Privacy Policy

Effective Date: 1st September 2025

Last Updated: 10th September 2025

Turehub (“Turehub”, “we”, “us”, or “our”) provides software and services that help organizations manage customer communications across voice, SMS, WhatsApp, email, social channels, ticketing, CRM, analytics, and related automations. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our websites, use our web/mobile apps, interact with our services, or otherwise communicate with us.

If you are an end-customer of a Turehub client, this Policy explains how your information may be processed by Turehub on behalf of that client.

Important role clarity
  • For data about our clients, prospects, website visitors, and agents we employ, Turehub is a data controller (GDPR) / data fiduciary (Kenya DPA).
  • For data that our clients import to Turehub or generate through our channels (e.g., call recordings, chat logs, tickets), Turehub is a data processor / data handler acting on the client’s instructions. A Data Processing Addendum (DPA) is available on request.

1) Scope & Who This Policy Covers

This Policy applies to:

  • Visitors to our websites and landing pages.

  • Users of the Turehub platform (admins, agents, and other authorized users).

  • End-customers who communicate with our clients through Turehub-managed channels (voice, SMS, WhatsApp, email, chat, social DMs).

  • Individuals who contact Turehub for support, sales, careers, or partnerships.

This Policy does not apply to third-party websites or services not controlled by Turehub.

2) Information We Collect

A. Information you provide directly

  • Account & profile details: name, company, job title, email, phone, password (hashed), timezone, preferences.

  • Billing: billing contacts, addresses, tax IDs, payment method tokens (payment card details are handled by our PCI-compliant payment processors; we store only non-sensitive tokens and metadata).

  • Content & communications: messages, emails, chat transcripts, call recordings and voicemails (if enabled), attachments, notes, survey responses, campaign content, templates, variables/placeholders.

  • Support requests: tickets, screenshots, diagnostic info.

  • Recruitment: CV/resume data and interview notes (if you apply for a role).

B. Information collected automatically

  • Usage & device data: IP address, device IDs, browser type, OS, pages viewed, referring/exit pages, date/time stamps, session IDs, clickstream, feature usage (for analytics and security).

  • Telecom metadata: message IDs, sender/recipient numbers/handles, timestamps, delivery/engagement status, routing information; call start/end time, duration, SIP/IVR events, quality metrics.

  • Cookies & similar tech: see the Cookies section below.

C. Information we receive from third parties

  • Identity, contact, and enrichment from partners, CRMs, CDPs, marketing platforms.

  • Channel providers (e.g., carriers, WhatsApp Business API partners, SMS/voice aggregators) may share delivery reports, error codes, pricing/billing indicators.

  • Compliance & screening: fraud and risk signals to prevent abuse.

Sensitive data. We do not intentionally collect sensitive categories (e.g., health data) unless a client stores or transmits such data through Turehub. Clients are responsible for ensuring they have a lawful basis and appropriate safeguards before sending such information across our platform.

3) Legal Bases for Processing (GDPR / Kenya DPA)

We process personal data under one or more of the following bases:

  • Contract: to provide, maintain, and support the services you or your organization requested.

  • Legitimate interests: to secure our platform, prevent fraud, improve features, and communicate relevant service updates (balanced against your rights).

  • Consent: for certain marketing communications, cookies, call recording notices (where required), and WhatsApp/SMS templates.

  • Legal obligation: to comply with law, regulatory requests, taxation, and dispute handling.

When acting as processor, we process data strictly per our client’s documented instructions and the governing DPA.

4) How We Use Data

  • Deliver & operate the services: user authentication, routing communications, ticketing/CRM workflows, analytics dashboards, and automations.

  • Customer communications: send service notices, onboarding, feature updates, and—where permitted—marketing emails. You can opt out from marketing at any time.

  • Security & abuse prevention: detect suspicious activity, enforce limits, investigate incidents.

  • Quality & training: improve accuracy of IVR, bots, and agent coaching features (where enabled by clients).

  • Billing & accounting: calculate usage, verify rates, issue invoices, and provide cost analytics.

  • Legal: comply with subpoenas, lawful requests, or to establish/exercise/defend legal claims.

5) Call Recording, Transcription & Monitoring

If call recording or transcription is enabled by a client:

  • The client is responsible for informing and obtaining consent from participants as required by law (e.g., one-party vs. all-party consent jurisdictions).

  • Recordings/transcripts are stored securely and retained per the client’s settings or applicable law.

  • Supervisory features (e.g., whisper/barge) require clear policies and access controls by the client.

6) Messaging Compliance (SMS, WhatsApp, Email)

  • Clients must ensure prior consent and lawful basis for outreach (opt-in lists, approved templates where required).

  • Turehub supports template approvals (e.g., WhatsApp categories) and suppression lists.

  • We honor STOP/UNSUBSCRIBE commands where legally required and provide tooling to manage opt-outs.

7) Cookies, Tracking & Analytics

We use:

  • Strictly necessary cookies (login, load balancing, fraud prevention).

  • Performance/analytics (e.g., first-party analytics, A/B testing).

  • Functional (remembering preferences, language).

  • Marketing (with consent, where required).

You can manage cookies via our banner and browser settings. Some features may not function without essential cookies.

8) Sharing & Disclosures

We share personal data only as needed:

A. Service providers / sub-processors

  • Cloud infrastructure & storage (e.g., ISO 27001/SOC-certified providers).

  • Telecoms & channel partners (e.g., SMS/voice carriers, WhatsApp Business API providers) to deliver communications.

  • Payment processors for billing.

  • Analytics, error monitoring, security tools.

  • Support tools (ticketing, helpdesk, CRM).

