Privacy Policy

Last updated: January 23, 2025

Introduction

Remoto ("Remoto") is a platform owned and operated by ProZ.com, Inc. ("ProZ," "we," "us," or "our"). Remoto provides video remote interpreting (VRI), remote simultaneous interpretation (RSI), sign language interpreting, and audio-only interpreting through the Remoto web platform. Traditional dial-in over-the-phone interpreting (OPI) is in development. Remoto connects professional interpreters with organizations and individuals who require language access services.

This Privacy Policy explains how ProZ collects, uses, shares, and protects personal information in connection with Remoto's websites, applications, and related services (collectively, the "Services"). This Privacy Policy forms part of the Remoto Terms of Use.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information collected:

  • Through Remoto websites and web-based applications
  • During video, audio, and chat messaging during calls conducted through the Services
  • Through communications with us, including customer support and service-related messages
  • From third-party integrations used to provide or support the Services

This Privacy Policy does not apply to:

  • Information processed under separate written agreements with enterprise customers, including Business Associate Agreements (BAAs), where applicable
  • Information processed by interpreters or client organizations outside the Remoto platform

2. Categories of Users

The Services are used by different categories of users, and the type of information collected may vary depending on role:

  • Agencies / Client Organizations: Entities that request, manage, and pay for interpretation services
  • Interpreters: Independent professionals who provide interpretation services through the platform
  • Guests: Individuals invited to join a session without creating a Remoto account
  • Administrators: Authorized users who manage organizational accounts and access administrative features

3. Information We Collect

3.1 Information You Provide Directly

Depending on your role and use of the Services, we may collect:

  • Account Information: Name, email address, phone number, username, password, organization name, billing contact details, and account preferences
  • Professional Information (Interpreters): Language pairs, certifications, rates, availability status, earnings data, and ProZ account identifiers (where linked)
  • Billing and Payment Information: Billing addresses, payment method details, invoices, and transaction records (processed through third-party payment providers)
  • Communications: Chat messages sent during calls, support inquiries, and other communications with ProZ
  • Scheduling Information: Appointment details, participant names, and session timing

3.2 Information Collected Automatically

When you access or use the Services, we may automatically collect:

  • Usage Data: Call duration, connection timestamps, language pairs used, session metadata, and feature usage
  • Device and Technical Data: IP address, browser type, device identifiers, operating system, and network information
  • Log Data: Error logs, diagnostic information, and performance metrics

3.3 Audio, Video, and Call Data

The Services enable real-time audio and video communication for interpretation sessions.

Recording of Sessions. Some interpretation sessions may be recorded. Recording may be enabled by the organization or user who arranges a call, or by Remoto, for purposes such as quality assurance and monitoring, interpreter training and evaluation, dispute resolution, and meeting legal, regulatory, or contractual requirements. Not all sessions are recorded — whether a given session is recorded depends on the settings applied to that call.

Where a session is recorded, participants are informed that recording is taking place at or before the start of the recording. Recordings are processed and stored through our video infrastructure provider (Stream.io) and are accessible only to authorized call participants, the account that arranged the call, and authorized Remoto personnel, for the purposes described above or as required by law. If you do not consent to being recorded, you should not join, or should leave, a recorded session.

How Audio and Video Are Handled:

  • Audio and video streams are transmitted in real time to enable interpretation services
  • Sessions are recorded only when recording is enabled for that call; recordings are stored securely and retained as described in Section 7 (Data Retention)
  • Recordings are used only for the purposes described above and are not sold or used for advertising
  • Sensitive contexts (such as medical and legal sessions) may be subject to additional confidentiality, consent, and recording requirements under applicable law and your agreement with us

Call Metadata:

Metadata related to calls (such as duration, participants, language pairs, connection quality, and timestamps) is retained for operational, billing, and compliance purposes.

3.4 Guest Information

Guests may join sessions using invitation links without creating a Remoto account. We collect limited information necessary to facilitate participation, including:

  • Display name (as provided by the guest or inviting party)
  • Role or label (e.g., "Patient," "Family member")
  • Technical connection data (IP address, device information, connection timestamps)
  • Session participation metadata (join/leave times, duration)

Guest data is retained only for the duration necessary to facilitate the session and for billing purposes. Guests may request deletion of their data by contacting us as described in Section 13.

3.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Services. Key points include:

  • Essential Cookies: Required for authentication, session management, and platform functionality (cannot be disabled)
  • Analytics Cookies: Used to understand usage patterns and improve services (Google Analytics)
  • Functional Cookies: Remember preferences and settings
  • Third-Party Cookies: Set by service providers such as payment processors and video communication services

You can manage cookie preferences through your browser settings, though disabling certain cookies may impact Service functionality.

4. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Services
  • Match client requests with available interpreters
  • Facilitate audio, video, and chat messaging during calls
  • Process payments, calculate fees, and manage billing
  • Verify interpreter credentials and platform eligibility
  • Monitor platform performance, availability, and security
  • Provide customer support and respond to inquiries
  • Comply with legal, regulatory, and contractual obligations
  • Improve and develop new features and services

5. How We Share Information

We do not sell personal information. We may share information only as described below:

5.1 Service Providers

We share information with trusted third-party service providers that support the operation of Remoto. These include:

Video and Audio Communications:

  • Stream Video (Stream.io) - Video and audio infrastructure for real-time communication
  • Socket.io - Real-time notifications and signaling for call requests and updates

Payment Processing:

  • Stripe, Inc. - Payment processing, card storage, and payouts
  • Payment data is processed in accordance with PCI DSS standards

Email Services:

  • SendGrid (Twilio) - Transactional and service-related emails

Analytics and Monitoring:

  • Google Analytics (Google LLC) - Website usage analytics

Cloud Hosting and Infrastructure:

  • Amazon Web Services (AWS) - Cloud hosting and infrastructure services
  • MongoDB Atlas - Database services
  • MySQL - Database services
  • Elasticsearch - Search and indexing services

These providers are authorized to use personal information only as necessary to provide services to ProZ and are contractually obligated to maintain appropriate security and confidentiality measures.

5.2 Client Organizations

Interpreters acknowledge that limited professional and session-related information may be shared with client organizations for service delivery, billing, quality assurance, and compliance purposes. This may include:

  • Interpreter name and professional credentials
  • Language pairs and specializations
  • Availability status and response times
  • Session metadata (duration, timestamps, language pairs used)
  • Performance ratings and feedback submitted after calls
  • Billing and payment information related to services provided

5.3 ProZ Account Integration

For interpreters who link their ProZ.com accounts:

  • Certain profile information from ProZ.com may be shared with Remoto to verify credentials and professional standing
  • ProZ account verification status may be displayed to client organizations
  • ProZ profile data (such as certifications, language pairs, and professional history) may be used to enhance interpreter profiles on Remoto
  • This integration is optional and can be disconnected at any time through account settings

5.4 Legal and Compliance Disclosures

We may disclose information where required to do so by law or where we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, or lawful requests from government authorities
  • Protect the rights, safety, or property of ProZ, users, or others
  • Investigate fraud, abuse, security issues, or violations of our Terms of Use
  • Enforce our agreements and policies
  • Respond to emergency situations

6. Healthcare and Sensitive Information

Certain sessions may involve sensitive or regulated information, including health-related information. Where applicable:

  • ProZ processes such information solely to provide the Services
  • Appropriate administrative, technical, and organizational safeguards are applied
  • Separate agreements, such as BAAs, may govern the handling of protected health information

Users are responsible for ensuring that their use of the Services complies with applicable privacy and healthcare laws.

7. Data Retention

We retain personal information only for as long as reasonably necessary to provide the Services, fulfill contractual and billing obligations, comply with legal and regulatory requirements, and resolve disputes.

Specific Retention Periods:

  • Account Information: Retained while your account is active and for up to 7 years after account closure for legal and tax compliance purposes
  • Call Metadata and Logs: Retained for 3 years from the date of the call for billing, compliance, and dispute resolution purposes
  • Call Recordings (where enabled): Retained for [RECORDING RETENTION PERIOD — to be confirmed, e.g. 12 months] from the date of the call for the purposes described in Section 3.3, then deleted, unless longer retention is required to comply with legal obligations or resolve a dispute
  • Payment and Billing Records: Retained for 7 years to comply with tax and financial regulations
  • Guest Session Data: Retained for the duration of the session and up to 90 days thereafter, unless longer retention is required for billing or legal purposes
  • Support Communications: Retained for 3 years from the date of the communication
  • Error Logs and Diagnostic Data: Retained for up to 90 days

Retention periods may be extended where required by law, court order, or ongoing legal proceedings. After the retention period expires, we will securely delete or anonymize personal information.

8. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption: Data encryption in transit (TLS/SSL) and at rest for sensitive information
  • Access Controls: Role-based access controls and authentication requirements for staff and systems
  • Secure Infrastructure: Hosting on secure, monitored data centers with physical security measures
  • Regular Security Audits: Periodic security assessments and vulnerability testing
  • Incident Response: Procedures for detecting, responding to, and mitigating security incidents
  • Employee Training: Regular security and privacy training for employees with access to personal information
  • Payment Security: PCI DSS compliant payment processing through Stripe
  • Session Security: Secure session management and token-based authentication

However, no system can be guaranteed to be completely secure. If we become aware of a security breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law.

