Privacy Policy

Last updated: April 1, 2025

Introduction

Telonium Communications, LLC ("Telonium", "we", "us", or "our") operates as a registered STIR/SHAKEN Certificate Authority and provides services to telephone service providers, voice carriers, and related telecommunications entities. This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use our website (the "Site") and our certificate management platform and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Information You Provide Directly

When you register for an account or use our Services, we collect:

Identity information: Full name, job title, email address, phone number, and business address of account holders and authorized contacts.
Organization information: Legal entity name, physical business address, FCC Registration Number (FRN), Operating Company Numbers (OCNs), and other telecommunications regulatory identifiers.
Certificate data: Service Provider Code (SPC) tokens, public key material, certificate signing requests (CSRs), and associated metadata required to issue and manage STIR/SHAKEN certificates.
Payment information: Billing address and payment card details, processed through our third-party payment processor. We do not store raw card numbers.
Communications: Messages you send to our support team or through in-platform correspondence.

Telecommunications Regulatory Data

As a Certificate Authority operating within the STIR/SHAKEN ecosystem, we collect and process data that is inherent to our regulatory function:

OCN data: Operating Company Numbers assigned to your organization by NECA (National Exchange Carrier Association), along with associated telephone number blocks and carrier identifications.
SPC tokens: Service Provider Code tokens issued by iConectiv (the STIR/SHAKEN Policy Administrator), which authorize your organization to receive STIR/SHAKEN certificates. We verify and store these tokens as part of certificate issuance.
STIR/SHAKEN certificate records: All certificates we issue, renew, revoke, or manage on your behalf, including their validity periods, status, and associated cryptographic identifiers. Certificate serial numbers and public keys are published to our Certificate Repository and CRL (Certificate Revocation List) as required by our Certificate Policy.
10DLC campaign data (if applicable): If you register 10-Digit Long Code (10DLC) campaigns through our platform or affiliated services, we may collect campaign details, brand registration information, use case classifications, and message content samples as required by The Campaign Registry (TCR) and participating mobile network operators.
Audit and compliance records: A complete audit trail of all certificate-related actions — requests, approvals, rejections, renewals, and revocations — timestamped and attributed to specific users, retained for regulatory compliance purposes.

Automatically Collected Information

When you access our Site or Services, we automatically collect:

Log data: IP address, browser type and version, pages visited, referring URL, date and time of access, and other standard web server log information.
Usage data: Features used, actions taken within the platform, and interaction patterns used to improve our Services.
Device information: Operating system, browser, and general device type.
Cookies and similar technologies: Session cookies to maintain your authenticated session, and preference cookies. See our Cookie Policy for details.

How We Use Your Information

We use collected information to:

Provide and operate the Services: Issue, renew, revoke, and manage STIR/SHAKEN certificates; process SPC token requests; maintain your certificate repository.
Verify identity and authorization: Confirm that your organization is authorized to receive STIR/SHAKEN certificates, as required by our Certificate Policy and by FCC regulations.
Comply with legal and regulatory obligations: Maintain records required by our Certificate Policy, the STIR/SHAKEN governance framework (ATIS/SIP Forum), FCC rules, and applicable law. This includes publishing certificate status to our Certificate Revocation List (CRL) and OCSP responder.
Process payments: Charge subscription fees for OCN-based plans and issue invoices.
Send transactional communications: Account setup emails, certificate expiration notices, renewal reminders, and security alerts.
Provide customer support: Respond to inquiries and resolve issues.
Improve the Services: Analyze usage patterns to improve platform functionality, reliability, and user experience.
Detect and prevent fraud and abuse: Monitor for unauthorized access, suspicious activity, or misuse of certificates.

How We Share Your Information

STIR/SHAKEN Ecosystem Participants

As a Certificate Authority, certain information is shared as required by the STIR/SHAKEN governance framework:

Certificate Repository: Issued certificates and revocation status (CRL/OCSP) are published publicly as required by our Certificate Policy, allowing relying parties to verify certificate validity.
Policy Administrator (iConectiv): We interact with the STIR/SHAKEN Policy Administrator to verify SPC tokens and report certificate issuance as required.
FCC and Government Authorities: We may disclose information to the FCC or other government authorities as required by law, court order, or regulatory mandate.

