TokBox uses cookies to personalize content and make our site easier for you to use. If you proceed, you accept the use of cookies.Learn More
TRUSTe

Privacy Policy

Effective 29 March 2018

Compliance Certification Programs

TokBox is committed to helping our customers support their regulatory compliance requirements. Our Information Security Risk Management Program is built on a solid foundation of widely-accepted frameworks for Information Security and Risk Management, including ISO and NIST. Independent audits from the AICPA attest to the integrity of our compliance with specific regulatory mandates, including EU-U.S. Privacy Shield Framework, SOC2, PCI-DSS, GDPR, and HIPAA.

TokBox adheres to Fair Information Practice Principles of notice, choice, access, security, and enforcement.

Notice

TokBox provides customers and web site visitors with notice of our information practices before collecting their personal information.

TokBox knows that you care about how your information is used and shared, and takes data privacy seriously. This Privacy Policy describes our current policies and practices with regard to data collected by us and by third parties on our behalf.

Founded in 2007, TokBox provides Platform-as-a-Service (PaaS) for embedding video, audio, and chat communications into websites, mobile applications and native apps on its OpenTok platform. It is a wholly owned subsidiary of the Telefonica Group and is headquartered in the USA at 501 Second Street, Suite 310, San Francisco CA 94107.

The term "TokBox," when used in this Privacy Policy, means TokBox, Inc. and its subsidiaries, divisions, branches, affiliates or companies under the control of TokBox, Inc.

This Privacy Policy covers natural persons who visit our websites, users who register on the OpenTok Dashboard, TokBox customers, TokBox employees, and TokBox third-party vendors.

Choice

TokBox provides customers and web site visitors with options for how TokBox collects and uses their personal information. Web site visitors may opt-in to specific marketing communications and opt-out at any time.

Customers can modify account contact information, configure platform preferences, and close their TokBox account.

Access

Upon request, Tokbox will provide you with information about whether we hold any of your personal information. TokBox enables customers and web site visitors with the ability to access and correct personal information we have collected. If you have any concerns or suspect unauthorized activities associated with your account, please contact us at support@tokbox.com. We will respond to your request within a reasonable timeframe.

TokBox acknowledges that you have the right to access your personal information. If you are a person who uses an application or website that incorporates the TokBox Platform, then TokBox has no direct relationship with you and your data that it processes. In such case, if you seek to access, correct, amend, or delete data, you should direct your query to TokBox’s Client (the data controller). If you are a person who has signed up directly with TokBox for the use of the TokBox Platform and you seek to access, correct, amend, or delete data, you should direct your query to TokBox. If requested to remove data under either scenario, we will respond within a reasonable timeframe.

Security

TokBox exercises managerial and technical safeguards designed to protect against the loss or unauthorized use or disclosure of personal information belonging to our customers and web site visitors. These safeguards include: encryption, malware protection, logical and physical access controls, and detection of social engineering attacks.

It is our customer’s responsibility to ensure authorized access to personal information by selecting and protecting your password appropriately and limiting access to your OpenTok resources.

Enforcement

TokBox monitors and reviews security safeguards and takes corrective action whenever we discover deviations from our Privacy Policy.

Data Classifications

Personal Data means any information relating to an identified or identifiable natural person. Sensitive Personal Data is Personal Data comprised of an individual's financial account number, social security number, driver's license number or other government-issued identification number, financial account password or PIN, mother's maiden name, answers to security questions, or other Personal Data that allows access to financial accounts, or that can be used to facilitate identity theft, as well as any other special category of Personal Data such as biometric, genetic or health data, data concerning sex life or sexual orientation, racial or ethnic origin, data concerning a person’s political opinions, religious beliefs, membership in trade unions or criminal history.

Confidential Data is any proprietary data which is not in the public domain, and/or, data which is controlled by its owner and requires explicit permission to access, store, process, or transfer.

End User Data is data provided by End Users in connection with the TokBox Services.

Customer Data is data provided by Customer to TokBox in connection with the TokBox Services. Customer Data may be Personal Data, Sensitive Personal, End User Data or Confidential Data. Agreements between TokBox and TokBox customers specify how Customer Data and End User Data is processed, transferred, and stored.