8.1 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected users without undue delay, typically within 72 hours of becoming aware of the breach where feasible
  • Provide information about the nature of the breach, the categories of data affected, and the measures we are taking to address it
  • Notify relevant supervisory authorities as required by applicable data protection laws
  • Provide guidance on steps you can take to protect yourself

9. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access: Request a copy of your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Receive your data in a structured, commonly used, and machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent where processing is based on consent

How to Exercise Your Rights:

  • Account Settings: Many rights can be exercised through your account settings on the platform
  • Contact Us: Submit requests by emailing [email protected] or using the contact information in Section 13
  • Response Time: We will respond to your request within 30 days (or as required by applicable law)
  • Verification: We may need to verify your identity before processing certain requests
  • Fees: We do not charge fees for exercising your rights, except where requests are manifestly unfounded or excessive

Right to Lodge Complaints: If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your privacy concerns.

10. International Data Transfers

Remoto is operated globally. Personal information may be transferred to and processed in countries other than your own, including the United States, where our primary servers and service providers are located.

Transfer Mechanisms:

We take steps to ensure that such transfers comply with applicable data protection laws, including Standard Contractual Clauses (SCCs), adequacy decisions, and other technical and organizational safeguards.

Service Provider Locations:

Our third-party service providers may process data in various jurisdictions, including the United States and global data centers. Key providers include Stripe, Stream Video, AWS, Google Analytics, and SendGrid.

By using the Services, you consent to the transfer of your personal information to these jurisdictions. If you have concerns about international data transfers, please contact us as described in Section 13.

11. Children's Privacy

The Services are not intended for use by children under the age of 13 (or 16 in the European Economic Area), and we do not knowingly collect personal information from children.

  • Users must be at least 18 years old to create an account as an interpreter or organization
  • Users under 18 may only use the Services with parental or guardian consent and supervision
  • If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information promptly
  • Parents or guardians who believe we may have collected information from a child should contact us immediately at [email protected]

We comply with the Children's Online Privacy Protection Act (COPPA) and applicable international laws regarding children's privacy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes:

  • We will notify you of material changes through email, prominent notice on the Services, in-app notifications, or other appropriate means
  • We will provide at least 30 days' notice before material changes take effect, where feasible
  • The "Effective Date" at the top of this Policy will be updated to reflect the date of the most recent changes
  • Your continued use of the Services after the effective date of changes constitutes acceptance of the revised Policy
  • If you do not agree with the changes, you may close your account or stop using the Services

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Information

For questions or concerns about this Privacy Policy or our privacy practices, to exercise your privacy rights, or to report a security concern, please contact:

ProZ.com, Inc.
Privacy Officer
Email: [email protected]

We will respond to your inquiry within 30 days (or as required by applicable law).

14. Additional Rights for California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal information)
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions)
  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Exercise your privacy rights without discrimination

To exercise these rights, please contact us at [email protected] or use the contact information in Section 13. We will verify your identity before processing your request.

Do Not Sell My Personal Information: We do not sell personal information. If this changes in the future, we will update this Policy and provide an opt-out mechanism.

15. Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

We process your personal information based on the following legal bases:

  • Contract: To perform our contract with you (providing the Services)
  • Legitimate Interest: To operate and improve the Services, ensure security, and prevent fraud
  • Consent: Where you have provided consent
  • Legal Obligation: To comply with legal and regulatory requirements

Data Controller and Processor:

  • Data Controller: ProZ.com, Inc. is the data controller for personal information collected through the Services
  • Data Processors: Third-party service providers act as data processors under our instructions
  • Joint Controllers: In certain circumstances, we may act as joint controllers with client organizations under separate agreements

Automated Decision-Making: We do not currently use automated decision-making or profiling that produces legal effects or significantly affects you. If this changes, we will update this Policy and provide information about the logic involved and your right to human review.

For GDPR-related inquiries, you may contact our Privacy Officer at [email protected] or your local data protection supervisory authority.

16. Marketing Communications

Currently, Remoto sends only transactional and service-related emails (such as account verification, scheduled call invitations, and service notifications). We do not currently send marketing communications.

If we begin sending marketing communications in the future, we will:

  • Only send them if you have provided consent
  • Include an unsubscribe link in all marketing emails
  • Allow you to opt out through account settings or by contacting us at [email protected]

Transactional and service-related communications (such as account verification, call invitations, and billing notifications) are necessary for the operation of your account and cannot be opted out of.

17. Related Policies

This Privacy Policy should be read in conjunction with:

  • Terms of Use
  • Cookie Policy
  • Business Associate Agreements (for healthcare clients, where applicable)

© 2026 Remoto by ProZ. All rights reserved.