Last updated: 11 May 2026
1. Who we are
PBXWarehouse is a trading name of Simple Communications Ltd ("we", "us", "our"). We provide business telecommunications services including virtual phone numbers, VoIP phone systems, and related features. We are the data controller for the personal data we collect through our website and services.
Registered address: Portland House, Belmont Business Park, Belmont, Durham, DH1 1TW
If you have questions about this policy, contact us at privacy@pbxwarehouse.com or write to us at the address above.
2. What data we collect
We collect the following types of personal data:
Account information
- Name, email address, company name
- Postal address (where provided)
- Phone number (where provided)
- Password (stored securely using industry-standard hashing)
Billing information
- Payment card details are processed by Stripe and never stored on our servers
- Billing history, invoice records, and transaction amounts
- Stripe customer ID for managing your subscription
Service data
- Phone numbers you purchase or port to our platform
- Call records (caller ID, destination, time, duration) for billing and service delivery
- Extension and feature configuration data
- Voicemail recordings and fax documents you send or receive
Technical data
- IP address and login timestamps
- Browser type and device information
- Session data for security purposes
Contact form data
- Any information you provide when contacting us via our website, email, or phone
3. How we use your data
| Purpose | Legal basis (GDPR) |
|---|
| Providing our telecommunications services | Contract performance |
| Processing payments and billing | Contract performance |
| Sending service notifications (outages, billing, security) | Contract performance / Legitimate interest |
| Account security (login monitoring, fraud prevention) | Legitimate interest |
| Responding to support requests | Contract performance |
| Maintaining call records for regulatory compliance | Legal obligation |
| Improving our services and fixing bugs | Legitimate interest |
We do not sell your personal data. We do not use your data for marketing purposes unless you have explicitly opted in.
4. Who we share data with
We share data only where necessary to deliver our services:
- Our upstream telephony provider — to provision and manage your phone system. They process call data as part of service delivery.
- Stripe (payment processor) — to process card payments securely. See Stripe's privacy policy.
- Email providers — to send transactional emails (account confirmations, billing notifications).
- Law enforcement or regulators — where we are legally required to do so.
We do not transfer your data outside the UK/EEA unless necessary for service delivery, and where we do, appropriate safeguards are in place.
5. How long we keep your data
- Account data: retained while your account is active, then deleted within 90 days of account closure
- Call records: retained for 12 months for billing and regulatory compliance
- Billing records: retained for 6 years to comply with HMRC requirements
- Contact form submissions: retained for 12 months
- Audit logs: retained for 12 months for security purposes
6. Your rights
Under the UK GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data (where we have no legal obligation to retain it)
- Restriction — ask us to limit how we use your data
- Portability — request your data in a machine-readable format
- Object — object to processing based on legitimate interests
To exercise any of these rights, email privacy@pbxwarehouse.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO).
7. Cookies
We use only essential cookies required for the operation of our website:
- Session cookie — maintains your login state. Expires when you close your browser.
- CSRF token — protects against cross-site request forgery. Expires with your session.
We do not use advertising cookies, analytics cookies, or third-party tracking cookies.
8. Security
We take the security of your data seriously. Measures include:
- All data transmitted over HTTPS/TLS encryption
- Passwords hashed using Argon2id (industry best practice)
- Two-factor authentication available for all accounts
- Database access restricted to application services only
- Regular security reviews and access auditing
- Payment data handled entirely by Stripe (PCI DSS Level 1 certified)
9. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by email or via a notice on our website. The "Last updated" date at the top of this page indicates when it was last revised.