March 2024
1
RingCentral RingSense Service
Privacy Data Sheet
At RingCentral, we take the protection of personal data seriously and have
created this document to describe how RingCentral processes personal
data when providing RingSense for Sales and RingSense for RingCX
(collectively, the “Service” or “RingSense”). The purpose of this document
is to help our customers and partners understand how the Service
complies with privacy requirements and to provide background
information that may be helpful to perform privacy reviews or privacy
impact assessments of our Service.
Service Description
RingSense can be added to the RingCentral services, including RingEX and RingCX. The Service leverages
generative artificial intelligence (AI) to deliver AI-driven enhancements on recorded calls between
RingSense users and external participants. RingSense can integrate with recording sources of the
customer’s choice, including RingEX or RingCX.
Some products may have features powered by RingSense AI. Please see the specific product privacy data
sheets for information relating to the AI involved in those products.
Data Subjects
The Service is optional and configurable. Customer system administrators activate RingSense and can
add or remove RingSense users, which includes RingCentral customers’ agents and managers
(“RingSense Users”), to and from the Service. The other data subject category is the RingSense guest,
(“RingSense Guest”) which includes the external participants such as the end prospect or customer
speaking with a RingSense User.
Data Collection
The Service collects and analyzes customer-recorded meetings between our customers and their
external guests directly from the recording sources chosen by the customer. For example, if the
customer chooses to integrate RingSense with RingEX, then RingSense will create a copy of the
recordings directly from RingEX the Service then converts the meeting from voice or video to text, and
performs an analysis on the recording and the resulting text transcript to generate the RingSense
insights.
The Service processes only the recordings of RingSense Users enrolled in the Service. The customer
admin can choose certain settings to determine which calls of RingSense Users are processed. For
example, customer admins can disable processing of recordings with a certain domain. Moreover,
RingSense Users may pause or stop a recording upon request of any participant and that meeting will
not be processed by RingSense.
March 2024
2
Categories of Personal Data Processed by the Service and Purpose of Processing
Categories of personal data processed include Service account data, Service usage data, and customer-
generated content. The details of these data categories, including the AI inputs and outputs, for each
category of data subject and the purposes of processing are provided in Annex 1.
Special Categories of Data Processed by the Service
The Service is not designed to process or use biometric data or voiceprints. The Service uses a
RingCentral User’s ID, where available, to associate the content of the communication and does not rely
on voiceprint or other biometric identifiers to identify the participants.
The Service is not designed to recognize and/or classify data as:
special categories of data or sensitive data (as defined in the GDPR or in other applicable
data protection laws)
personal data concerning children or minors
data related to criminal convictions and offenses
Insofar as customers process special categories of personal data, customers undertake to process these
categories of personal data lawfully, and in particular to rely on a valid legal basis in accordance with
applicable data protection laws.
Use of Artificial Intelligence
RingSense uses its own proprietary AI models in combination with third-party AI services to provide the
Service. Please see our subprocessor list for more information about third-party AI services and our AI
whitepaper for more information regarding RingCentral’s approach to trustworthy AI.
AI model training
We did not use RingCentral customer data to develop the AI model. Customers may fine-tune the
output of the AI model for their account by providing direct feedback to the AI model.
RingSense provides conversational intelligence which, once applied to the data in the table above,
generates the outputs described in the table above. For example, RingSense processes the meeting
recording and resulting transcript to (1) create metrics including rate of filler words used, ratio of talk vs.
listen, etc. to allow RingSense Users to identify coaching opportunities (2) suggest follow-up activities or
automate tasks, and (3) categorize questions and answers. For more information on the logic used to
generate each particular output, please refer to the “tooltips” () in the RingSense dashboard.
Data Sharing and Third-Party Integrations
The customer may elect to implement a third-party integration in which case the customer
administrators can configure what data is pushed to and pulled from the third-party integration.
Access
Restricted Administrative Access by RingCentral
March 2024
3
Access to personal data is restricted to provide the Service (i.e., for customer support troubleshooting
and remediation, Service monitoring, product improvement, network management, network
monitoring, and to provide customer analytics). Strong access control mechanisms are employed which
limit access to personal data to only those trained and authorized RingCentral and subprocessors’
personnel who have a business need to access said data to enable RingCentral Services. Such controls
include multi-factor authentication (MFA), which is implemented for administrative access to the
production environment, and Identity Access Management (IAM), which tightly controls access to
RingCentral production environments.
