Privacy Policy

This Privacy Notice for Ambinet Inc., doing business as Lanesurf ("Lanesurf," "we," "us," or "our"), explains how and why we access, collect, store, use, and/or share ("process") your personal information when you use our Services, including when you:

• Visit our website at https://lanesurf.com or any other website of ours that links to this Privacy Notice;
• Use our Voice AI calling, messaging, or automation services;
• Engage with our sales, support, marketing, or events; or
• Interact with us by email, phone, or other channels.

If you do not agree with our policies and practices, please do not use our Services. For questions or concerns, contact us at privacy@lanesurf.com.

TABLE OF CONTENTS

• WHAT INFORMATION DO WE COLLECT?
• HOW DO WE PROCESS YOUR INFORMATION?
• WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
• WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
• DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
• HOW DO WE HANDLE YOUR SOCIAL LOGINS?
• HOW LONG DO WE KEEP YOUR INFORMATION?
• HOW DO WE KEEP YOUR INFORMATION SAFE?
• DO WE COLLECT INFORMATION FROM MINORS?
• WHAT ARE YOUR PRIVACY RIGHTS?
• CONTROLS FOR DO-NOT-TRACK FEATURES
• DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
• DO WE MAKE UPDATES TO THIS NOTICE?
• HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
• HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In short: We collect the information you provide directly.

We collect information you provide when you:

• Create or manage an account;
• Fill out lead forms, request demos, or request pricing;
• Use the Voice AI services (including uploading contact lists or connecting telephony);
• Communicate with support or sales; or
• Participate in surveys, events, or promotions.

Examples of information we collect:

• Identifiers & contact info: name, business email, phone number, company, job title;
• Account & authentication data: username, password (hashed), multi-factor settings;
• Payment & billing: billing name, billing address, last four digits of payment card (where applicable), transaction metadata (we do not store full card numbers on our servers; payments are processed via PCI-compliant providers);
• Support & communications: messages you send to support, incident reports, feedback;
• Customer-supplied telephony data: lists of phone numbers you upload for campaigns (you warrant you have lawful rights to use those numbers);
• Consent & preferences: marketing preferences, cookie preferences.

Voice / Call Data (important for Voice AI):

• Call metadata: phone numbers dialed/received, carrier identifiers, call start/end times, duration, call status (answered, busy, no answer);
• Audio recordings: recorded audio of calls routed through our system if recording is enabled by you or required by workflow;
• Transcripts & AI outputs: automated transcriptions, AI-generated summaries, classification labels (e.g., booking succeeded, follow-up required);
• Agent / user annotations: notes or tags added by users or Lanesurf support personnel.

We will always display or require you to accept call-recording notices and obtain necessary consents where required by local law (for example, one- or two-party consent rules).

Information collected automatically

In short: We automatically collect technical and usage data.

When you visit our site or use our Services, we collect:

• Log and usage data: IP address, device and browser type, pages visited, referrer, timestamps, URL parameters, error and crash reports;
• Device data: operating system, hardware model, unique device identifiers where applicable;
• Location: approximate location derived from IP or mobile settings (we do not continuously track precise GPS location unless explicitly enabled);
• Cookies and similar technologies (pixels, tags, local storage) — see Section 5.

This data helps secure, maintain, and improve our Services and detect abuse.

Information from third parties & integrations

In short: We accept data via integrations you enable.

If you integrate Lanesurf with third-party services (e.g., Salesforce, HubSpot, or SIP carriers), we may receive contact records, call logs, or other data from those providers. We rely on you to ensure lawful transfer of that data to us.

Sensitive information

We do not intentionally collect sensitive categories (e.g., race, religion, biometrics, health data). If we are inadvertently provided sensitive data (e.g., spoken words in a call that include sensitive content), we will not use such data for profiling or targeting and will delete it upon request unless retention is required by law.

2. HOW DO WE PROCESS YOUR INFORMATION?

In short: We use data to provide and improve the Services, secure systems, and communicate with you.

