Privacy Policy

Last updated: April 1, 2026

1. Introduction

Welcome to NewTracker (tracker.new-tone.io), a call tracking and marketing attribution platform operated by New-Tone Ltd., a company registered in Israel.

This Privacy Policy explains how we collect, use, store, and share personal data when you use the NewTracker platform, including our dashboard, APIs, Dynamic Number Insertion (DNI) snippet, CRM module, and related services. It applies to our customers (account holders), their end users (website visitors and callers), and anyone who visits our website.

By accessing or using NewTracker, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our services.

2. Information We Collect

2.1 Website Visitor Data

When a visitor browses a website that uses our DNI JavaScript snippet, we may collect:

  • IP address (anonymized where required by law)
  • UTM parameters (source, medium, campaign, term, content)
  • HTTP referrer URL
  • Page URLs visited
  • Browser type and device information
  • Session identifiers stored in cookies and local storage

2.2 Call Data

When a phone call is routed through NewTracker, we collect:

  • Caller phone number and called phone number
  • Call date, time, and duration
  • Call recordings (only when call recording is enabled by the account holder and where legally permitted, with appropriate consent)
  • Call status and disposition
  • Attribution data linking the call to a marketing source

2.3 CRM Data

If the account holder uses our CRM module, additional data may be stored:

  • Lead contact details (name, email, phone number)
  • Lead status and pipeline stage
  • Notes and interaction history
  • Assignment and ownership data

2.4 Account Data

When you create a NewTracker account, we collect:

  • Full name and email address
  • Company name
  • Password (stored in hashed form)
  • Billing information

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To route phone calls, display dynamic tracking numbers, record calls, and attribute calls to marketing campaigns.
  • Analytics and reporting: To provide account holders with dashboards, reports, and insights about call volume, campaign performance, and lead activity.
  • CRM functionality: To manage leads, track pipeline stages, and facilitate team collaboration.
  • Integration and automation: To send data to third-party platforms via webhooks, APIs, and integrations (e.g., Google Ads conversions, Make.com, Zapier).
  • Platform improvement: To monitor performance, fix bugs, and develop new features.
  • Security: To detect and prevent fraud, abuse, and unauthorized access.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Data Sharing & Third Parties

We do not sell personal data. We share data only in the following circumstances:

4.1 Service Providers

  • Twilio: Provides telephony infrastructure for call routing, number provisioning, and call recording. Twilio processes caller phone numbers, call metadata, and audio recordings. See Twilio's Privacy Policy.
  • Supabase: Provides hosted PostgreSQL database infrastructure for data storage. See Supabase's Privacy Policy.
  • Google: When Google Ads integration is enabled, we send conversion data (call events) to Google for campaign optimization. See Google's Privacy Policy.

4.2 Customer-Configured Integrations

Account holders may configure webhooks and integrations with third-party platforms such as Make.com, Zapier, or custom endpoints. When configured, call data and lead data are transmitted to those endpoints as directed by the account holder. New-Tone Ltd. is not responsible for how third parties handle data received through customer-configured integrations.

4.3 Legal Requirements

We may disclose personal data if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Cookies & Tracking Technologies

Our DNI JavaScript snippet and platform use the following technologies:

Technology Purpose Duration
First-party cookies Session identification and visitor tracking for call attribution Up to 30 days
Local storage Storing session data, UTM parameters, and referrer information Session / persistent
URL parameters Capturing UTM and campaign query parameters for attribution Page load only

We do not use third-party advertising cookies. The tracking technologies we deploy are strictly functional, used to attribute phone calls to the correct marketing source. You can control cookies through your browser settings; however, disabling cookies may prevent accurate call attribution.

6. Data Retention

We retain personal data for as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Call records and attribution data: Retained for the duration of the account holder's subscription, plus up to 90 days after account closure.
  • Call recordings: Retained according to the account holder's configured retention settings. Account holders can delete recordings at any time.
  • Visitor session data: Retained for up to 12 months.
  • Account data: Retained for the duration of the account, plus up to 12 months after closure for legal and billing purposes.
  • CRM data: Retained for the duration of the account holder's subscription. Exported or deleted upon request at account closure.

Account holders may request earlier deletion of their data by contacting us at privacy@new-tone.io.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Multi-tenant data isolation: each customer's data is logically separated at the database level, enforced through application-level scoping and PostgreSQL Row-Level Security (RLS)
  • Role-based access controls and authentication via secure JWT tokens
  • Regular security assessments and dependency updates
  • Secure infrastructure hosted on reputable cloud providers

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

New-Tone Ltd. is based in Israel. Israel has been recognized by the European Commission as providing an adequate level of data protection. Our service providers (including Twilio, Supabase, and Google) may process data in various jurisdictions, including the United States and the European Economic Area.

Where data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions, to protect your personal data in compliance with applicable data protection laws.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 Rights Under the GDPR (EEA/UK Residents)

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

9.2 Rights Under the CCPA (California Residents)

  • Right to know: Request information about what personal data we collect, use, and disclose.
  • Right to delete: Request deletion of your personal data.
  • Right to opt out: We do not sell personal information. There is no need to opt out of a sale.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

To exercise any of these rights, please contact us at privacy@new-tone.io. We will respond within the timeframes required by applicable law (generally within 30 days). Note that if you are an end user (caller or website visitor), your data may be controlled by our customer (the account holder), and we may direct your request to them.

10. Children's Privacy

NewTracker is a business-to-business service and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@new-tone.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify account holders via email or an in-app notification. We encourage you to review this page periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

New-Tone Ltd.

Israel

Email: privacy@new-tone.io

Platform: tracker.new-tone.io