Privacy Policy
Last Updated Date: June 4, 2025
Nexdial, Inc. (“Nexdial,” “we,” “us,” or “our”) is committed to protecting the privacy, security, and legal rights of all persons who interact with our AI-powered dialer platform, website, and related services (collectively, the “Services”). This Privacy Policy explains what information we collect, how we use and protect it, your legal rights, and the federal and state laws that govern our practices.
This Policy applies to: (i) users of the Nexdial platform; (ii) contacts and consumers reached through campaigns operated via our platform; and (iii) visitors to nexdial.com. By using our Services, you agree to the terms of this Policy.
1. Governing Legal Framework
Our data practices are designed to comply with all applicable federal and state laws, including:
1.1 Telephone Consumer Protection Act (TCPA) — 47 U.S.C. § 227
The TCPA governs automated telephone calls, prerecorded messages, and text messages to consumers. Key obligations that Nexdial and its customers must observe include:
- Prior express written consent is required before placing autodialed or prerecorded calls or texts to wireless numbers and residential lines for non-emergency purposes.
- Do Not Call (DNC) compliance: Nexdial maintains integration support for the National Do Not Call Registry. Platform customers are independently responsible for scrubbing contact lists against the National DNC Registry and any applicable state registries before initiating campaigns.
- Calling time restrictions: Calls may only be placed between 8:00 a.m. and 9:00 p.m. local time of the called party. Nexdial’s platform enforces configurable time-zone controls.
- Opt-out mechanisms: All calls must offer a clear and immediate opt-out option. Our platform logs and honors opt-out requests in real time.
- Identification: Every outbound call must identify the caller and provide a telephone number or address where the called party can reach the calling entity.
Important: Nexdial provides the technology infrastructure. Customers who initiate campaigns via Nexdial are independently responsible for obtaining valid prior express written consent from all parties before placing autodialed or prerecorded calls. Non-compliance by a customer does not transfer liability to Nexdial.
1.2 FCC Regulations & STIR/SHAKEN
The Federal Communications Commission (FCC) regulates interstate communications under the Communications Act of 1934, as amended. We comply with FCC rules including:
- STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs): All outbound calls placed via Nexdial’s infrastructure are authenticated using the STIR/SHAKEN framework as required by the TRACED Act and FCC Order 20-128. Full attestation (“A”) is provided where technically feasible. This reduces the likelihood of calls being labeled as “Spam Risk.”
- Caller ID accuracy: We prohibit the use of our platform to transmit misleading or inaccurate caller ID information. Spoofed caller IDs are strictly prohibited.
- Call blocking rules: Nexdial complies with FCC requirements governing call authentication and cooperates with the industry-wide efforts to combat illegal robocalls through SHAKEN/STIR certification with authorized certificate authorities.
1.3 Federal Trade Commission (FTC) — Telemarketing Sales Rule (TSR)
The FTC’s Telemarketing Sales Rule (16 C.F.R. Part 310) applies to telemarketing calls. Platform customers conducting telemarketing are independently responsible for TSR compliance, including:
- Maintaining company-specific internal DNC lists updated within 30 days of receipt of an opt-out.
- Honoring National DNC registrations (scrubbed no less than every 31 days).
- Providing accurate call identification, abandonment rate limits (no more than 3%), and prompt connection to a live agent after the called party answers.
1.4 Electronic Communications Privacy Act (ECPA) — 18 U.S.C. § 2510 et seq.
The ECPA restricts the interception and disclosure of wire and electronic communications. Nexdial records calls only where permitted by law and subject to the consent disclosures described in Section 4 of this Policy.
1.5 State Privacy & Wiretapping Laws
Several U.S. states impose additional obligations beyond federal law:
- California: The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents expanded rights including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We comply with all applicable CCPA/CPRA obligations. California also requires all-party consent for call recording under Penal Code § 632.
- Florida, Maryland, Connecticut, Washington, and other all-party consent states: Recording requires consent of all parties to a conversation. Our platform notifies all parties at the outset of a call if recording is active.
- State Do Not Call lists: Some states (e.g., Florida, Indiana, Texas) maintain their own DNC registries. Platform customers are responsible for scrubbing against applicable state lists.
- Illinois Biometric Information Privacy Act (BIPA): To the extent any AI voice features involve voiceprint or biometric identifiers, we comply with BIPA’s consent and retention requirements.
1.6 General Data Protection Regulation (GDPR) — EU 2016/679
For users and data subjects located in the European Economic Area (EEA), United Kingdom, or Switzerland, Nexdial complies with the GDPR as a data processor. We process personal data only on lawful bases (consent, legitimate interests, contractual necessity, or legal obligation) and provide data subjects with the rights described in Section 8 below. If you are an EEA resident, our Data Processing Agreement (DPA) is available upon request at support@nexdial.com.
