Kashav Privacy Policy

Last Updated: Oct 25 2025
Effective Date: October 25 2025

1. Introduction

Kashav (“we,” “us,” or “our”) provides real-time, AI-powered scam and fraud detection solutions to telecommunication operators, VoIP/SIP/PBX system integrators, and enterprise partners (“Customers”).

Our platform uses Natural Language Processing (NLP) and machine learning to identify and flag potential scam or exploitation activity in voice, text, or data streams — helping our Customers protect their users from fraud while maintaining strict privacy and compliance standards.

We do not offer direct-to-consumer products, and we do not process or collect data independently of our Customers’ systems.
Kashav operates exclusively as a data processor / service provider, acting on behalf of and under the instructions of its Customers.

2. Scope of this Policy

This Privacy Policy describes how Kashav handles data on behalf of its enterprise Customers when providing its services.

For end-users of telecom or integration services, the respective Telco or integrator’s privacy policy governs their personal data. Kashav’s processing is limited to fulfilling contractual obligations with those entities.

3. Data We Process

A. Data Provided by Customers

We receive and process data solely for the purpose of providing our services, which may include:

• Call and message metadata: Timestamps, routing information, originating and destination identifiers, device or SIP IDs, and session identifiers.
  
  

• Content features (if enabled): Encrypted or transient audio/text features derived from calls, used exclusively for real-time pattern analysis (no raw audio storage).
  
  

• Configuration data: Integration settings, system logs, API tokens, and service usage metrics.
  
  

All such data remains the property of our Customer.

4. Purpose of Processing

Kashav processes data only to:

• Detect, classify, and prevent fraudulent or exploitative communication patterns;
  
  

• Provide analytics and alerts to Customers in real time;
  
  

• Improve detection accuracy through anonymized model training;
  
  

• Ensure system performance, reliability, and security.
  
  

We do not use data for marketing, profiling, or unrelated purposes.

5. Data Retention and Storage

• Real-time analysis: Occurs in memory and is not stored.
  
  

• Derived data: Limited, anonymized logs may be retained for system tuning and fraud model improvement, never linked to identifiable individuals.
  
  

• Retention period: Typically 30–90 days, depending on contractual terms with each Customer.
  
  

• Data deletion: Upon contract termination or Customer request, all stored data is securely deleted.
  
  

6. Data Sharing and Transfers

Kashav does not sell, rent, or trade any personal data.
We may share data only with:

• Authorized sub-processors (e.g., secure cloud hosting or analytics providers) under strict confidentiality and data protection agreements.
  
  

• Regulatory authorities, only if legally required, and after notifying the Customer when possible.
  
  

All data is processed within compliant jurisdictions (e.g., EU, Israel, U.S.) with adequate safeguards and Standard Contractual Clauses (SCCs) where required.

7. Security Measures

We apply industry-standard security controls including:

• End-to-end encryption in transit and at rest;
  
  

• Role-based access control and auditing;
  
  

• Continuous monitoring for anomalies or unauthorized access;
  
  

• Regular penetration testing and compliance reviews.
  
  

Our architecture is designed for zero-retention of raw communication content.

8. Customer and User Rights

As a data processor, Kashav supports its Customers in meeting privacy obligations.
Requests for access, correction, or deletion of personal data must be directed to the data controller (e.g., Telco or integrator).

Upon verified Customer instruction, we promptly execute such requests in accordance with applicable privacy laws (GDPR, CCPA, Israeli Protection of Privacy Law).

9. International Compliance

Kashav complies with:

• EU General Data Protection Regulation (GDPR);
  
  

• California Consumer Privacy Act (CCPA);
  
  

• Israel Protection of Privacy Regulations (Data Security), 2017;
  
  

• Other applicable regional privacy frameworks.
  
  

We maintain appropriate records of processing activities and ensure that all data transfers outside the originating jurisdiction are lawfully protected.

10. Contact Us

For privacy-related inquiries, data processing agreements, or security questions, please contact:

Kashav part of Itay Sagie Strategic Advisory LTD.
Attn: Data Protection Officer
📧 privacy@kashav.com
🌐 https://kashav.com