We process data for the following purposes (with examples):

• Provide core Services: route calls, connect to carrier/SIP, process call logic, store call logs and recordings for later retrieval by you or your users.
• Account management & support: create accounts, authenticate logins, reset passwords, respond to tickets.
• Billing & payments: process invoices, reconcile payments via payment processors.
• Product improvement & research: analyze anonymized usage patterns and performance metrics to improve recognition accuracy, reduce latency, and refine conversation flows. We do not use customer call data to train public models unless explicitly agreed in writing.
• Security & fraud prevention: monitor abnormal usage patterns, perform malware/fraud detection, maintain incident logs.
• Compliance & legal: respond to subpoenas, court orders, regulatory inquiries; enforce our Terms of Service.
• Marketing & communications: send product updates, newsletters, promotional offers (you may opt out).
• Analytics & measurement: use analytics tools to understand product usage, campaign effectiveness, and to measure advertising ROI.

We limit internal access to personal data to teams that require it to perform their job functions, and we use role-based access controls and logging.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In short: We process personal information when we have a lawful basis to do so.

For EU/UK users we rely on some or all of the following legal bases:

• Consent: where you have given clear permission (e.g., marketing emails, optional cookies). You may withdraw consent at any time.
• Contract performance: to deliver services you have requested (e.g., facilitating calls).
• Legal compliance: to meet legal obligations (e.g., tax, recordkeeping, lawful requests).
• Legitimate interests: for platform security, fraud prevention, product improvement, and business operations — balanced against your rights and expectations.
• Vital interests: to protect someone's life in emergency situations, when necessary.

Where applicable, we will indicate the legal basis for specific processing activities.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In short: We share data only as necessary with service providers, legal authorities, or in business transfers.

Service providers & processors

We use third-party vendors to help deliver the Services. Examples include:

• Cloud infrastructure & hosting (e.g., AWS, GCP, Azure) for storage and compute;
• Telephony & carrier partners for call termination and origination;
• Payment processors for handling subscriptions and fees;
• Analytics & monitoring (e.g., analytics platforms, error tracking);
• Customer support & CRM tools for managing tickets and communications;
• Security & compliance tooling (e.g., logging, SIEM).

All processors are bound by contracts requiring them to process data only on our behalf and to implement appropriate safeguards.

Legal & safety disclosures

We may disclose information to:

• Comply with valid legal processes (subpoenas, court orders);
• Respond to law enforcement or regulatory requests;
• Protect our rights, property, or users;
• Prevent fraud or imminent physical harm.

We will challenge overbroad demands where appropriate and notify customers subject to legal restrictions if we are required to provide notice.

Business transactions

If Lanesurf undergoes a merger, acquisition, or sale, personal information may be transferred as part of the transaction. We will require the acquirer to honor this Notice.

Aggregated & anonymized data

We may share anonymous or aggregated usage statistics that do not reasonably identify individuals.

No sale of personal information

We do not sell, rent, or trade personal information for marketing purposes. If that changes, we will notify you and provide opt-out mechanisms.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Yes. We and service providers use cookies, web beacons, pixels, local storage, and similar technologies to:

• Maintain login sessions and security tokens;
• Store user preferences;
• Measure and analyze usage and performance;
• Personalize content and marketing;
• Support advertising platforms and campaign measurement.

We provide a Cookie Policy with details on categories, examples of cookies used (e.g., session cookies, persistent cookies, analytics cookies), and instructions to manage cookies in major browsers (Chrome, Edge, Safari). You can opt out of non-essential cookies via our cookie controls or browser settings.

6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

If you choose to sign up through a third-party social platform (e.g., Google), we will receive the information you permit the provider to share (name, email, profile picture, token). We use this data for authentication and to pre-populate your account. We do not control the social provider's data handling; review their privacy policies for details.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In short: We retain data only as long as necessary for the purpose collected, subject to legal obligations.

Typical retention periods (examples — customers may configure settings where applicable):

• Account information: retained while account is active + 2 years after account termination for fraud prevention and support.
• Call recordings & transcripts: default retention 6–24 months (configurable by customer; may be shortened or extended under contract);
• Billing records: retained for 7 years for tax and accounting compliance;
• Support tickets & logs: retained for 2–5 years depending on legal and operational needs;
• Aggregate analytics: retained indefinitely in anonymized form.