1.7 Children’s Online Privacy Protection Act (COPPA)
Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will delete it promptly. If you believe we have received personal data from a child, please contact support@nexdial.com.
2. Information We Collect
2.1 Account & User Data (Information You Provide)
When you register for or use the Nexdial platform, we may collect:
- Full name and job title
- Company name and business address
- Email address and phone number
- Billing and payment information (processed through PCI DSS-compliant third-party processors; Nexdial does not store raw card numbers)
- Login credentials (passwords are hashed and salted; never stored in plaintext)
- Contact lists and lead data uploaded to the platform for outbound campaigns
- CRM data synced via third-party integrations (Salesforce, HubSpot, Zoho, etc.)
2.2 Usage & Technical Data (Automatically Collected)
- Call metadata: number of calls made, call duration, call outcome, agent disposition codes
- Campaign performance data: connection rates, conversion metrics, AMD outcomes
- IP address and approximate geolocation (at the city/region level)
- Device type, operating system, browser type, and version
- Session activity logs and feature usage patterns
- Real-time transcription data (if the transcription feature is enabled)
- Sentiment analysis scores generated during calls
2.3 Call Content Data
Where recording and transcription features are enabled, we process:
- Audio recordings of calls placed or received through the platform
- Automated transcriptions of recorded calls
- AI-generated interaction summaries and sentiment scores
All call content data is subject to the consent and notification requirements described in Section 4.
2.4 Contact/Consumer Data
When our customers upload contact lists or integrate their CRMs, Nexdial may process consumer data on their behalf as a data processor. This data is used solely to operate the customer’s campaigns and is not used for Nexdial’s own marketing purposes.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: Provision, operation, and maintenance of the Nexdial platform and its features.
- AI & NLP improvement: Training and improving our AI dialer models, natural language processing, and answering machine detection (AMD) algorithms. We use anonymized and aggregated data for model improvement.
- Account management: Creating and managing your account, processing payments, and communicating with you about your subscription.
- Analytics: Understanding how the platform is used to improve features, fix bugs, and optimize performance.
- Legal compliance: Meeting our obligations under applicable laws including the TCPA, FCC regulations, TSR, GDPR, and CCPA.
- Fraud prevention & security: Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity on the platform.
- Customer support: Responding to inquiries and providing technical assistance.
- Marketing communications: Sending product updates, newsletters, and promotional content where you have opted in. You may opt out at any time.
4. Call Recording — Consent & Compliance
4.1 Recording Notification
Nexdial may record calls processed through the platform for quality assurance, AI training, and regulatory compliance. Where recording is enabled:
- All parties to a call receive an automated disclosure notice at the outset of the call.
- Recordings are subject to the applicable consent laws of the jurisdictions of both the calling party and the called party. In all-party consent states (e.g., California, Florida, Illinois, Maryland, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, Washington), explicit consent from all parties is required and obtained.
- One-party consent states require only the consent of one party (typically the Nexdial customer or agent). Nexdial’s platform is configured by default to provide notice in all states regardless of local law.
4.2 Opt-Out of Recording
Users may request to disable call recording for their account or specific campaigns by contacting support@nexdial.com. Note that disabling recording may limit access to certain AI-powered features (e.g., real-time transcription, sentiment analysis, AI coaching).
4.3 Retention of Recordings
Call recordings are retained for a default period of 90 days, after which they are automatically deleted unless a longer retention period is required by applicable law or expressly requested by the customer. Customers may configure shorter retention windows within the platform settings.
5. Sharing & Disclosure of Information
We do not sell your personal information. We may share information in the following limited circumstances:
5.1 Service Providers & Subprocessors
We engage trusted third-party vendors to help operate our Services, including:
- Cloud infrastructure providers (e.g., AWS, Google Cloud)
- Telephony and SIP trunking partners
- Payment processors (PCI DSS Level 1 certified)
- CRM integration partners (Salesforce, HubSpot, Zoho)
- Analytics and monitoring tools
All subprocessors are bound by data processing agreements requiring them to protect your data to standards no less stringent than this Policy.
5.2 Legal Requirements
We may disclose your information when required to do so by law or in good-faith belief that such disclosure is necessary to:
- Comply with a legal obligation, court order, or government request
- Protect and defend the rights or property of Nexdial
- Prevent or investigate possible wrongdoing or illegal activity
- Protect the personal safety of platform users or the public
5.3 Business Transfers
In connection with a merger, acquisition, reorganization, or sale of all or a portion of Nexdial’s assets, your information may be transferred to the successor entity. We will notify you of any such transfer and any changes to this Privacy Policy.
5.4 Aggregated / De-Identified Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you, for industry research, benchmarking, and platform improvement purposes.
6. Data Security
Nexdial employs industry-standard and enterprise-grade security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:
6.1 Technical Safeguards
- Encryption in transit: All data transmitted to and from the platform is encrypted using TLS 1.2 or higher.
