Back to home

Effective: May 28, 2026 | Last updated: May 28, 2026

Privacy Policy – Ryng for Business

This policy explains how Ryng collects, uses, stores, shares, and protects personal information processed in connection with Ryng's business services – including the Ryng for Business website, lead and demo forms, service registration, API/SDK integration, and the verified caller identity screen displayed to end users.

Scope and Operator Identity
Definitions and Parties' Roles
Data We Collect About Business Representatives
Integration and Brand Verification Data
Data Processed on Behalf of the Business Client
Technical Identifiers
Sources of Information
Processing Purposes and Legal Basis
B2B Marketing, Measurement and Analytics
Data Sharing and Sub-Processors
International Transfers
Retention and Deletion
Information Security
Data Subject Rights
Cookies and Similar Technologies
Changes to this Policy
Contact Information

1. Scope and Operator Identity

This policy applies to Ryng for Business, including the Ryng for Business website, lead and demo forms, API/SDK interfaces for verified caller identity, and the verified identity screen displayed during outbound calls to end users of business clients.

The service operator is: WebEngine, 10 Yehuda HaLevi St., Kiryat Shmona, Israel. Business contact: [email protected].

Data Protection Officer (DPO): For privacy inquiries, data-subject rights requests, or security incident reports – [email protected].

This policy complements the Ryng for Business Terms of Use, which include a unified Data Processing Agreement (DPA) governing the relationship between Ryng and the business client when Ryng acts as a processor on its behalf.

2. Definitions and Parties' Roles

"Business Client" – a corporation, organization, or licensed sole proprietor who registers for Ryng for Business services or engages with us in a sales/POC process.
"Business Representative" – an individual acting on behalf of a Business Client (such as a business contact, decision-maker, or integrator) who provides personal details during marketing, registration, or ongoing operation of the service.
"End User" – a customer of the Business Client who may receive a call displaying the Business Client's verified identity on the Ryng consumer app screen.
Controller / Processor roles: Ryng acts as a Controller with respect to the personal data of its Business Representatives and the operational data of the business account. Ryng acts as a Processor with respect to data that the Business Client transfers to Ryng for the purpose of service delivery – such as phone numbers it certifies as its own, or lists of outbound campaigns it plans to run to its End Users.

3. Data We Collect About Business Representatives

3.1 Information you provide

Full name of the Business Representative.
Company / organization name, legal form, business registration number.
Role and professional contact details (business email, phone, website).
Approximate company size, industry, geography and integration needs.
Content of inquiries sent to us (contact form, chat, demo request, POC).
Invoicing and billing details in the case of a paid subscription.

3.2 Technical and operational data

IP address, browser identifiers and version, operating system, locale, time zone.
Operational logs: access times, errors, performance metrics, API calls.
Usage events (e.g., page view, form submission, admin panel login).

3.3 Sensitive data

Ryng for Business does not require Business Representatives to provide health data, biometric data, precise location data, or any "special category" data as defined under GDPR or Schedule 11(A) of the Israeli Privacy Protection Law. If such information is mistakenly submitted in the course of contacting us, we may delete it.

4. Integration and Brand Verification Data

To deliver the service, the Business Client transfers to us data that demonstrates its association with the brand and its authority to perform verified caller identity on outbound calls:

Brand name, logo, brand colors and short messages displayed on the verified identity screen.
List of phone numbers the Business Client has declared as owned or licensed by it (DIDs, call centers, extensions, toll-free 1-800 numbers, etc.).
Proof-of-ownership / licensing documents for the phone numbers (e.g., telecom carrier letters, contracts with licensed telecom operators, invoices).
Technical integration details: webhook URLs, API keys, outbound IP addresses, SIP identifiers, telephony provider.
Campaigns, call scripts and call purpose tags (used to label the displayed identity).

Brand verification data may be retained for as long as necessary to demonstrate the legitimacy of the identity displayed to end users and to comply with regulatory requirements (including applicable telecommunications and consumer-protection laws).

5. Data Processed on Behalf of the Business Client

As part of using the service, the Business Client may transfer to Ryng lists of phone numbers of its end users (e.g., batches of planned outbound calls), so that during the call Ryng can display the Business Client's verified identity on the screen of an end user using the Ryng app. With respect to such data:

The Business Client is the Controller of the data.
Ryng acts solely as a Processor, acting on the documented instructions of the Business Client.
Ryng will not use this data for purposes other than service delivery and substantiating the legitimacy of the identity displayed to the end user.
Ryng will not sell or transfer this data to third parties other than sub-processors required for service delivery (see Section 10).
The full processing terms, including security measures, incident handling, and end-of-engagement deletion, are set out in the unified DPA included in the Ryng for Business Terms of Use.

End Users, who are the ultimate data subjects, may exercise their rights (access, correction, deletion, etc.) directly with the Business Client with whom they have a customer relationship. Ryng will assist the Business Client in meeting those requests as described in the DPA.

6. Technical Identifiers

Ryng for Business generates and stores the following technical identifiers for the Business Client account and its representatives:

Tenant ID – a random identifier linked to all of the Business Client's data and configuration in the system.
Internal User ID – assigned to each Business Representative who logs into the admin panel or the API interface, and linked to their actions in system logs.
API keys and OAuth tokens – used to authenticate software requests from the Business Client. Keys are stored encrypted and are not used to identify individual representatives.