We require appropriate data protection agreements and security measures with all sub-processors.

B. Clients & authorized users

When we act as processor, data is accessible to the client and their authorized users according to role-based permissions.

C. Legal & safety

We may disclose data if required by law, to protect rights/safety, or to respond to lawful requests by public authorities.

D. Business transfers

In a merger, acquisition, or asset sale, personal data may be transferred subject to this Policy and applicable law.

We do not sell personal data in the meaning of CCPA/CPRA.

9) International Data Transfers

Turehub may process data in countries outside your own. Where required, we use Standard Contractual Clauses (SCCs), approved transfer mechanisms, and contractually mandate comparable protections. Our vendors are vetted for security and compliance.

10) Data Retention

We retain personal data:

  • For clients’ content/records (messages, tickets, recordings): per the retention settings defined by the client or as required by law/contract.

  • For Turehub account data: for as long as your account is active plus a reasonable period to comply with legal obligations, resolve disputes, and enforce agreements.

  • Backups and logs: retained for limited, rolling periods for security and continuity.

When retention ends, data is securely deleted or anonymized.

11) Security

We implement administrative, technical, and physical safeguards:

  • Encrypted transport (TLS) and encryption at rest for sensitive stores.

  • Role-based access controls, SSO/MFA options.

  • Network segmentation, intrusion detection, vulnerability management.

  • Vendor due diligence and least-privilege access.

  • Employee confidentiality and security training.

No system is 100% secure; we maintain an incident response process. Where legally required, we will notify affected clients and authorities of a data breach without undue delay.

12) Your Privacy Rights

A. GDPR / UK GDPR / Kenya DPA

Subject to conditions and exemptions, you may:

  • Access your personal data;

  • Rectify inaccurate or incomplete data;

  • Erase data (right to be forgotten);

  • Restrict or object to certain processing;

  • Portability: receive a copy in a structured, commonly used format;

  • Withdraw consent where processing relies on consent;

  • Complain to a supervisory authority.

For processor data, please contact the relevant Turehub client (data controller). We will assist the controller in fulfilling verified requests.

B. CCPA/CPRA (California)

California residents may have the rights to know, access, correct, delete, and limit use/disclosure of sensitive personal information, and to opt-out of sharing for cross-context behavioral advertising. We do not sell personal information. You will not be discriminated against for exercising your rights.

How to exercise rights:

Submit a request to info@turelabs.com or via the in-product privacy portal (if available). We will verify your identity and respond within statutory timelines. Authorized agents may submit requests with appropriate proof.

13) Children’s Privacy

Our services are not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child provided data, contact us so we can delete it.

14) Automated Decision-Making & Profiling

Turehub may offer features like lead scoring, routing, campaign optimization, or anomaly detection. These tools support human decision-making; they do not make solely automated decisions that produce legal or similarly significant effects without appropriate safeguards. Clients can disable or configure such features.

15) AI Features

If you enable AI-assisted tools (e.g., suggested replies, summarization):

  • Input content may be processed by vetted AI sub-processors under confidentiality and data protection terms.

  • We do not use your data to train public models.

  • You can opt out by disabling AI features in settings.

16) Client Responsibilities (When You Are the Controller)

Clients using Turehub agree to:

  • Provide all required notices and obtain valid consent from end-users where applicable.

  • Configure retention, access controls, and privacy settings.

  • Avoid transmitting prohibited or highly sensitive data unless appropriate safeguards and a lawful basis exist.

  • Respond to data subject requests; Turehub will assist per the DPA.

17) Marketing Communications

With your consent (where required) we may send emails about new features, tips, and events. You can unsubscribe using in-email links or by contacting us. Service/transactional emails are necessary and will continue regardless of marketing preferences.

18) Changes to this Policy

We may update this Policy to reflect changes in law, our services, or operations. We will post the updated Policy with a new “Last Updated” date and, where appropriate, provide additional notice. Continued use of the services indicates acceptance of the updated Policy.

19) Contact Us / Data Protection Enquiries

Turelabs Developers Limited (Turehub)

Britam Towers, Hospital Road, Upper Hill, Nairobi, Kenya

Email: info@turelabs.com

For EU/UK inquiries or to request our DPA, SCCs, or sub-processor list, contact the email above.

20) Kenya-Specific Notice

Turehub complies with the Kenya Data Protection Act, 2019 and guidance from the Office of the Data Protection Commissioner (ODPC). Where we act as data controller/fiduciary, we maintain a lawful basis, conduct DPIAs where necessary, and register with the ODPC where required.

21) United States-Specific Notice (CCPA/CPRA)

  • Categories of personal information collected: identifiers (name, email, phone), commercial information (usage, billing), internet activity (analytics), geolocation (approximate from IP), audio/electronic data (recordings if enabled), professional information, and inferences for product improvement.

  • Sources: directly from you, your organization, our service providers, and connected platforms.

  • Business purposes: service delivery, security, debugging, analytics, internal research, quality assurance, and marketing (with consent where applicable).

  • Disclosures: to service providers and sub-processors as described; no sale of personal information.

  • Retention: as described in Section 10.

22) How to Make a Complaint

If you believe your privacy rights have been infringed, please contact us first. You also have the right to lodge a complaint with your local data protection authority (e.g., ODPC in Kenya or your EU supervisory authority).

 

Sign up now or never!

Stay up to date with the latest news, announcements, and articles.

    Turehub helps businesses connect, serve, and grow with voice, messaging, email, and support tools — all in one dashboard.

    English

    Product

    Resources

    Social

    Legal

    Turehub © 2025, Powered By Turelabs Developers Limited