TokBox uses cookies to personalize content and make our site easier for you to use. If you proceed, you accept the use of cookies.Learn More
Dismiss
Dismiss
Dismiss
Effective 29 March 2018
TokBox is committed to helping our customers support their regulatory compliance requirements. Our Information Security Risk Management Program is built on a solid foundation of widely-accepted frameworks for Information Security and Risk Management, including ISO and NIST. Independent audits from the AICPA attest to the integrity of our compliance with specific regulatory mandates, including EU-U.S. Privacy Shield Framework, SOC2, PCI-DSS, GDPR, and HIPAA.
TokBox adheres to Fair Information Practice Principles of notice, choice, access, security, and enforcement.
TokBox provides customers and web site visitors with notice of our information practices before collecting their personal information.
TokBox knows that you care about how your information is used and shared, and takes data privacy seriously. This Privacy Policy describes our current policies and practices with regard to data collected by us and by third parties on our behalf.
Founded in 2007, TokBox provides Platform-as-a-Service (PaaS) for embedding video, audio, and chat communications into websites, mobile applications and native apps on its OpenTok platform. It is a wholly owned subsidiary of the Telefonica Group and is headquartered in the USA at 501 Second Street, Suite 310, San Francisco CA 94107.
The term "TokBox," when used in this Privacy Policy, means TokBox, Inc. and its subsidiaries, divisions, branches, affiliates or companies under the control of TokBox, Inc.
This Privacy Policy covers natural persons who visit our websites, users who register on the OpenTok Dashboard, TokBox customers, TokBox employees, and TokBox third-party vendors.
TokBox provides customers and web site visitors with options for how TokBox collects and uses their personal information. Web site visitors may opt-in to specific marketing communications and opt-out at any time.
Customers can modify account contact information, configure platform preferences, and close their TokBox account.
Upon request, Tokbox will provide you with information about whether we hold any of your personal information. TokBox enables customers and web site visitors with the ability to access and correct personal information we have collected. If you have any concerns or suspect unauthorized activities associated with your account, please contact us at support@tokbox.com. We will respond to your request within a reasonable timeframe.
TokBox acknowledges that you have the right to access your personal information. If you are a person who uses an application or website that incorporates the TokBox Platform, then TokBox has no direct relationship with you and your data that it processes. In such case, if you seek to access, correct, amend, or delete data, you should direct your query to TokBox’s Client (the data controller). If you are a person who has signed up directly with TokBox for the use of the TokBox Platform and you seek to access, correct, amend, or delete data, you should direct your query to TokBox. If requested to remove data under either scenario, we will respond within a reasonable timeframe.
TokBox exercises managerial and technical safeguards designed to protect against the loss or unauthorized use or disclosure of personal information belonging to our customers and web site visitors. These safeguards include: encryption, malware protection, logical and physical access controls, and detection of social engineering attacks.
It is our customer’s responsibility to ensure authorized access to personal information by selecting and protecting your password appropriately and limiting access to your OpenTok resources.
TokBox monitors and reviews security safeguards and takes corrective action whenever we discover deviations from our Privacy Policy.
Personal Data means any information relating to an identified or identifiable natural person. Sensitive Personal Data is Personal Data comprised of an individual's financial account number, social security number, driver's license number or other government-issued identification number, financial account password or PIN, mother's maiden name, answers to security questions, or other Personal Data that allows access to financial accounts, or that can be used to facilitate identity theft, as well as any other special category of Personal Data such as biometric, genetic or health data, data concerning sex life or sexual orientation, racial or ethnic origin, data concerning a person’s political opinions, religious beliefs, membership in trade unions or criminal history.
Confidential Data is any proprietary data which is not in the public domain, and/or, data which is controlled by its owner and requires explicit permission to access, store, process, or transfer.
End User Data is data provided by End Users in connection with the TokBox Services.
Customer Data is data provided by Customer to TokBox in connection with the TokBox Services. Customer Data may be Personal Data, Sensitive Personal, End User Data or Confidential Data. Agreements between TokBox and TokBox customers specify how Customer Data and End User Data is processed, transferred, and stored.
