Skip to main content

8x8 Privacy Notice

8x8 Global Privacy Noticelink to this section

Last updated: January 15, 2026

8x8, Inc. and its group companies and affiliates (each an “8x8 Group Entity” and collectively “8x8,” “we,” “our,” “us”) respect your right to privacy. This Privacy Notice explains who we are, how we collect, share, and use personal information about you and how you can exercise your privacy rights.

It applies to personal information that we process about:

  • visitors to our websites (https://www.8x8.com);
  • our suppliers, vendors and business advisors.
  • our existing, prospective and former customers.
  • visitors to our offices.
  • and authors of publicly available research material.

If you have any questions or concerns about our use of your personal information, please contact us using the details provided in the How to Contact Us section below.

What does 8x8 do?link to this section

8x8 is a global provider of integrated customer experience and business communications solutions, purpose-built to unify customer and employee engagement across the enterprise. Our Platform for CX™ combines contact center, business communications and application programmable interfaces or APIs, for communications into a single, secure, AI powered system that delivers seamless data-driven interactions. Designed for agility and scale, our platform helps businesses eliminate silos, improve operational efficiency and turn every conversation into actionable intelligence. By aligning technology with measurable outcomes, we empower organizations to transform how they connect, serve, and grow from first interactions to lasting relationships. We are headquartered in the United States with additional offices in the UK, Romania, Australia, Singapore, France, Portugal, Canada, and the Philippines. For more information, please see the About Us section of this Website.

What personal information does 8x8 collect and why?link to this section

In general, we use the personal information we collect only for the purposes described in this Notice or for compatible purposes allowed by applicable data-protection laws.

Website Visitorslink to this section

When you visit our Websites, we may collect information automatically from your device (for example, IP address, device type, browser type, operating system, approximate location and website usage data). We use this information to understand how visitors use our sites, to improve functionality and to perform analytics. Some of this data is collected using cookies and similar tracking technologies described in our Cookie Notice.

Prospective Customerslink to this section

If you submit an enquiry, request a quote or subscribe to marketing or other communications, we may collect: your name, company, work email, telephone number, country and other related details. We use this information to communicate with you about our products and services, fulfil requests, send offers (where permitted), provide information about the company, and improve our services.

We may also collect information automatically when you interact with our digital channels or marketing emails and we may obtain business-related information about you from third-party sources (such as data brokers) where lawful.

Current Customerslink to this section

If your organization becomes a customer, we collect and maintain information necessary to deliver our services and manage the relationship, including:

  • account credentials and service configuration data.
  • contact and billing information.
  • communications metadata, call-records data, messages, voicemails, meetings and transcripts.
  • recorded calls or meetings where applicable under this Notice.

From time to time and to protect your credit card, debit card or charge card from use without your consent, we may validate your name, address and other personal information supplied by you during the order process against appropriate third-party databases such as Credit Reference Agency databases. We may also use your personal information in combination with information we receive about other individuals for the purposes set out in this Privacy Notice.

Data obtained from Google Gmail APIs: The 8x8 Contact Center that uses and transfers information received from Gmail APIs, will adhere to the Google API Services User Data Policy including the Limited Use requirements.

Artificial Intelligence (AI) and Automated Processinglink to this section

8x8 uses AI responsibly to enhance its services. For example, to enable transcriptions, summaries or analytics that help improve communication quality and service performance. All AI use complies with applicable laws including the EU AI Act, GDPR and California privacy laws. 8x8 does not engage in automated decision-making that produces legal or similarly significant effects for individuals. Where AI is used to generate insights (for example, meeting summaries or quality metrics), it is based on legitimate interest in improving services and internal operations which 8x8 balances against individual privacy rights. Users and participants can object or request deletion of specific recordings as outlined in the section on Your Rights.

Meeting Recordings and AI-Assisted Insightslink to this section

8x8 records certain video conferences by default to improve collaboration, service quality and provide training. Processing is based on legitimate interest under Article 6(1)(f) GDPR and equivalent laws:

Safeguards include:

  • clear on-screen recording indicators.
  • advance notification to participants.
  • strict access controls and encryption.
  • audio/video retention for up to 3 months and transcript retention for up to 5 years.
  • and opt-out and deletion mechanisms for valid cases.

