Privacy Policy


Your privacy and trust are important to us at Touchtone Corporation. We are committed to do our part to safeguard your data and documents, although your cooperation will also be needed to secure them.


This privacy policy describes our practices regarding how our organization collects, stores, and uses the personal data from customers who utilize our service.

Information You Provide

The information collected when you provide it to us and when you use our service is described below:


Account and Profile Information: The information collected about you when you register for an account, create or update your profile, sign-up or subscribe to our service. The information includes contact information such as name, company, job title, email, phone, address, account log-in details, and billing information when subscribing to our service. You also have the option to add a profile photo and other details to your profile information.

Information Automatically Collected or Generated


Some of your data and documents are cached in Web browsers and mobile devices for functional and performance reasons. Please be aware any such cached information may be vulnerable to unauthorized access. For this reason, after using a shared Web browser or public device, it’s imperative that you clear this cached information.


Integrated Services


If you enable integration with third-party web services, such as Google GMail and Microsoft Office 365, then these third party providers may collect some of your data and documents. We are not responsible for their privacy policies. We encourage you to review their respective privacy policies and terms of use carefully.


Customer Data containing Personal Information


Users may choose to upload to our service, customer data on behalf of their Account owner (our Customer) which includes Personal Information (such as Customer’s clients or employees’ information, collectively referred to as “Customer Data”). This Personal Data which is included in Customer Data will only be processed by Touchtone Corporation on behalf of our customer (who owns the Customer’s Account) in accordance with our Data Processing Addendum (DPA) (applicable only for customers in the European Union), along with other agreements with such Customer, our Terms of Use, and this Privacy Policy.


Data Processor and Data Controller


Certain data protection laws and regulations, such as the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) GDPR or the California Consumer Privacy Act (CCPA), typically distinguish between two main roles for parties processing Personal Data: the “Data Controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “Data Processor” (or under the CCPA, “service provider”), who processes the data on behalf of the Data Controller (or business). Below we explain how these roles apply to our Service, to the extent that such laws and regulations apply.


Touchtone Corporation is the “Data Processor” of its Customers who input or upload Customer Data to its Cloud Service, which may include Personal Data (e.g., by uploading their own clients’ contact details). Customers will own this data and shall be deemed the “Data Controller” of such data. This data will only be processed by Touchtone Corporation on behalf of its Customers in accordance with its reasonable instructions, subject to Terms of Use and Data Processing Addendum (DPA) (applicable only for customers in the European Union) and any other agreements.

Customer will be responsible for meeting any legal requirements applicable to Data Controllers (such as establishing a legal basis for processing and responding to Data Subject Rights requests concerning the data they control).

Touchtone Corporation is deemed the “Data Controller” (solely to the extent applicable under law) when its Web site Visitors’ input profile and contact details into its Web site forms. Any service providers used to process engagement and analytics data will assume the role of “Data Processor”.

If a signed Data Processing Addendum (DPA) (applicable only for customers in the European Union), is needed in addition to the Terms of Use and Privacy Policy, please contact us. Our contact information is given below.

How Do We Use Your Data


We use your data to process your request and manage your account. We use your personal data as necessary for the performance of our Service; to comply with our legal and contractual obligations; and to maintain and improve the features of our Service. We may also email you with new product offers and services we think you might like.


Data Storage and Retention


Data Storage: Your organization’s data and documents are stored within a separate database and file storage directory, respectively. We do not share them with any other entity, and, within our company, limit access to them to just a few trusted employees, who either support your account or service our cloud infrastructure.


Data Retention: We retain information as applicable with law, as follows:  


  • - All customer data for Closed Accounts are deleted within 6 months of date of closure
  • - Rotating daily backups are kept for 7 days
  • - Billing information is retained for at least 7 years
  • - Information on legal transactions between customer and Touchtone Corporation are retained for at least 7 years


Data Security


We secure data using industry-standard physical, procedural and technical security measures, including encryption of data at both rest and transmission. Please note that absolute protection and security of any personal data cannot be guaranteed regardless of security measures in place.


Infrastructure: We use Amazon Web Services (AWS) as our cloud infrastructure. AWS is Privacy Shield certified (AWS Certifications) and compliant with the EU’s General Data Protection Regulation (GDPR). In addition, Touchtone Corporation has entered into a HIPAA Business Associate Agreement (BAA) with AWS.


Health Insurance Portability and Accountability Act (HIPAA)

In operating our service, and as it relates to Protected Health Information (PHI), Touchtone Corporation attempts to achieve compliance with respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In accordance with HIPAA, all healthcare-related customers that Touchtone Corporation receives information about patients may be Covered Entities (as defined under HIPAA), and we may serve as their Business Associate (as defined under HIPAA) and comply with the HIPAA Privacy Rule and the HIPAA Security Rule.

Your Data Protection Rights


Individuals have rights concerning their personal data. If you wish to exercise your rights under any applicable law, including the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), such as the right to request access to, and rectification or erasure of your Personal Data held with Touchtone Corporation, please contact us below.


Changes and Updates to this Policy


Please note that our Privacy Policy may change at any time to remain consistent and in accordance with local laws and customer/partner expectations.


Contact Us


Please contact us with any questions or requests related to this Policy:


Touchtone Corporation

PO Box 5719

Irvine, CA 92616-5719 USA


Updated: January 5, 2023