Data Controller
NumFree Inc., 255 Constitution Drive #B1020, Menlo Park, CA 94025
Contact: privacy@numfree.com
Data We Collect
We collect only what's necessary to provide the NumFree service:
- Account information — email address, name, and password (hashed)
- Phone number data — your NumFree number, call/SMS logs, voicemail
- Payment data — processed by Stripe; we never store card numbers
- Usage data — IP address, browser type, pages visited, timestamps
- Cookies — session management and authentication only
What we do NOT collect
- Call audio content — we don't record or listen to your calls
- SMS message content — forwarded to your email, not stored by us
- Location data — we don't track where you are
Chrome Extension (NumFree Caller)
The NumFree Caller Chrome extension enables encrypted voice calls between NumFree users. Here's how it handles your data:
Calls are peer-to-peer encrypted via WebRTC. Audio goes directly between callers. NumFree servers only relay signaling metadata (who is calling whom), never the call audio itself.
Permissions used
- storage — stores your authentication token locally in Chrome so you stay signed in. This data never leaves your browser.
- notifications — shows desktop notifications for incoming calls
- host_permissions (numfree.com) — authenticates with the NumFree API and maintains the WebSocket connection for call signaling
Data the extension accesses
- Your NumFree email and auth token (stored locally in Chrome storage)
- Microphone audio (only during active calls, streamed peer-to-peer via WebRTC)
- Online presence of other NumFree users (email addresses only)
The extension does not access browsing history, page content, bookmarks, downloads, or any data from other websites.
How We Use Your Data
- Provide the service — route calls, deliver SMS, manage your number
- Account management — authentication, billing, support
- Service improvement — internal analytics (no third-party trackers)
- Communication — service updates and account notifications
We do not sell, rent, or share your personal data with third parties for marketing purposes.
Third-Party Services
- Twilio — voice and SMS routing infrastructure
- Stripe — payment processing
- MongoDB — database hosting
Each operates under their own privacy policies. We share only the minimum data required to provide the service.
Data Security
We protect your data using:
- HTTPS encryption for all connections
- Bcrypt password hashing
- JWT-based authentication with short-lived tokens
- WebRTC end-to-end encryption for voice calls
- Rate limiting to prevent unauthorized access
Data Retention
We keep your data for as long as your account is active. Call and SMS logs are retained for 90 days for service delivery. You can request deletion of your account and all associated data at any time.
Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to data processing for any legitimate reason
To exercise these rights, contact us at privacy@numfree.com.
Do Not Track
NumFree does not use third-party tracking services. We respect Do Not Track browser signals.
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance of the updated policy.
Questions about privacy?
Contact us at privacy@numfree.com
Legal
This privacy policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable US federal and state privacy laws.
NumFree Inc. is incorporated in the State of California, United States.