Third-party participants must provide consent before being recorded and recordings are not used for automated decision-making or profiling.

CCTV and Visitor Surveillancelink to this section

8x8 operates CCTV systems at certain facilities to protect the safety and security of employees, visitors, assets, and premises. CCTV processing is based on legitimate interest under (GDPR Art. 6(1)(f)).

  • Cameras are installed only where there is a demonstrable security need (e.g., entrances, lobbies, server rooms, loading areas).
  • Audio recording is not permitted.
  • Privacy masks are used to exclude prohibited areas (e.g., workstations, toilets, and cafeterias).
  • Footage is stored securely and retained for a maximum of 60 days unless required for an active investigation.
  • Data subjects may exercise their rights of access, erasure or objection via our online portal for data subject rights requests at: https://preferences.8x8.com/

Telecommunications and Network Logslink to this section

8x8 processes limited telecommunications and network data (“communications metadata”) to ensure service security, quality, and continuity. Processing is based on legitimate interest and regulatory compliance for telecom operations. Information collected may include call and connection metadata, timestamps, routing information, and device identifiers. This information is retained only for as long as necessary for network integrity, fraud prevention, billing purposes and legal obligations.

How does 8x8 keep personal information secure?link to this section

We maintain appropriate technical and organizational measures to protect personal information against unauthorized access, use, loss or disclosure. These include encryption, access controls, logging and regular security audits. Our security program is audited against SOC 2, ISO 27001, ISO 9001, ISO 14001, Cyber Trust Mark and Cyber Essentials Plus standards.

International Data Transferslink to this section

Your personal information may be transferred to and processed in countries other than the one in which you reside. Such countries may have data-protection laws that differ from those in your jurisdiction. We implement appropriate safeguards to ensure that your information remains protected in accordance with this Notice and applicable law. These safeguards include the use of Standard Contractual Clauses and Data Privacy Framework participation as well as our intra-group data-transfer agreements.

Data Privacy Frameworklink to this section

8x8, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. 8x8, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. 8x8, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit: https://www.dataprivacyframework.gov/. 

Scope:link to this section

8x8 Inc. and Fuze, Inc. (wholly owned subsidiary) adhere to the EU-U.S. DPF Principles with respect to personal data of individuals in the European Economic Area member states, the United Kingdom (and Gibraltar) and to the Swiss-U.S. DPF Principles with respect to the personal data of individuals in Switzerland (“Covered Individuals”) processed by 8x8, Inc. or Fuze, Inc. as part of providing our cloud communications services (“Personal Data”).

Data processed:link to this section

8x8 Inc. provides cloud communications services, including Unified Communications as Service, Contact Center as a Service, and Communications Platform as a Service, to business customers. In providing these services, 8x8 Inc. may process the following Personal Data of Covered Individuals in the United States:

  • Communications metadata (e.g. information on originating telephone number or other identifier, terminating telephone number or other identifier, date and time communication originated, date and time communication terminated).
  • Communications content our customers transmit, receive, or store through our services (8x8 Inc.’s customers decide what, if any, Personal Data to include in such communications, it typically includes information about 8x8 Inc. customers’ users, their current, prospective, or former customers, or any other person or entity communicating with 8x8 Inc. customers).
  • Contact information for our customers’ employees.
  • And Service support ticketing information (contact details for individuals initiating the support request and any other personal data shared as part of the support request).

Purposes for which data is used:link to this section

8x8 Inc. may use Personal Data for providing, managing, supporting, deploying, enhancing or improving our services, as otherwise instructed by the 8x8 Inc. customer or other data controller who transmitted, received, or stored the data or in accordance with contractual requirements. 8x8 Inc. may also use Personal Data for other purposes for which the customer or other data controller has obtained the relevant Covered Individual’s consent.

Inquiries and complaints:link to this section

If you are a Covered Individual and believe that 8x8 Inc. maintains your Personal Data within the scope of our EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or Swiss-U.S. DPF certifications, you may submit any privacy or data use concerns concerning such data by email dpo@8x8.com or by mail to:

8x8, Inc.

