Privacy Policy
Last Updated: January 6, 2026
1. Data Controller
MinuteWise acts as the Data Controller for your personal information. Our payment processing is handled by Stripe, and our communication infrastructure is powered by Twilio.
2. Data Collection and Purposes
We process data under the following legal bases:
- Contractual Necessity: For routing calls and billing.
- Legal Obligation: For tax compliance and law enforcement requisitions.
- Legitimate Interest: For “Toll Fraud” detection and network security.
| Data Category | Retention Period | Storage Purpose |
|---|---|---|
| Account Info (Email, Name) | Duration of account + 3 years | Account management. |
| Metadata (CDRs) | 12 months to 10 years (per law) | Billing, disputes, and Twilio logs. |
| Audio Content | 0 seconds | Transmitted in real-time; never stored. |
| IP Logs | 12 months | Security and fraud prevention. |
3. International Transfers
MinuteWise and its sub-processors (Twilio, Stripe) may process data in the United States. We ensure compliance via the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).
We conduct regular Transfer Impact Assessments (TIA) to ensure your data is protected from unlawful foreign government access.
4. Privacy by Design (ePrivacy Compliance)
Real-time Processing: Audio streams are processed via WebRTC. MinuteWise does not record or “listen” to calls.
Metadata Minimization: We only retain the minimum traffic data necessary for billing and fraud detection as permitted under the ePrivacy Directive.
5. Payments and PCI DSS
All payment data is captured directly by Stripe via secure iframes. MinuteWise never touches, sees, or stores your credit card numbers. Stripe is a PCI-DSS Level 1 Service Provider.
6. Your Rights
Under the GDPR and the EU Data Act 2025, you have the right to access, delete, and port your data. You may request a machine-readable export of your Call Detail Records (CDRs) at any time through your dashboard.
7. Government Access to Data
In accordance with Article 11 of the EU Data Act, MinuteWise implements strict technical and legal barriers to prevent the non-EU access to non-personal data unless such access is requested through an international agreement (e.g., a Mutual Legal Assistance Treaty).