This privacy statement discloses security and privacy information related to the processing of data by Grandstream UCM6300 series IP PBX.
The Grandstream UCM6300 Series IPPBX is based on Asterisk 16 and provides powerful features, a user-friendly interface for remote management, and a scalable all-in-one communication solution for enterprises of all sizes. Offering up to 3000 extensions, PBX features such as audio/video calling and conferencing, video surveillance support, PBX data management and statistics, and remote device access and management via UCM RemoteConnect, it is the perfect solution to improve communication efficiency and productivity.
This document is a supplement to the Grandstream Privacy Statement and will help clarify the followings:
- Data Collection
- Data Protection
- Data Usage
- 3rd party Platforms
- Laws and Regulations
- Updates to Privacy Statement
“Citizen’s Personal Information” refers to information recorded electronically or otherwise that can identify a specific individual or reflect activity of a specific individual, either alone or in combination with other information such as name, identification number, contact information, address, account passwords, property status, location, etc.
No such sensitive information is required to access and use the UCM6300 series IP PBX devices. By providing required information for registering and subscribing to email notifications voluntarily, you understand and consent to the use of your personal information by the UCM for the aforementioned purposes.
Generally, the UCM will not actively collect your personal information unless the relevant features are configured or enabled. This information will be stored only on the UCM device or attached storage devices and is not uploaded to any external entities. Only when under exceptional cases such as if the device needs to be troubleshooted, we may request for your permission to analyze network captures, system logs, and other information and, if necessary, personal information for the purpose of providing required services, subject to the principles “legal justification, necessary minimal information, definite purpose”.
Personal information will be collected in the following UCM usage case scenarios:
- Extensions: Email, external number, name, department, department management, etc.
- IM: Chat messages and records, account status, account information, etc.
- Calls/Meetings: Call history, meeting history, service report and statistics, audio/video records, etc.
- Operations: Operation logs, operation records, alert messages, etc.
- UCM Security Settings: Account registration, device email, remote login alert and recognition, etc.
The UCM6300 series supports a variety of security features and alerts. Physical, electronic and managerial procedures are used to protect data security. Grandstream Networks, Inc. follows industry practices and takes all industry-standard security measures to reasonably protect user information, avoid unauthorized access, disclosure, tampering or destruction.
- System Security: UCM6300 series uses a customized embedded ARM-based operating system and introduces the Security Boot mechanism to ensure system security.
- Network Security: UCM6300 series supports firewall functionality, static defense, dynamic defense, and Fail2ban, effectively nullifying malicious network attacks. UCM6300 series also supports multi-factor authentication, which binds software and OTP devices based on TOTP algorithm published by Google and ensures user login security.
- Data Security: UCM6300 series supports regular data backups to external storage and SFTP servers and IM file encryption. Backup data is encrypted and stored via the AES algorithm to prevent unauthorized access and guarantee data security.
- Management Security: Through HTTPS access, UCM6300 series supports assigning different management features and permissions to different users, fine-tuning the data that users can access. User operations are logged for tracking purpose.
- Call Security: UCM6300 series supports TLS connections with SIP endpoints, WSS connections with WebRTC endpoints, and encrypted data transmissions via DTLS and SRTP.
- Information Storage Location: With the exception of specific data that can be saved in selected storage locations, all private data is stored locally on the UCM device by default to prevent privacy data leakage. Grandstream Networks, Inc. takes data privacy very seriously and strives to protect personal information.
- Account Security: As the Internet is not an absolutely secure environment, UCM6300 series requires the use of passwords of a certain complexity to help with account security and protection.
- Meeting Security: To prevent unauthorized access to meetings, users can configure meeting passwords and lock meetings. Meeting data is encrypted and protected by multiple security measures.
Any personal information provided will be used for the following purposes:
- Meeting requirements for certain products and services.
- Contact people using their given contact information to verify accounts and for operational purposes such as account management, customer service, and system maintenance.
For the aforementioned purposes, the UCM6300 series may retain and use personal information as permitted or required by applicable laws. We will never rent, sell, or share personal information with others or non-affiliated companies for direct marketing purposes. We will never provide any personal information to any third-party advertising networks. Below are two scenarios such information will be used by UCM6300 series.
- Necessary Business Support
After enabling necessary business features, some information may be disclosed to meet requirements for certain services.
For example, if remote login alerts are enabled, the system will identify the device’s login location and generate alert notifications based on trusted login locations. To receive these notifications, the UCM6300 series would require the configuration of a system administrator email address and password.
- Extension Users
If configured, information may be shared to others when a UCM6300 series extension is used to make calls.
For example, your name, extension number, and email address are viewable by callees or other meeting participants. Users with sufficient phone book privileges may contact you through the Contacts list. System administrators can view this information and data on the UCM6300 device.
We will not publicly disclose personal information that is not voluntarily disclosed or otherwise lawfully disclosed, unless such disclosure is made in compliance with laws and regulations or with your sole authorization or consent. Before any such public disclosure, Grandstream Networks, Inc. will fully evaluate and use industry-standard security measures.
3rd Party Platforms
- 3rd Party Website
Although links to 3rd party websites may be contained in the UCM6300 series devices for your convenience, Grandstream Networks, Inc. shall not be responsible for any content of any such websites. Parties may need to review and agree to applicable rules of use when using such websites. Additionally, any links to 3rd party websites does not imply that Grandstream Networks, Inc. endorses the site, or the products and services referenced therein.
Grandstream Networks, Inc. does not own, control, or operate linked 3rd party websites, and we are not responsible for the privacy policies or practices of these websites. The privacy policies of these websites may differ from this Privacy Statement. It is recommended to read the privacy policies of these websites before disclosing personal information on them, as these privacy policies will apply to information collected by such 3rd party websites.
- 3rd Party Services
Grandstream Networks, Inc. will use 3rd party services. Data provided to 3rd party services does not include personal information, and TLS 1.2 encryption protocol is used in data communication to ensure data security and integrity.
Most web browsers provide the feature of cleared cached user data. This operation can be performed via the browser settings. If cache is cleared, cookie-dependent services and features provided by Grandstream Networks, Inc. may not be accessible.
Law and Regulations
Your trust is very important to us. We fully understand the importance of user information security and take security measures to protect your personal information in accordance with laws and regulations.
Grandstream Networks, Inc. strictly follows the laws and regulations to protect users’ communication security. Please understand that in accordance with laws, regulations, and relevant national standards, we do not need your consent to collect and use your personal information under the following circumstances:
- Related to national security and national defense security.
- Related to public security, public health, or major public benefits.
- Related to criminal investigation, prosecution, trial, and execution of judgments.
- Related to the protection of your life or others’ lives, property and important legal rights and interests, but for which it is difficult to obtain the consent of the owner.
- Where collected personal information is publicly disclosed by yourself.
- Where personal information is collected from lawfully and publicly disclosed information such as legal news reports, government information disclosures and other channels.
- Necessary to provide products and services according to requirements.
- Necessary for the maintenance of security and stable operation of provided products and services, such as the troubleshooting and disposal of said products and services.
- Other circumstances restricted by laws and regulations.
Updates to Privacy Statement
Grandstream reserves the right to occasionally update and/or change the terms of this Privacy Statement. If we make any change in how we use your information, we will post the statement changes on this site for your reference.
We encourage periodic review of our Privacy Statement so that you are always aware of the type of information collected, how it will be used and under what circumstances, if any, we disclose such information. Continuing to use our products after any changes will imply consent to these changes.