7. Sources of Information

Information provided directly by the Business Representative (registration forms, sales conversations, admin panel).
Technical information automatically collected during use of the site, admin panel and API.
Public business sources for company-detail verification (e.g., the Israeli Registrar of Companies, VAT registrar).
Telecom providers and regulators in connection with verifying phone-number ownership.
B2B platforms and channel partners, subject to consent of the Business Representative or another legal basis.

8. Processing Purposes and Legal Basis

Purpose	Examples	Possible Legal Basis
Service delivery	Setting up a tenant, managing API keys, displaying verified identity	Contract performance / pre-contractual steps
B2B marketing and lead nurturing	Sending B2B content, webinar invitations, sales follow-up	Legitimate interest (B2B) / Consent
Billing, accounting and commercial compliance	Issuing invoices, collecting payments, bookkeeping	Contract performance / Legal obligation
Brand verification and abuse prevention	Verifying phone-number ownership, preventing impersonation	Legitimate interest / Legal obligation
Security and fraud prevention	Detecting API abuse, monitoring, incident investigation	Legitimate interest / Legal obligation
Product improvement	Aggregate usage analytics, quality metrics, product research	Legitimate interest
Compliance with law	Responding to authorities, record keeping, audits	Legal obligation

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing. For B2B marketing communications – see Section 9.

9. B2B Marketing, Measurement and Analytics

Marketing communications from Ryng for Business are directed to business contacts at corporate email addresses, in accordance with the "existing customer" exemption and applicable consent rules.
Every marketing email contains a simple, immediate opt-out mechanism, and every opt-out is implemented within 24 hours.
We may use analytics and conversion-pixel tools (such as Google Analytics, LinkedIn Insight Tag) to measure campaign performance. Preferences can be set via the cookie consent banner on the site.
We do not sell personal information or business contact lists to third parties.

11. International Transfers

Where personal information is transferred outside your country of residence (including to cloud servers in the U.S. and the EU), we will rely on appropriate safeguards including European Commission Standard Contractual Clauses (SCCs), adequate security commitments, and any applicable adequacy decisions.

12. Retention and Deletion

Specific retention periods by data type:

Active Business Representative data – as long as the business account is active and up to 12 months after termination of the engagement.
Unconverted B2B marketing leads – 24 months from the most recent contact, or until removal from the marketing list.
Brand verification and phone-number ownership data – 24 months after end of engagement, for legitimacy substantiation and audit purposes.
Invoices and accounting records – 7 years, in line with Israeli Income Tax Ordinance and VAT Law requirements.
API logs and operational logs – 12 months.
Security logs – 24 months (in line with the Privacy Protection (Data Security) Regulations, 5777-2017).
Data transferred by the Business Client under the service (Processor data) – deleted or returned to the Business Client within 30 days of end of engagement, as detailed in the DPA.
Residual backups – an additional 90 days after deletion from production systems.

To delete your individual Business Representative account, contact [email protected]. Deletion requests for an entire Business Client account are handled within end-of-engagement arrangements and subject to the DPA.

13. Information Security

Encryption in transit (TLS 1.2+) and at rest for sensitive data.
Role-based access controls (RBAC, least privilege) and MFA for Ryng staff.
Environment separation (Dev/Staging/Prod), logical tenant separation, and API-key isolation.
Monitoring, logging, periodic vulnerability scans and penetration tests.
Security incident response procedures with on-call coverage.
In the event of a serious security incident affecting personal data, we will notify the Israeli Privacy Protection Authority within 72 hours of discovery, and inform data subjects who may be affected and Business Clients for whom we act as processor without undue delay, in line with Reg. 11(d)(1) of the Privacy Protection (Data Security) Regulations, 5777-2017.

No security measure guarantees 100% protection; we apply reasonable and professional measures to protect data.

14. Data Subject Rights

Under applicable law, you may be entitled to:

Access the personal data we hold about you.
Correct inaccurate or outdated information.
Erase data (the "right to be forgotten"), absent a legal duty to retain.
Restrict processing.
Object to certain processing, including direct marketing.
Data portability.
Withdraw consent.

You may exercise these rights by contacting: [email protected].

If you are an end user of a Business Client using Ryng (e.g., a verified identity was displayed to you on an incoming call), please contact the relevant Business Client first as the controller of your data. Ryng will assist the Business Client in meeting your request as set out in the DPA.

Right to complain: If you are not satisfied with the response to your request, you may file a complaint with the Israeli Privacy Protection Authority within the Ministry of Justice: https://www.gov.il/en/departments/the_privacy_protection_authority

15. Cookies and Similar Technologies

We may use cookies and similar technologies (local storage, pixels) for site operation, security, measurement, user-experience improvement, and B2B marketing. Preferences can be managed via your browser and/or the Ryng for Business cookie consent banner.

16. Changes to this Policy

We may update this policy from time to time. The last-updated date will appear at the top of the page. For material changes, we will provide reasonable notice to Business Clients (e.g., email to the primary account contact or notice in the admin panel), at least 30 days in advance where the change affects the DPA terms.

17. Contact and Complaints

For business / commercial questions: [email protected]
For privacy, data security and rights-related questions: [email protected]
Address: 10 Yehuda HaLevi St., Kiryat Shmona, Israel

If you are in a jurisdiction with a privacy regulator (such as the EEA), you may have the right to lodge a complaint with your local authority.

See also: Ryng for Business Terms of Use (including unified DPA).