With respect to data protection legislation TokBox may be a Data Controller or a Data Processor. TokBox is a Data Controller with respect to data provided by website visitors and, customer contact and billing information, and TokBox employees.

Collection of Data:

TokBox groups all user data into 2 main categories for the purposes of informing on the use, retention periods and user configurable options available.

  • Part A: Visitors to our website
  • Part B: Customers of TokBox

Specific details about each are listed below, which is followed by additional explanatory information on collection practices and data transfers.

Part A - Website Visitors

Data we collect about website visitors: what, where, when, and why

WhatWhereWhenWhy
Web log data (IP addresses, cookies)TokBox Public WebsiteYou visitTo provide, maintain, tailor and improve our website and service
Information you submit through web forms, buttons, hyperlinks, etc.Social media sites (Facebook, LinkedIn, etc)You visitCareer search, follower updates, etc.
Demographic marketing informationReceived from third partiesVerifying accuracy of data providedTo enable us to provide a personalized service to you.

Data retention periods for website visitor information

WhatWhereRetention Period
Web log data (IP addresses, cookies)Server logs7 days
Information you submit through web forms, buttons, hyperlinks, etc.Social media sites6 years
Demographic marketing information

Aggregated in the TokBox analytics infrastructure used for analyzing and improving marketing campaigns.
Analytics data repositoryIndefinitely

User-Configurable Options for Processing or Sharing Personal Data

Reasons to share your personal informationOptions
Marketing Communications: Special promotional offers for products and services provided or endorsed by TokBox or our partners sales@tokbox.com
Options for managing your personal informationOptions
Marketing Communications: Removal from all communicationsunsubscribe@tokbox.com
Removal of Personal Information:
Request to be forgotten **
support@tokbox.com
Filing a Complaint: Complaints about our Privacy Policy or non-resolved privacy issuessupport@tokbox.com

** TokBox is required to maintain records of consent and requests for correcting or deleting personal information for 6 years.

Part B - Customers of TokBox

Data we collect about customers: what, where, when, and why

WhatWhereWhenWhy
First and Last Name, Postal Address, Email Address, Telephone Number and Payment TypeDashboardYou purchase products or servicesTo verify your identity for protection of TokBox staff, customers, website visitors, or the public as required or permitted by applicable law.
Credit cardholder informationPCI-compliant payment processing vendorYou purchase products or servicesFor our billing system
Technical information you submit through forms, email, etc.TokBox Support Forum, TokBox Developer Blog, GitHub Pull RequestsYou explicitly give permission by posting your contentTo assist you in being more productive with OpenTok
Service NotificationsEmail or DashboardWe update your purchased products and servicesTo inform you about service updates and faults, request feedback or participation in online surveys, and to publish legal notices, such as this Privacy Policy

Data retention periods for customer information

WhatWhereRetention Period
All data submitted voluntarily associated with customer account, such as: name, email address, physical address, phone numberDashboard3 years after account termination
Dashboard access log entries, such as: password, date, time, User ID, URL and source IP address
Logging of administrative changes to an account with TokBox will be stored for security purposes. This includes: company name, address, phone number, billing and tax related records
Dashboard3 years after account termination
Session Recordings
Our policy is to keep session recordings for the minimum time possible to securely and reliably deliver a recording to the customer’s preferred storage facility.
TokBox Cloud Temporary Storage

TokBox Recording Server
72 hours

2 hours
IP addresses Server logs7 days
Operational metrics

Aggregated in the OpenTok Analytics infrastructure used for analyzing and improving operational health
Analytics data repositoryIndefinitely
Platform access

Entries will be maintained, containing date, time, operation performed (connect, publish, etc).
Server Security Audit Logs3 years
API TrafficServer API application log analyticsOverwritten after shipping
Control/messaging trafficServer messaging application log analyticsOverwritten after shipping
Media Server Logs call quality metrics (packet loss, bitrates) stream state (added, removed, archived) number of subscribersServer Media Application Log AnalyticsOverwritten after shipping

User-Configurable Options for Processing or Sharing Personal Data

Reasons to share your personal informationOptions
Customer Notifications:
We may receive correspondence from you in connections with our Web Site and our services, including questions you may have about this Privacy Policy, customer support interactions or other matters.
support@tokbox.com
OpenTok Platform Notifications:
You may receive correspondence from us in connections with our Web Site and our services, including scheduled maintenance, changes to our Privacy Policy or Terms of Service, or security-related notifications.
Dashboard
Options for managing your personal informationOptions
Marketing Communications: Removal from all communicationsunsubscribe@tokbox.com
Correcting customer account informationDashboard or support@tokbox.com
Terminating your OpenTok Accountsupport@tokbox.com

** TokBox is required to maintain records of consent and requests for correcting or deleting personal information for 6 years.