Service Providers

We share information with third-party service providers who assist us in operating the Services, including:

Cloud infrastructure and database providers (for hosting and data storage)
Payment processors (for billing and subscription management)
Email delivery providers (for transactional and operational emails)
Analytics providers (for platform usage analytics)

These providers are contractually bound to use your information only to provide services to us and in accordance with applicable privacy laws.

Business Transfers

If Telonium is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information when we believe in good faith that disclosure is necessary to comply with applicable law, respond to legal process, protect our rights, protect the safety of our users or the public, or investigate fraud or security issues.

Data Retention

We retain your information for as long as your account is active or as needed to provide Services. Certificate-related records — including issued certificates, audit logs, and revocation history — are retained for a minimum of seven (7) years as required by our Certificate Policy and applicable telecommunications regulations. Payment records are retained as required by applicable tax and financial regulations.

When you close your account, we will deactivate it and remove or anonymize personal information not subject to mandatory retention requirements within a reasonable time. Certificate records required to be retained for regulatory purposes will be maintained in accordance with our Certificate Policy even after account closure.

Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. This includes:

Encryption of data in transit (TLS) and at rest
Access controls and role-based permissions
Audit logging of all administrative and certificate-related actions
Regular security assessments
Strict controls on private key material associated with our CA operations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Your Rights and Choices

Depending on your location, you may have rights under applicable data protection laws, including:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information, subject to our legal retention obligations (including those arising from certificate issuance and audit requirements).
Portability: Request a machine-readable copy of your personal information.
Objection: Object to processing of your personal information in certain circumstances.

To exercise these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law. Note that some information cannot be deleted where retention is required by law or by our Certificate Policy obligations as a STIR/SHAKEN CA.

Children's Privacy

Our Services are intended for businesses and professional users only. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.

Third-Party Links

Our Site may contain links to third-party websites, including iConectiv, ATIS, and other industry resources. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page and, where the changes are material, provide additional notice (such as an email notification to account holders). Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Telonium Communications, LLC
[email protected]
[email protected]

Last updated: April 1, 2025

Introduction

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Information You Provide Directly

When you register for an account or use our Services, we collect:

Identity information: Full name, job title, email address, phone number, and business address of account holders and authorized contacts.
Organization information: Legal entity name, physical business address, FCC Registration Number (FRN), Operating Company Numbers (OCNs), and other telecommunications regulatory identifiers.
Certificate data: Service Provider Code (SPC) tokens, public key material, certificate signing requests (CSRs), and associated metadata required to issue and manage STIR/SHAKEN certificates.
Payment information: Billing address and payment card details, processed through our third-party payment processor. We do not store raw card numbers.
Communications: Messages you send to our support team or through in-platform correspondence.

Telecommunications Regulatory Data

As a Certificate Authority operating within the STIR/SHAKEN ecosystem, we collect and process data that is inherent to our regulatory function:

OCN data: Operating Company Numbers assigned to your organization by NECA (National Exchange Carrier Association), along with associated telephone number blocks and carrier identifications.
SPC tokens: Service Provider Code tokens issued by iConectiv (the STIR/SHAKEN Policy Administrator), which authorize your organization to receive STIR/SHAKEN certificates. We verify and store these tokens as part of certificate issuance.
STIR/SHAKEN certificate records: All certificates we issue, renew, revoke, or manage on your behalf, including their validity periods, status, and associated cryptographic identifiers. Certificate serial numbers and public keys are published to our Certificate Repository and CRL (Certificate Revocation List) as required by our Certificate Policy.
10DLC campaign data (if applicable): If you register 10-Digit Long Code (10DLC) campaigns through our platform or affiliated services, we may collect campaign details, brand registration information, use case classifications, and message content samples as required by The Campaign Registry (TCR) and participating mobile network operators.
Audit and compliance records: A complete audit trail of all certificate-related actions — requests, approvals, rejections, renewals, and revocations — timestamped and attributed to specific users, retained for regulatory compliance purposes.

