling
• Telnyx: PSTN voice and SMS routing, DID management
• SignalWire: PSTN messaging
• Purpose: Interconnection with public telephone networks
• Data: CDR, phone numbers, message metadata

5.2 Cloud Infrastructure

• Hetzner (Germany): Primary PostgreSQL database hosting and compute (EU-based)
• Cloudflare R2: Call recording storage (EU and global regions, depending on tenant configuration)
• Purpose: Reliable, scalable, encrypted infrastructure
• Data: Encrypted at rest and in transit

5.3 Push Notification Services

• Apple APNs: Token registration and push delivery for iOS devices
• Google Firebase Cloud Messaging (FCM): Token registration and push delivery for Android and web
• Purpose: Incoming call notifications
• Data Shared: Device token (opaque identifier), call metadata (caller, timestamp)

5.4 Payment Processing

• Stripe: PCI-DSS Level 1 payment processor for subscription billing
• Data: Billing name, email, last-4 digits of payment method
• DPA: Stripe's Data Processing Addendum applies

5.5 Error Reporting

• Sentry: Crash report aggregation and analysis
• Data: Scrubbed stack traces, device info, app version (no PII — phone numbers, credentials, and message content are removed before transmission)

5.6 AI Features (conditional)

• Anthropic (Claude API): Used when a tenant enables the AI module for AI-assisted features
• ElevenLabs: Used when a tenant enables voice synthesis features
• Data: Only text or audio snippets passed by the tenant's configuration; no transmission occurs if the module is disabled
• DPA: Vendor-specific data processing terms apply

6. Call Recording Disclosure

Recording is off by default and must be explicitly enabled by your organization's administrator.

When recording is enabled:

• A per-call disclosure UI is surfaced to participants where technically feasible
• Recording status is visible in the D Line interface

Multi-party consent requirements: Calls that touch the following U.S. states require the consent of all parties to the call before recording (all-party or two-party consent states): California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Pennsylvania, and Washington. Equivalent requirements exist in EU member states and other jurisdictions.

Customer responsibility: The customer (tenant administrator) is responsible for obtaining all legally required consents before enabling recording. D Line surfaces disclosure UI but does not independently verify that consent has been obtained. We accept no liability for a tenant's failure to comply with applicable recording laws.

7. Encryption and Security

7.1 In Transit

• TLS 1.2 or higher: All signaling (SIP, HTTP API) encrypted
• SRTP/DTLS-SRTP: Media encryption when supported by the device

7.2 At Rest

• Passwords: Bcrypt hashing with salt
• Recordings: AES-256 encryption in storage
• Database: Encrypted volume via infrastructure provider

7.3 Security Measures

• Regular security audits by third-party firms
• Intrusion detection and threat monitoring
• Automatic encrypted backups
• Access controls and role-based permissions

Limitation: Real-time media is encrypted end-to-end when both parties support SRTP. The SIP signaling server temporarily processes call metadata in plaintext to route calls. We do not store plaintext call content.

8. Children and Young People

United States: D Line is not directed to individuals under 18 years of age. We do not knowingly collect personal data from persons under 18.

European Union and United Kingdom: In accordance with GDPR and the UK Age Appropriate Design Code, we do not knowingly process personal data of children under 16 without parental or guardian consent.

If we become aware that a minor has provided personal information, we will delete it promptly. Parents or guardians concerned about data collection should contact support@davincitechsolutions.com.

9. Your Privacy Rights

9.1 Access and Portability

You can request a copy of your personal data in a machine-readable format by emailing support@davincitechsolutions.com.

9.2 Correction and Deletion

• Correct inaccurate information via your account settings
• Request account deletion via our Delete Account page or by emailing support@davincitechsolutions.com
• A 30-day grace period applies after you request deletion — your account is suspended but not yet purged. You may restore your account during this window. After 30 days, data is permanently deleted from primary systems (backups purged within 180 days)
• Deletion is subject to legal retention requirements (CDR retention)

9.3 Opt-Out

• Crash Telemetry: Disable in app settings or contact support
• Marketing Email: Click "unsubscribe" or contact support
• Do Not Sell / GPC: We honor Global Privacy Control signals automatically; you may also email support
• Cookies: Manage via browser settings

9.4 Response Time

We will respond to verified requests within 30 days (45 days for CCPA requests, or 45 days with one extension for applicable state laws).

10. Cookies and Tracking

10.1 Essential Cookies

• Session ID: Maintains your login state
• CSRF Token: Prevents cross-site request forgery

10.2 Analytics Cookies

• Device identifiers and feature usage (anonymized)
• Opt-out: Disable in browser settings or contact support

10.3 Third-Party Cookies

• Stripe (payment processing): Fraud detection
• Sentry (error reporting): Session correlation

11. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including:

• Germany (Hetzner): Primary infrastructure — EU-based
• United States (Cloudflare R2, Sentry, Stripe, Twilio, Telnyx, Anthropic, ElevenLabs): Various services

Where transfers occur from the EU/EEA to countries without an adequacy decision:

• We ensure Standard Contractual Clauses (SCCs) are in place with each processor
• You may request a copy of the relevant SCCs by contacting support@davincitechsolutions.com

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or business practices. We will notify you of material changes via email or in-app notification at least 10 days before the change takes effect. Your continued use of D Line after the effective date constitutes acceptance.

Last Updated: June 5, 2026

13. Contact Us

For privacy inquiries, complaints, or to exercise your rights:

Davinci Tech Solutions Email: support@davincitechsolutions.com [CONFIRM: physical mailing address required by GDPR/CCPA — Davinci Tech Solutions, ___, USA]

For EU residents: You may lodge a complaint with your national data protection authority. For CA residents: You may contact the California Attorney General at oag.ca.gov. For other U.S. state residents: You may contact your state attorney general.