Privacy Policy

Last updated: April 21, 2026

WebCallHub (“we”, “us”) is operated by HSG IT USA LLC (Austin, Texas, USA) and HSG IT Services Oy (Helsinki, Finland). We take privacy seriously and this policy explains what personal data we collect, why, how we use it, and your rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and comparable laws.

Short version: We collect the minimum data needed to run the click-to-call service: account info for you, plus call metadata and (optionally) audio/transcripts for calls placed through your site. We do not sell personal data. You can request export or deletion at any time.

1. Who Is the Controller?

For account holders (our customers): WebCallHub is the data controller.
For website visitors who use a customer’s call widget: The customer (website owner) is the data controller; WebCallHub is the data processor.

Contact the data protection lead at info@webcallhub.com.

2. Data We Collect

2.1 Account data (you, the customer)

Name, email, company, role.
Billing details (processed by our payment provider — we do not store card numbers).
Authentication data (password hash, SSO tokens, session cookies).
Dashboard activity logs (which admin actions you took and when).

2.2 Call data (when a visitor uses the widget)

Call metadata: timestamp, duration, caller identifiers, agent assignment, call outcome.
The visitor’s name and/or email, if they entered them in the widget form.
IP address (used for routing, TURN/STUN selection, and abuse prevention).
Audio stream: only during the call — it is relayed, not stored, unless you enable recording.
Transcript: only when transcription is enabled for the call (optional feature).

2.3 WordPress plugin data

When you save a Site Key in the plugin settings, the plugin sends a one-time POST to app.webcallhub.com/api/widget/wp-handshake containing the Site Key, your WordPress site URL (home_url()), and plugin version. This lets us mark your domain as verified.
When a page with the widget is loaded, the visitor’s browser requests app.webcallhub.com/api/widget.js?siteId=…. This request contains the standard HTTP metadata (IP, user agent, referer) sent by any external script host.

2.4 Website and cookies

We use strictly-necessary cookies for login and CSRF protection.
We use privacy-respecting analytics to understand aggregate traffic. We do not use third-party ad-tracking cookies.

3. Why We Use the Data (Legal Basis)

Purpose	Data	GDPR basis
Providing the Service	Account data, call metadata, audio	Contract (Art. 6(1)(b))
Billing and accounting	Billing details	Contract & legal obligation
Abuse prevention, security	IP, activity logs	Legitimate interest (Art. 6(1)(f))
Optional call recording/transcription	Audio, transcript	Consent (Art. 6(1)(a)) and/or legitimate interest
Product improvement (aggregate)	Anonymized usage data	Legitimate interest
Marketing emails to customers	Email	Consent; opt-out at any time

4. Where Your Data Is Stored

Primary production data is hosted within the European Union (Hetzner, Helsinki region). Backups and selected sub-processors may operate in the United States under EU-US Data Privacy Framework obligations or Standard Contractual Clauses.

5. Sub-processors

We use a small set of vetted sub-processors to operate the Service. Typical examples:

Cloud hosting (Hetzner, Cloudflare).
Email delivery (transactional email provider).
Payment processing (industry-standard PCI-compliant provider).
Speech-to-text (optional transcription feature).

Customers on Business and Enterprise plans can request the current sub-processor list and a Data Processing Addendum at info@webcallhub.com.

6. How Long We Keep Data

Account data: for the life of the account, plus up to 90 days after cancellation (then deleted or anonymized).
Call metadata: 12 months by default, configurable per customer.
Call recordings / transcripts: only if you enable the feature; kept for the retention window you choose (default 30 days).
Billing records: kept for the period required by tax law (up to 10 years in Finland).

7. Your Rights

Under GDPR you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Request deletion (“right to be forgotten”).
Restrict or object to processing.
Data portability — receive your data in a machine-readable format.
Withdraw consent at any time (does not affect prior processing).
Lodge a complaint with your national supervisory authority (in Finland: tietosuoja.fi).

Under CCPA, California residents additionally have the right to know what categories of personal information we collect and to request deletion. We do not sell personal information.

To exercise any right, email info@webcallhub.com. We respond within 30 days.

8. Security

Traffic is protected in transit with TLS 1.2+. Call audio is relayed over DTLS-SRTP (encrypted WebRTC). Passwords are hashed with a modern algorithm (bcrypt/argon2). Access to production systems is restricted and audited.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

10. Changes to This Policy

We will post material changes on this page and, for account holders, send a notice by email at least 14 days before they take effect.

11. Contact

Email: info@webcallhub.com
HSG IT Services Oy — Helsinki, Finland
HSG IT USA LLC — Austin, Texas, USA