When we no longer need personal data, we delete or irreversibly anonymize it. Backups may retain data for limited periods; we apply retention controls to backups where possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In short: We use technical, administrative, and physical safeguards.

Security measures:

• Encryption: TLS for data in transit; encryption at rest for stored data where feasible;
• Access controls: role-based access, least-privilege principles, MFA for admin access;
• Network protections: firewalls, intrusion detection/ prevention systems, secure gateway for telephony;
• Operational controls: logging, monitoring, routine security audits, vulnerability scanning, and patch management;
• Vendor due diligence: security reviews, contracts, and breach notification obligations with processors;
• Incident response: documented incident response plan with detection, containment, remediation, and notification processes.

Breach notification: If a security incident materially affects your personal information, we will notify you and regulators as required by law, typically within applicable statutory timeframes (e.g., 72 hours for reportable GDPR incidents where required).

While we strive to protect data, no system is perfect — please secure your account credentials and report suspicious activity to privacy@lanesurf.com.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect personal information from individuals under 18. If we learn we have inadvertently collected such information, we will take steps to delete it and terminate the account. If you believe we have collected information about a minor, contact privacy@lanesurf.com.

10. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your jurisdiction, you may have the right to:

• Access: request a copy of personal data we hold;
• Rectification: correct inaccurate or incomplete data;
• Erasure: request deletion of personal data (subject to legal exceptions);
• Restriction: request processing be limited;
• Data portability: request a machine-readable copy of your data;
• Object: object to processing based on our legitimate interests;
• Withdraw consent: where processing is based on consent;
• Opt out of targeted advertising or sale/sharing (where applicable under state law).

How to make a request: Email privacy@lanesurf.com with "Data Request" in the subject line and describe the request. We will verify your identity and respond within the timeframes required by applicable law (generally 30–45 days). We may ask for additional information for verification purposes.

Authorized agents: Some jurisdictions allow you to designate an authorized agent to submit requests. We will require proof of authorization.

Exceptions & limitations: We may decline or partially fulfill requests where permitted by law (e.g., to preserve evidence, prevent fraud, or comply with retention obligations).

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most browsers offer Do-Not-Track (DNT), but there is no universal standard for honoring DNT. We currently do not respond to DNT signals. If standards change and become widely adopted or legally required, we will update this Notice.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In short: Yes — several U.S. states provide additional rights.

California (CCPA / CPRA) — summary of rights

If you are a California resident, you may be entitled to:

• Request disclosure of personal information categories collected and purposes;
• Request a copy of specific pieces of personal data;
• Request deletion of personal data;
• Opt out of sharing/sale of personal data (we do not sell personal data);
• Request correction of inaccurate personal data;
• Opt out of targeted advertising (where "sharing" or "sale" is implicated).

How to submit California requests: Email privacy@lanesurf.com or use any web forms we publish for requests. Provide proof of identity; you may designate an authorized agent. We will not discriminate for exercising rights.

Other U.S. states

Residents of Colorado, Virginia, Connecticut, Utah, and similar states may have related rights. The process is the same: contact privacy@lanesurf.com.

13. DO WE MAKE UPDATES TO THIS NOTICE?

Yes. We will update this Notice as legal requirements or our practices change. We will post the updated Notice on our website with a new "Last updated" date. For material changes, we may provide a prominent notice (email or in-app) before the changes take effect.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

Email: privacy@lanesurf.com

Mailing addresses:

Please include sufficient details and, where relevant, verification documents for identity.

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

To review or request changes to your data, contact privacy@lanesurf.com with:

• Subject: "Data Request"
• Include: name, email associated with account, and a concise description of your request.

Verification: We will verify identity using account details, recent activity, or other reasonable methods. For authorized agents, we require written authorization.

Response timeframe: We will acknowledge receipt promptly and respond in accordance with applicable law (generally within 30–45 days). If we need more time, we will inform you.