Privacy Statement

1. Who This Statement Applies To

This Privacy Statement covers three categories of individuals:

• Website visitors — anyone who visits outrocx.com or interacts with our marketing pages, demo requests, or contact forms.
• Platform users — individuals authorized by an OutroCX customer (a contact center, BPO, or enterprise client) to access OutroCX Studio. This includes administrators, supervisors, QA evaluators, trainers, and agents.
• End-customer voices in call recordings — individuals whose voices and conversations appear in call recordings uploaded or streamed to OutroCX by our customers for the purpose of quality assurance, agent training, and performance analysis.

For platform users and end-customers in call recordings, our customer is the data controller (or business, under CCPA), and OutroCX acts as the data processor (or service provider). Our customers are responsible for obtaining all necessary consents from agents and end-customers, including call recording consent under applicable laws.

2. Information We Collect

2.1 Information You Provide Directly

• Contact details when you request a demo, fill out a form, or email us — name, business email, company name, job title, and any message content.
• Account credentials when authorized to use OutroCX Studio — name, email, role, and authentication identifiers.
• Billing information for paying customers — billing contact, address, and payment method (processed by our payment processor; we do not store full card numbers).

2.2 Information Collected Automatically

• Website analytics — IP address, browser type, device type, pages viewed, referring URL, and approximate location, collected through cookies and similar technologies.
• Platform usage data — login activity, feature usage, configuration changes, and audit logs generated as you use OutroCX Studio.

2.3 Customer-Provided Data Processed by the Platform

When customers use OutroCX Studio, the platform processes data they upload, stream, or generate, which may include:

• Call recordings and transcripts
• Agent profiles, performance metrics, and QA evaluations
• Training content, coaching notes, and learning records
• Knowledge base content, playbooks, and program standards
• Workforce management data, including schedules, attendance, and adherence

This data is owned and controlled by our customer. We process it solely to deliver the contracted services.

3. How We Use Information

We use information for the following purposes:

• To provide the platform — host, operate, and maintain OutroCX Studio and deliver the features purchased by our customers.
• To support our customers — respond to support requests, troubleshoot issues, and improve service delivery.
• To improve OutroCX — analyze aggregate usage patterns to improve product performance, reliability, and feature design.
• To communicate with you — respond to demo requests, send service announcements, billing communications, and (where you have opted in) marketing emails.
• For security and compliance — detect and prevent fraud, abuse, and unauthorized access; comply with legal obligations.

We do not use customer-provided data — including call recordings, transcripts, or agent profiles — to train general-purpose AI models. AI models used within the platform operate on customer data only to deliver the contracted services to that customer.

4. AI Processing and Sub-Processors

OutroCX uses third-party AI providers and infrastructure services to deliver core platform functionality. These sub-processors process customer data only as needed to perform their service and under contractual obligations consistent with this Statement.

A current list of sub-processors is available on request by emailing support@outrocx.com. We require sub-processors to maintain appropriate security and confidentiality obligations.

When call recordings or transcripts are processed by AI providers, we apply automated PII redaction before sending data to external models, including detection and removal of credit card numbers, Social Security Numbers, bank account numbers, and other sensitive identifiers.

5. How We Share Information

We do not sell personal information. We share information only in these circumstances:

• With sub-processors described in Section 4, solely to operate the platform.
• With our customer when you are an authorized platform user — your customer (employer or contracting organization) has access to your platform usage, performance data, and any content you create within the platform.
• For legal reasons when required by law, subpoena, or to protect the rights, safety, or property of OutroCX, our customers, or others.
• In a business transaction in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

6. Data Storage, Security, and Retention

6.1 Storage

Customer data is stored in OutroCX-managed cloud infrastructure. Enterprise customers may contract for dedicated single-tenant infrastructure under a separate agreement. Smaller customers operate on shared infrastructure with strict tenant isolation enforced through row-level security.

6.2 Security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These include encryption in transit and at rest, role-based access controls, audit logging, and regular security reviews.

No system is perfectly secure. In the event of a confirmed data breach affecting customer data, we will notify the affected customer within 72 hours of discovery and cooperate in any required regulatory reporting.

6.3 Retention

We retain personal information for as long as needed to deliver the services and meet our legal, accounting, and compliance obligations.

• Customer-provided data is retained for the duration of the customer's subscription. Upon termination, data is available for export for 30 days, after which it may be permanently deleted.
• Marketing and prospect data is retained until you unsubscribe or request deletion.
• Audit logs and security records are retained for the period required by applicable law and our security policies.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access — request a copy of personal information we hold about you.
• Correction — request correction of inaccurate or incomplete information.
• Deletion — request deletion of your personal information, subject to legal retention requirements.
• Restriction or objection — request that we limit or stop certain processing.
• Portability — request a machine-readable copy of information you provided to us.
• Withdraw consent — where processing is based on consent, withdraw it at any time.
• Non-discrimination (CCPA) — exercise your rights without retaliation or reduced service.

If you are a platform user, requests related to data inside OutroCX Studio (including call recordings, performance data, or training records) should be directed to your employer or the customer organization that authorized your access. We will support our customers in responding to those requests.

To exercise rights related to information OutroCX holds directly about you (such as marketing or website data), contact us at support@outrocx.com. We will respond within the timeframes required by applicable law.

8. International Data Transfers

OutroCX is based in the United States, and personal information may be processed in the U.S. and other countries where our sub-processors operate. Where required, we use appropriate transfer mechanisms — including Standard Contractual Clauses — to ensure personal information is protected to the standards of your jurisdiction.

9. Cookies and Tracking

Our website uses cookies and similar technologies to operate the site, remember preferences, measure traffic, and improve content. You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

We do not use cross-site behavioral advertising trackers on outrocx.com.

10. Children’s Privacy

OutroCX is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to This Statement

We may update this Privacy Statement from time to time. The "Last Updated" date at the top reflects the most recent revision. Material changes will be communicated through the platform, by email, or by prominent notice on outrocx.com. Continued use of the platform or website after a change constitutes acceptance of the updated Statement.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Statement or our data practices, contact us at:

For platform-related privacy questions, please also contact your organization's OutroCX administrator.