675 Creekside Way

Campbell, CA 95008, USA

Attention: Privacy

8x8 Inc. will respond within 45 days of receiving the communication. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

If neither 8x8 Inc. nor our U.S.-based third party dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration as provided under the Data Privacy Framework Program (See Data Privacy Framework website).

Third parties who may receive Personal Data:link to this section

8x8 Inc. may disclose Personal Data to its affiliates, as well as to a limited number of third-party business partners, service providers, vendors, suppliers and other contractors (collectively, “Service Providers”) for the purpose of assisting us in providing, managing, deploying, enhancing, or improving our services. 8x8 Inc. maintains contracts with these 8x8 Inc. affiliates and Service Providers restricting their access, use and disclosure of Personal Data in compliance with our Data Privacy Framework obligations, and 8x8 Inc. may be liable if such parties fail to meet those obligations and we are responsible for the event giving rise to the damage. We also may share or disclose Personal Data to the extent that the customer or other data controller has obtained the relevant Covered Individual’s consent. No information obtained from an SMS campaign will be shared with third parties/affiliates for their marketing/promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties unless it is to support the SMS campaign.

Your rights to access, to limit use and to limit disclosure:link to this section

Covered Individuals have rights to access their stored Personal Data and to limit its use and disclosure. With our Data Privacy Framework certification, 8x8 has committed to respect those rights. If you are a Covered Individual and you wish to request access to or to limit use or disclosure of your Personal Data, please contact us by email dpo@8x8.com or by mail to: 8x8, Inc. 675 Creekside Way, Campbell, CA 95008, USA Attention: Privacy.

U.S. Federal Trade Commission enforcement:link to this section

8x8 Inc.’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission or the applicable United States authorized statutory body.

Compelled disclosure:link to this section

8x8 Inc. may be required to disclose Personal Data in response to lawful requests by public authorities, or administrative or judicial processes including meeting national security or law enforcement requirements.

Childrenlink to this section

Our websites and services are not directed at minors under 18 years of age. If we learn that we have inadvertently collected personal data from a minor, we will delete it promptly.

Information About Otherslink to this section

If you provide us with personal data about another person, you must ensure that you have lawful authority to do so and that the individual has been informed of our identity, the purpose for which you provided the personal information and their rights as described in this Notice.

Data Retentionlink to this section

Personal data is retained only while there is a legitimate business need or legal requirement. When retention is no longer necessary, information is securely deleted or anonymized in accordance with the 8x8 Data Retention and Backup Policy and Standard. Backup archives are segregated and subject to scheduled purge processes.

Your Rightslink to this section

Depending on where you reside, you may have rights to: access, correct, update, or delete your personal information; request portability; object to or restrict processing; or withdraw consent where processing is based on consent.

Residents of the EEA, UK, and Switzerland may exercise these rights under the GDPR and related laws. California residents may exercise their rights under the California Privacy Rights Act (CPRA). Requests can be submitted via our online portal for data subject rights requests at: https://preferences.8x8.com/.

8x8 responds to all verifiable data-subject requests in accordance with applicable law. We currently support DSAR processes and honor opt-out requests.

You also have the right to lodge a complaint with your local data-protection authority if you believe that our processing violates applicable law.

California-Specific Disclosureslink to this section

We do not sell or share personal information as defined by the CPRA. We collect only the categories of information identified in this Notice for the business purposes described here. California consumers may designate an authorized agent to exercise their rights and may contact us to obtain this Notice in an accessible format.

Accessibilitylink to this section

Consumers with disabilities can access this Notice through standard screen readers or request an alternative format by emailing dpo@8x8.com.

Updates to This Privacy Noticelink to this section

We may update this Privacy Notice from time to time to reflect changes in legal, technical, or business developments. When we make material changes, we will provide appropriate notice and where required, obtain consent. The “Last updated” date at the top of this Notice shows when it was most recently revised.

How to Contact Uslink to this section

If you have questions or concerns about our use of your personal information, please contact our Data Protection Officer:

Email: dpo@8x8.com

Postal Service: 8x8, Inc., Attn: Data Protection Officer, 675 Creekside Way, Campbell, CA 95008, United States