Automatically Collected Information

When you access our Site or Services, we automatically collect:

Log data: IP address, browser type and version, pages visited, referring URL, date and time of access, and other standard web server log information.
Usage data: Features used, actions taken within the platform, and interaction patterns used to improve our Services.
Device information: Operating system, browser, and general device type.
Cookies and similar technologies: Session cookies to maintain your authenticated session, and preference cookies. See our Cookie Policy for details.

How We Use Your Information

We use collected information to:

Provide and operate the Services: Issue, renew, revoke, and manage STIR/SHAKEN certificates; process SPC token requests; maintain your certificate repository.
Verify identity and authorization: Confirm that your organization is authorized to receive STIR/SHAKEN certificates, as required by our Certificate Policy and by FCC regulations.
Comply with legal and regulatory obligations: Maintain records required by our Certificate Policy, the STIR/SHAKEN governance framework (ATIS/SIP Forum), FCC rules, and applicable law. This includes publishing certificate status to our Certificate Revocation List (CRL) and OCSP responder.
Process payments: Charge subscription fees for OCN-based plans and issue invoices.
Send transactional communications: Account setup emails, certificate expiration notices, renewal reminders, and security alerts.
Provide customer support: Respond to inquiries and resolve issues.
Improve the Services: Analyze usage patterns to improve platform functionality, reliability, and user experience.
Detect and prevent fraud and abuse: Monitor for unauthorized access, suspicious activity, or misuse of certificates.

How We Share Your Information

STIR/SHAKEN Ecosystem Participants

As a Certificate Authority, certain information is shared as required by the STIR/SHAKEN governance framework:

Certificate Repository: Issued certificates and revocation status (CRL/OCSP) are published publicly as required by our Certificate Policy, allowing relying parties to verify certificate validity.
Policy Administrator (iConectiv): We interact with the STIR/SHAKEN Policy Administrator to verify SPC tokens and report certificate issuance as required.
FCC and Government Authorities: We may disclose information to the FCC or other government authorities as required by law, court order, or regulatory mandate.

Service Providers

We share information with third-party service providers who assist us in operating the Services, including:

Cloud infrastructure and database providers (for hosting and data storage)
Payment processors (for billing and subscription management)
Email delivery providers (for transactional and operational emails)
Analytics providers (for platform usage analytics)

These providers are contractually bound to use your information only to provide services to us and in accordance with applicable privacy laws.

Business Transfers

Legal Requirements

Data Retention

Data Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. This includes:

Encryption of data in transit (TLS) and at rest
Access controls and role-based permissions
Audit logging of all administrative and certificate-related actions
Regular security assessments
Strict controls on private key material associated with our CA operations

Your Rights and Choices

Depending on your location, you may have rights under applicable data protection laws, including:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information, subject to our legal retention obligations (including those arising from certificate issuance and audit requirements).
Portability: Request a machine-readable copy of your personal information.
Objection: Object to processing of your personal information in certain circumstances.

Children's Privacy

Third-Party Links

Changes to This Policy

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Telonium Communications, LLC
[email protected]
[email protected]

Telonium STIR/SHAKEN Certificate Authority

Introduction

Information We Collect

Information You Provide Directly

Telecommunications Regulatory Data

Automatically Collected Information

How We Use Your Information

How We Share Your Information

STIR/SHAKEN Ecosystem Participants

Service Providers

Business Transfers

Legal Requirements

Data Retention

Data Security

Your Rights and Choices

Children's Privacy

Third-Party Links

Changes to This Policy

Contact Us

Privacy Policy

Telonium STIR/SHAKEN Certificate Authority

Introduction

Information We Collect

Information You Provide Directly

Telecommunications Regulatory Data

Automatically Collected Information

How We Use Your Information

How We Share Your Information

STIR/SHAKEN Ecosystem Participants

Service Providers

Business Transfers

Legal Requirements

Data Retention

Data Security

Your Rights and Choices

Children's Privacy

Third-Party Links

Changes to This Policy

Contact Us