Privacy Policy

This Privacy Policy describes how Ninja Communications (a service of Ninja Premium Outsourcing, “Ninja Comms,” “we,” “us”) handles information accessed through the Client Portal at portal.ninjacomms.io (the “Portal”). It applies to the credit repair organizations (“CROs”) who use the Portal to view analytics for the phone line we operate on their behalf.

The Portal is a read-only window into the call data captured on your dedicated Ninja Comms line by our telephony provider (GoTo Connect). For each call, this may include:

• Date, time, and direction (inbound/outbound)
• Phone number and CNAM (caller-ID name) of the other party
• Outcome (answered, missed, voicemail, hung up in IVR)
• Duration, talk time, and timing breakdowns
• The name and extension of the Ninja Comms agent who handled the call
• An AI-generated synopsis and topic tags produced by GoTo’s call-analysis features
• Aggregated metrics, sentiment scores, and trend comparisons

This information includes telephone numbers and, in some cases, the caller’s name as transmitted by the public phone network. It does not include sensitive identifiers such as social-security numbers, payment-card details, or financial-account numbers.

Call data is generated by GoTo Connect when calls are placed to or from the phone line we operate for your business. We retrieve it from GoTo’s API to display it in the Portal and to compute the daily summary email.

We store the following operational data on our infrastructure (Vercel and Upstash):

• Your authorized user accounts (email, role, the CRO you’re associated with, when added, who added you, and a salted hash of your password)
• Short-lived authentication tokens for password resets and sessions
• The most-recently rotated access token for the GoTo OAuth client

We do not maintain a long-term archive of individual call records on our infrastructure. Call data is requested from GoTo at the time the Portal is loaded and is held only as long as needed to render the page or build the email.

The Portal is strictly tenant-scoped. Each CRO sees only the calls placed to or from their own line. Cross-tenant access is blocked at every API endpoint and verified by an automated attack test. Internal Ninja Comms staff (super admins) can see all CRO data for support and operational purposes.

We do not sell, rent, or share your call data with third parties for advertising or marketing. The third-party services we use are limited to what’s necessary to operate the Portal:

• GoTo Connect — the telephony provider that places, records, and analyzes calls on your line
• Vercel — application hosting and DNS
• Upstash — key-value storage for user accounts and tokens
• Anthropic — powers the in-portal AI assistant; when you ask the assistant a question, your question and the relevant slice of your own call data are sent to Anthropic’s API to produce a response
• Gmail SMTP — sends sign-in links, reset emails, and the daily summary

The Portal uses a single HTTP-only cookie (ncp_session) to keep you signed in. It contains a signed JSON Web Token identifying your account; it never holds your password. We do not use third-party advertising or analytics cookies.

User accounts persist until you (or a CRO admin) remove them through the Users page. Password-reset tokens expire 15 minutes after issuance. Session cookies expire after 30 days. If you want all data associated with your account removed, email support@ninjacomms.io from the email associated with the account.

Passwords are stored only as bcrypt hashes. Sessions are signed with HMAC-SHA256. The Portal is served exclusively over HTTPS. We never send passwords or sensitive account credentials over SMS.

The Portal is a business tool and is not directed to children under 13. We do not knowingly collect personal information from children.

If we materially change how the Portal handles data, we’ll update this page and revise the “Last updated” date above. For substantial changes, signed-in users will be notified in the Portal or by email.

Questions, concerns, or data requests: support@ninjacomms.io.