Collection of Personal Data Through Social Media

Our Web Site includes hyperlinks to other websites including Social Media sites, such as Facebook, and interactive, third-party widgets we host on our Web Site. These features may collect information you submit voluntarily, or may set a cookie to enable functionality. TokBox is responsible for assuring its third-party vendors comply with our Privacy Policy and honor commitments to restrict information collection and usage exclusively for our stated purposes.

Online Collection of Additional Data

In addition to the information we collect as described above, we use technology to collect information about the use of our website and other sites you may visit. As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.

TokBox and its partners use cookies and other tracking technologies to analyze trends, administer the website, track users’ movements around the website, and to gather aggregated demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website.

TokBox may engage with a third party to either display advertising on our Web Site or to manage our advertising on other sites. Our third party partner may use cookies or similar tracking technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here, or if located in the European Union click here. Please note you will continue to receive generic ads. Our “Privacy By Design” initiative, requires users to give their permission by explicitly opting-in to marketing communications, and we strongly encourage users to take advantage of the numerous benefits provided by our OpenTok platform and our partner eco-system.

Collection of Personal Data About Other People

It is our customer’s responsibility to obtain the EXPRESS CONSENT of individual Data Subjects (for example, your family members, co-workers, or customers) to transfer their Personal Data to TokBox as a Data Processor and/or Data Importer. TokBox processes all such information in accordance with the terms of our Data Processing Agreements, applicable law and/or this Privacy Policy.

Transfer of Personal Data

TokBox’s headquarters in the United States is our primary location for business operations. In addition, TokBox maintains a presence in the in the United Kingdom, European Union, Australia and Brazil. Servers hosting the OpenTok platform are located in the United States, UK, EU, Asia, and other geographic regions.

In order to provide you with the information, products, or services you have requested, Personal Data may be transferred or shared with other companies within our family of companies, including those third-party vendors who act on our behalf, process Personal Data in accordance with the purposes for which the data was originally collected, or for purposes to which Data Subjects have subsequently consented. Our Privacy Policy, supported by model contract agreements and safeguards for data governance, are designed to provide equivalent data protection for all customers wherever they may reside.

For example, regarding normal business operations, TokBox may engage a third party to support our billing, support services, information technology, or mailings on our behalf.

We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety, or the safety of others, investigate fraud, or respond to a government request.

International Transfer of Personal Data

TokBox protects personal information in accordance with Fair Information Practice PrinciplesGeneral Data Protection Regulations (GDPR), and applicable law pertaining to residents of any country where personal data is shared.

All personal data received from European Union (EU) member countries are subject to the EU-U.S. Privacy Shield Framework, and to the Framework’s applicable Principles.

For example, when visitors access our public websites from any country outside the United States, personal information will be transferred across national boundaries. Customers who reside and conduct business outside the United States, enter into contractual agreements with TokBox to provide products and services which may result in international data transfers.

TokBox provides an array of product and service offerings  designed to support regulatory requirements for the data protection of our customers and their interests.

EU-U.S. Privacy Shield

TokBox participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. TokBox is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List (https://www.privacyshield.gov/list)

TokBox is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. TokBox complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, TokBox is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, TokBox may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Changes to this Privacy Policy

TokBox may make changes to this Privacy Policy from time to time for any reason. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make any material changes or changes in the way we use information, we will notify customers via e-mail or by posting an announcement on the Web Site prior to the change becoming effective. Web Site users are bound by any changes to the Privacy Policy after such changes have been posted.

In the event that TokBox is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy. Account holders will be notified via email and/or a prominent notice on our Web Site of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

TokBox, Inc.
501 Second Street, Ste. 310
San Francisco, CA 94107
support@tokbox.com

Contact Sales