- Encryption at rest: Stored data (including recordings and personally identifiable information) is encrypted using AES-256.
- Authentication: Multi-factor authentication (MFA) is available and strongly recommended for all platform accounts.
- Access controls: Role-based access controls (RBAC) restrict employee and system access to personal data on a need-to-know basis.
- STIR/SHAKEN: Outbound calls are digitally signed to prevent caller ID spoofing and protect call authenticity.
6.2 Organizational Safeguards
- Regular security risk assessments and third-party penetration testing
- Security awareness training for all employees with data access
- Documented incident response procedures
- Vendor due diligence and subprocessor agreements
6.3 Incident Response
In the event of a data breach involving personal information, Nexdial will:
- Investigate and contain the incident promptly
- Notify affected users and regulatory authorities as required by applicable law (including within 72 hours where required under GDPR Article 33)
- Provide guidance on steps to mitigate potential harm
No electronic system is 100% secure. While we take extensive precautions, we cannot guarantee absolute security of information transmitted over the internet.
7. Data Retention
We retain personal information only as long as necessary for the purposes set out in this Policy and to meet our legal obligations:
- Account data: Retained for the duration of your active subscription, plus 3 years following account termination for legal and audit purposes.
- Call recordings: 90 days by default (configurable per account).
- Call metadata and analytics: Up to 2 years from the date of collection.
- Billing records: 7 years to comply with tax and financial record-keeping laws.
- Contact/consumer data uploaded for campaigns: Deleted upon account termination or earlier upon customer request.
Upon deletion, data is removed from active systems within 30 days and from backups within 90 days.
8. Your Privacy Rights
8.1 All Users
Regardless of your location, you have the right to:
- Access and review the personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of your personal information (subject to legal retention requirements)
- Opt out of marketing communications at any time
- Opt out of call recording (see Section 4.2)
- Lodge a complaint with a relevant data protection authority
8.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties with whom we share it.
- Right to Delete: Request deletion of your personal information (subject to certain exceptions).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising as defined under the CPRA.
- Right to Limit Sensitive Personal Information: You may request that we limit the use of sensitive personal information to what is necessary for the Services.
- Right to Non-Discrimination: Exercising your privacy rights will not result in discriminatory treatment.
To exercise CCPA/CPRA rights, submit a verifiable consumer request to support@nexdial.com. We will respond within 45 days (extendable by an additional 45 days with notice).
8.3 EEA, UK & Swiss Residents (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the rights to: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and to object to processing. You also have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Contact our Data Protection contact at support@nexdial.com to exercise these rights.
9. Customer Responsibilities & TCPA Compliance
Nexdial is a technology platform provider. Customers who use Nexdial to conduct outbound calling campaigns bear independent legal responsibility for:
- Obtaining valid prior express written consent from all consumers before placing autodialed, prerecorded, or AI-powered calls or text messages.
- Maintaining and honoring internal Do Not Call lists, updated within 30 days of any opt-out request.
- Scrubbing contact lists against the National DNC Registry and applicable state registries at least every 31 days.
- Ensuring calling campaigns comply with all time-of-day restrictions under the TCPA and applicable state law.
- Providing required caller identification disclosures on every call.
- Complying with the FTC Telemarketing Sales Rule, including applicable call abandonment rate limits.
- Ensuring AI-generated conversations do not misrepresent the AI nature of the call in a deceptive manner.
Nexdial reserves the right to suspend or terminate access to the platform for any customer found to be in violation of applicable telemarketing, privacy, or communications laws.
10. Cookies & Tracking Technologies
The Nexdial website (nexdial.com) uses cookies and similar tracking technologies:
- Essential cookies: Required for website functionality and secure authentication.
- Analytics cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). Analytics data is anonymized where possible.
- Marketing cookies: Used with your consent to measure advertising effectiveness.
You may manage cookie preferences through your browser settings or our cookie consent manager. Disabling certain cookies may affect site functionality.
11. International Data Transfers
Nexdial is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your jurisdiction. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent transfer mechanisms. A copy of our SCCs is available upon request.
12. Third-Party Links & Integrations
Our platform integrates with third-party services (CRMs, analytics tools, etc.). When you connect a third-party service, that service’s own privacy policy governs the information it collects. Nexdial is not responsible for the privacy practices of third-party services. We encourage you to review their policies before enabling integrations.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Post the updated Policy on our website with the revised effective date
- Send an email notification to registered account holders
- Display a notice within the Nexdial platform
Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.
14. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:
Email: support@nexdial.com
Phone: (863) 434-7257
Website: www.nexdial.com
If you are a California resident exercising CCPA rights or an EEA resident exercising GDPR rights, please include “Privacy Rights Request” in the subject line of your email.