Telebase
  • Signals
  • How It Works
  • Who It's For
  • Request access
Legal

Privacy Policy

Last updated: 10 July 2026
On this page
  • 1. Who We Are
  • 2. Data We Collect
  • 3. Phone Numbers We Process
  • 4. Phone Number Handling
  • 5. Third-Party Processors
  • 6. International Transfers
  • 7. Cookies and Analytics
  • 8. Data Retention
  • 9. Your Rights

1. Who We Are

This website and the Telebase API are operated by Telebase d.o.o., a limited liability company registered in Belgrade, Republic of Serbia. Telebase d.o.o. is the controller for the processing described in this policy. You can reach us at [email protected].

2. Data We Collect

  • Account Data: Email and billing information, processed securely via Paddle.
  • Query Metadata: We log the timestamp and API key used for each request for billing and rate-limiting purposes.
  • Website Analytics: Usage data about visits to this website, collected via Google Analytics as described in Section 7.

3. Phone Numbers We Process for Our Customers

Telebase is used by businesses to check telecom signals on phone numbers, for example during customer onboarding or before a sensitive transaction. Two groups of people are therefore covered by this policy: our customers (account holders) and the individuals whose phone numbers our customers submit to the API.

When a customer submits a number, we pass it to our upstream telecom providers and return signals such as carrier, country, number type, line status and SIM swap indicators. Our legal basis for this processing is legitimate interest in preventing fraud under Article 6(1)(f) of the GDPR; Recital 47 expressly recognises fraud prevention as a legitimate interest. Our customers are independently responsible for their own lawful basis when they submit numbers, as set out in our Terms of Service.

4. How We Handle Phone Numbers

To protect user privacy, Telebase does not store raw phone numbers in our permanent query logs.

  • Hashing: We convert phone numbers into a SHA256 hash immediately after processing.
  • Transit: Raw numbers are only held in temporary memory long enough to fulfil the request to our upstream providers.
Raw phone numbers are never written to permanent storage. Only the SHA256 hash is retained, and only for up to 90 days for billing and troubleshooting purposes.

5. Third-Party Data Processors

We share the minimum necessary data (the phone number) with our upstream telecom providers to retrieve the intelligence you requested. These providers have their own privacy policies regarding data handling.

Our current upstream providers include Vonage and Twilio. Billing and payments are processed by Paddle, who acts as Merchant of Record. This website is hosted on Cloudflare Pages, and website usage analytics are provided by Google Analytics (see Section 7).

6. International Transfers

Telebase is established in the Republic of Serbia, which is not covered by an EU adequacy decision. Where we process personal data of individuals in the EU, UK or EEA, transfers to Telebase are protected by Standard Contractual Clauses or equivalent safeguards in our agreements with customers and providers. Our upstream providers and processors may process data in the EU and the United States under their own compliance frameworks, details of which are available in their respective privacy policies.

7. Cookies and Analytics

This website uses Google Analytics 4 to understand how visitors use the site. Google Analytics sets cookies and similar identifiers and collects usage events such as pages viewed, approximate location derived from a truncated IP address, and device and browser information. We use this data in aggregate to improve the site; we do not use it to identify individual visitors, we do not run advertising trackers, and we do not sell personal data.

You can prevent this collection by blocking cookies in your browser settings or by installing Google's Analytics opt-out browser add-on.

8. Data Retention

We retain billing records and account information for as long as your account is active. Hashed query logs are kept for 90 days for troubleshooting and then automatically deleted.

9. Your Rights

Under the GDPR and other applicable privacy frameworks, you have the right to access, rectify, delete or export your personal data, and to object to processing based on legitimate interest. These rights apply both to account holders and to individuals whose phone numbers have been submitted to the API by one of our customers. If your number was checked by a business using Telebase, that business is the controller of its own check and is often the right first point of contact, but you can also contact us directly.

To submit a request, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the data protection supervisory authority in your country of residence.

Telebase

Telecom intelligence for AI agents. The missing signal layer for fraud teams and autonomous agents.

Product

  • How It Works
  • Signals
  • Who It's For

Developers

  • skills.md
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • Refund Policy

© 2026 Telebase. All rights reserved.

X / Twitter LinkedIn