Access by Customer Administrators and End Users
Customers can access data regarding the Service, including personal data, directly through the dedicated
portal to administer user accounts and retrieve, update, or delete end users’ personal data. RingSense
Users may access certain personal data on the Service from the ServiceWeb portal.
How RingCentral Service Data Processing Fits with Data Protection Laws
Data Subject Rights
The Service provides technical means to enable customer administrators to take appropriate actions in
response to requests from data subjects exercising their privacy rights. In addition, if end users submit a
request through the RingCentral Data Subject Request Center, we will direct them to contact the
customer to exercise their rights.
Subprocessors
RingCentral uses other RingCentral affiliates and third-party service providers to assist in delivering the
Service. RingCentral contracts only with third-party service providers that provide equivalent levels of
data protection and security as provided by RingCentral.
A current list of subprocessors for RingCentral can be found here.
Data Minimization
When RingSense transcribes a call recording from speech to text, RingSense redacts the following
personal data attributes from the transcript: credit card number, email address, bank account number
(IBAN code), phone number, location (cities, provinces, countries, international regions, bodies of water,
mountain). For the US, RingSense also redacts the following attributes from the transcript: bank account
number, driver’s license, taxpayer ID number, passport number, social security number.
Data Retention
Unless deleted by the Customer in the platform, personal data will be retained for up to 12 months
during the term of the Service, or as otherwise required by law or agreed with the customers. Upon
termination an account will be disabled on the last day of the billing cycle. Once the account is disabled,
the account will be deleted within 30 days, unless otherwise agreed with the customers.
Transparency
March 2024
4
RingCentral processes personal data both as a controller and as a processor for the purpose of the
Service.
The processing activities performed by RingCentral acting as a data controller are subject to the
RingCentral Privacy Notice. Additional information related to RingCentral acting as a data controller is
provided in our RingCentral as a Data Controller Whitepaper.
The processing activities performed by RingCentral acting as processor on behalf of our customers are
governed by the RingCentral Data Processing Addendum (DPA) incorporated into the RingCentral
Master Service Agreement (MSA).
Location of Data Storage
Customer account
location*
Service account data
Usage data
Customer-generated
content
United States
United States
United States
United States
United Kingdom
United States and United
Kingdom
United States and United
Kingdom
United Kingdom
* The customer account location is determined by the customer’s contracting entity.
Cross-Border Transfers
RingCentral may transfer and process customer personal data outside the European Economic Area
(EEA), Switzerland, or the United Kingdom, to locations where RingCentral, its affiliates or its
subprocessors maintain data processing operations. To the extent that RingCentral processes (or causes
to be processed) any personal data originating from the EEA, Switzerland, or the United Kingdom in a
country that has not been recognized by competent authorities as providing an adequate level of
protection for personal data, RingCentral relies on the European Commission’s Standard Contractual
Clauses, its additional safeguards, and the additional Swiss and UK-specific clauses, to transfer such
personal data. Please see the RingCentral Personal Data Transfer FAQ for more information.
With respect to transfers out of the EEA, United Kingdom, and Switzerland to the United States,
RingCentral has self-certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data
Privacy Framework Principles (EU-U.S. DPF Principles), the UK Extension to the EU-U.S. DPF (UK
Extension), and the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles),
respectively. Please see our Notice of Certification for more information.
Automated Decision-Making
The Service is designed to include human review of outputs for accuracy, and customers should not use
outcomes or metrics generated by the service to make decisions, for instance, concerning employment,
creditworthiness or insurability. Please see RingCentral’s Terms of Service and Acceptable Use Policy for
more information about customers’ obligations to comply with applicable law in connection with using
the services.
March 2024
5
Security Measures
RingCentral is committed to security and has implemented technical, organizational and contractual
safeguards to protect customers’ data. Please see our Security Addendum and our Trust Center for
information on the commitments we make to our customers about security.
About This Datasheet
The information provided in this Datasheet does not constitute legal or professional advice, warranty of
fitness for a particular purpose or compliance with applicable laws. RingCentral reserves the right to
update this Data Sheet from time-to-time.