With respect to data protection legislation TokBox may be a Data Controller or a Data Processor. TokBox is a Data Controller with respect to data provided by website visitors and, customer contact and billing information, and TokBox employees.
TokBox groups all user data into 2 main categories for the purposes of informing on the use, retention periods and user configurable options available.
Specific details about each are listed below, which is followed by additional explanatory information on collection practices and data transfers.
Data we collect about website visitors: what, where, when, and why
| What | Where | When | Why |
|---|---|---|---|
| Web log data (IP addresses, cookies) | TokBox Public Website | You visit | To provide, maintain, tailor and improve our website and service |
| Information you submit through web forms, buttons, hyperlinks, etc. | Social media sites (Facebook, LinkedIn, etc) | You visit | Career search, follower updates, etc. |
| Demographic marketing information | Received from third parties | Verifying accuracy of data provided | To enable us to provide a personalized service to you. |
Data retention periods for website visitor information
| What | Where | Retention Period |
|---|---|---|
| Web log data (IP addresses, cookies) | Server logs | 7 days |
| Information you submit through web forms, buttons, hyperlinks, etc. | Social media sites | 6 years |
| Demographic marketing information Aggregated in the TokBox analytics infrastructure used for analyzing and improving marketing campaigns. | Analytics data repository | Indefinitely |
User-Configurable Options for Processing or Sharing Personal Data
| Reasons to share your personal information | Options |
|---|---|
| Marketing Communications: Special promotional offers for products and services provided or endorsed by TokBox or our partners | sales@tokbox.com |
| Options for managing your personal information | Options |
|---|---|
| Marketing Communications: Removal from all communications | unsubscribe@tokbox.com |
| Removal of Personal Information: Request to be forgotten ** | support@tokbox.com |
| Filing a Complaint: Complaints about our Privacy Policy or non-resolved privacy issues | support@tokbox.com |
** TokBox is required to maintain records of consent and requests for correcting or deleting personal information for 6 years.
Data we collect about customers: what, where, when, and why
| What | Where | When | Why |
|---|---|---|---|
| First and Last Name, Postal Address, Email Address, Telephone Number and Payment Type | Dashboard | You purchase products or services | To verify your identity for protection of TokBox staff, customers, website visitors, or the public as required or permitted by applicable law. |
| Credit cardholder information | PCI-compliant payment processing vendor | You purchase products or services | For our billing system |
| Technical information you submit through forms, email, etc. | TokBox Support Forum, TokBox Developer Blog, GitHub Pull Requests | You explicitly give permission by posting your content | To assist you in being more productive with OpenTok |
| Service Notifications | Email or Dashboard | We update your purchased products and services | To inform you about service updates and faults, request feedback or participation in online surveys, and to publish legal notices, such as this Privacy Policy |
Data retention periods for customer information
| What | Where | Retention Period |
|---|---|---|
| All data submitted voluntarily associated with customer account, such as: name, email address, physical address, phone number | Dashboard | 3 years after account termination |
| Dashboard access log entries, such as: password, date, time, User ID, URL and source IP address Logging of administrative changes to an account with TokBox will be stored for security purposes. This includes: company name, address, phone number, billing and tax related records | Dashboard | 3 years after account termination |
| Session Recordings Our policy is to keep session recordings for the minimum time possible to securely and reliably deliver a recording to the customer’s preferred storage facility. | TokBox Cloud Temporary Storage TokBox Recording Server | 72 hours 2 hours |
| IP addresses | Server logs | 7 days |
| Operational metrics Aggregated in the OpenTok Analytics infrastructure used for analyzing and improving operational health | Analytics data repository | Indefinitely |
| Platform access Entries will be maintained, containing date, time, operation performed (connect, publish, etc). | Server Security Audit Logs | 3 years |
| API Traffic | Server API application log analytics | Overwritten after shipping |
| Control/messaging traffic | Server messaging application log analytics | Overwritten after shipping |
| Media Server Logs call quality metrics (packet loss, bitrates) stream state (added, removed, archived) number of subscribers | Server Media Application Log Analytics | Overwritten after shipping |
User-Configurable Options for Processing or Sharing Personal Data
| Reasons to share your personal information | Options |
|---|---|
| Customer Notifications: We may receive correspondence from you in connections with our Web Site and our services, including questions you may have about this Privacy Policy, customer support interactions or other matters. | support@tokbox.com |
| OpenTok Platform Notifications: You may receive correspondence from us in connections with our Web Site and our services, including scheduled maintenance, changes to our Privacy Policy or Terms of Service, or security-related notifications. | Dashboard |
| Options for managing your personal information | Options |
|---|---|
| Marketing Communications: Removal from all communications | unsubscribe@tokbox.com |
| Correcting customer account information | Dashboard or support@tokbox.com |
| Terminating your OpenTok Account | support@tokbox.com |
** TokBox is required to maintain records of consent and requests for correcting or deleting personal information for 6 years.
