Privacy Policy

Effective Date: March 20, 2026

This Privacy Policy describes how Hexoglyph Holdings, LLC ("Hexoglyph," "Company," "we," "us," or "our") collects, uses, processes, stores, and discloses information in connection with its phone number verification, contact data validation, and lead hygiene services offered under the brand name NumberBroom (the "Service"). NumberBroom is a proprietary brand identifier of Hexoglyph Holdings, LLC.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy.

1. Definitions

"Service" refers to the NumberBroom platform, including its phone number validation, contact grading, lead hygiene, litigator screening, name-match verification, and any associated web-based interfaces, APIs, dashboards, and reporting tools operated by Hexoglyph.

"Customer" or "User" means any individual or legal entity that creates an account, uploads data, or otherwise uses the Service to verify or process contact information.

"Customer Data" means phone numbers, names, email addresses, physical addresses, IP addresses, and any other contact information submitted by a Customer for verification through the Service.

"Verification Results" means the outputs generated by the Service, including validity indicators, activity scores, contact grades, line-type classifications, carrier information, litigator flags, and name-match assessments.

"Subprocessor" refers to third-party entities engaged by Hexoglyph to process data on its behalf, including telecommunications data providers, cloud infrastructure providers, and verification engines.

2. Information Collection

2.1 Customer Data Submitted for Verification

When you use the Service, you submit Customer Data for processing. This may include phone numbers, full names, email addresses, physical addresses, and IP addresses. The Service processes this data solely for the purpose of returning Verification Results.

2.2 Account Information

When you create an account, we collect identifiers necessary to manage your relationship with us, including your name, email address, company name, and billing information.

2.3 Usage and Interaction Data

We automatically collect metadata about how you interact with the Service, including query volumes, API call timestamps, feature usage patterns, IP addresses, browser type, and device identifiers. This data supports service delivery, troubleshooting, and product improvement.

2.4 Third-Party Verification Data

The Service queries third-party verification providers to generate Verification Results. These providers return data elements such as line type, carrier, activity scores, and contact grades. Hexoglyph does not control the underlying data sources maintained by these providers.

3. How We Use Information

Hexoglyph uses collected information for the following purposes:

  • Delivering Verification Results in response to Customer queries
  • Maintaining and improving the accuracy and reliability of the Service
  • Processing payments and managing billing
  • Providing customer support and troubleshooting
  • Detecting and preventing fraud, abuse, or unauthorized access
  • Complying with legal obligations and responding to lawful requests
  • Generating anonymized, aggregate analytics for product development

4. Data Sharing and Disclosure

Hexoglyph does not sell Customer Data. We share information only as follows:

  • Verification Providers: Customer Data is transmitted to third-party verification providers solely to generate Verification Results. These providers operate under contractual obligations to process data only as instructed.
  • Cloud Infrastructure: Data is stored and processed on cloud infrastructure providers that maintain industry-standard security certifications.
  • Legal Compliance: We may disclose information when required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, Customer Data may be transferred to the acquiring entity, subject to the same privacy protections described herein.

5. TCPA and Telecommunications Compliance

Important: NumberBroom is a data verification and lead hygiene service. It does not send SMS messages, make phone calls, or initiate any direct communication with the individuals whose contact data is submitted for verification.

Customers are solely responsible for their own compliance with the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, and any other applicable telecommunications regulations when using Verification Results to contact individuals.

NumberBroom does not collect opt-in consent from the individuals whose data is verified, as the Service does not communicate with those individuals. Customers must independently obtain and maintain any required consents before initiating contact.

6. Data Retention

Hexoglyph retains Customer Data only as long as necessary to fulfill the purposes described in this Policy. Consistent with applicable data minimization requirements under the CCPA/CPRA and related regulations, we do not retain personal information beyond what is reasonably necessary for the stated purpose.

  • Uploaded CSV files and clean output files: Stored in encrypted cloud storage and automatically deleted twenty-four (24) months after the associated job is created. Storage file paths are cleared from job records upon deletion. Customers should download their clean output files promptly after job completion.
  • Abandoned payment files: CSV files uploaded for jobs where payment was not completed are automatically deleted forty-eight (48) hours after upload.
  • Litigator screening records: When a phone number is flagged as a litigator during processing, a record containing the phone number, job identifier, and screening timestamp is retained for twenty-four (24) months. These records exist solely for compliance verification, audit, and documentation purposes in the event of a TCPA-related inquiry.
  • Verification Results and job metadata: Job records (excluding file content) are retained for twenty-four (24) months for billing reconciliation, dispute resolution, and compliance documentation.
  • Account Information: Retained for the duration of the account relationship and for a reasonable period afterward as required for legal or business purposes.
  • Transaction records: Billing and payment transaction records are retained for a minimum of five (5) years as required for financial recordkeeping.

Customers may request early deletion of their data by contacting us at the address provided in Section 13. Deletion requests are subject to legal retention requirements that may override early deletion in certain circumstances.

7. Data Security

Hexoglyph implements administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments.

No method of electronic storage or transmission is completely secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

8. User Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Opt-Out: Opt out of marketing communications at any time.
  • Data Portability: Request your data in a structured, machine-readable format where technically feasible.

To exercise any of these rights, contact us at the address provided in Section 13.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act. These include the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale or sharing of personal information.

Hexoglyph does not sell personal information. To submit a verifiable consumer request, contact us at the address provided in Section 13.

10. Children's Privacy

The Service is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have collected information from a minor, we will take steps to delete it promptly.

11. International Data Transfers

Information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of information to jurisdictions that may have different data protection laws than your jurisdiction of residence.

12. Changes to This Privacy Policy

Hexoglyph may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact Information

Privacy-related inquiries may be submitted to:

Hexoglyph Holdings, LLC
NumberBroom Privacy Inquiries
Email: [email protected]