Our Web Site includes hyperlinks to other websites including Social Media sites, such as Facebook, and interactive, third-party widgets we host on our Web Site. These features may collect information you submit voluntarily, or may set a cookie to enable functionality. TokBox is responsible for assuring its third-party vendors comply with our Privacy Policy and honor commitments to restrict information collection and usage exclusively for our stated purposes.
In addition to the information we collect as described above, we use technology to collect information about the use of our website and other sites you may visit. As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
TokBox and its partners use cookies and other tracking technologies to analyze trends, administer the website, track users’ movements around the website, and to gather aggregated demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website.
TokBox may engage with a third party to either display advertising on our Web Site or to manage our advertising on other sites. Our third party partner may use cookies or similar tracking technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here, or if located in the European Union click here. Please note you will continue to receive generic ads. Our “Privacy By Design” initiative, requires users to give their permission by explicitly opting-in to marketing communications, and we strongly encourage users to take advantage of the numerous benefits provided by our OpenTok platform and our partner eco-system.
It is our customer’s responsibility to obtain the EXPRESS CONSENT of individual Data Subjects (for example, your family members, co-workers, or customers) to transfer their Personal Data to TokBox as a Data Processor and/or Data Importer. TokBox processes all such information in accordance with the terms of our Data Processing Agreements, applicable law and/or this Privacy Policy.
TokBox’s headquarters in the United States is our primary location for business operations. In addition, TokBox maintains a presence in the in the United Kingdom, European Union, Australia and Brazil. Servers hosting the OpenTok platform are located in the United States, UK, EU, Asia, and other geographic regions.
In order to provide you with the information, products, or services you have requested, Personal Data may be transferred or shared with other companies within our family of companies, including those third-party vendors who act on our behalf, process Personal Data in accordance with the purposes for which the data was originally collected, or for purposes to which Data Subjects have subsequently consented. Our Privacy Policy, supported by model contract agreements and safeguards for data governance, are designed to provide equivalent data protection for all customers wherever they may reside.
For example, regarding normal business operations, TokBox may engage a third party to support our billing, support services, information technology, or mailings on our behalf.
We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety, or the safety of others, investigate fraud, or respond to a government request.
TokBox protects personal information in accordance with Fair Information Practice Principles, General Data Protection Regulations (GDPR), and applicable law pertaining to residents of any country where personal data is shared.
All personal data received from European Union (EU) member countries are subject to the EU-U.S. Privacy Shield Framework, and to the Framework’s applicable Principles.
For example, when visitors access our public websites from any country outside the United States, personal information will be transferred across national boundaries. Customers who reside and conduct business outside the United States, enter into contractual agreements with TokBox to provide products and services which may result in international data transfers.
TokBox provides an array of product and service offerings designed to support regulatory requirements for the data protection of our customers and their interests.
TokBox participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. TokBox is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List (https://www.privacyshield.gov/list)
TokBox is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. TokBox complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, TokBox is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, TokBox may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
TokBox may make changes to this Privacy Policy from time to time for any reason. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make any material changes or changes in the way we use information, we will notify customers via e-mail or by posting an announcement on the Web Site prior to the change becoming effective. Web Site users are bound by any changes to the Privacy Policy after such changes have been posted.
In the event that TokBox is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy. Account holders will be notified via email and/or a prominent notice on our Web Site of any change in ownership or uses of your information, as well as any choices you may have regarding your information.
TokBox, Inc.
