phone.link — a product of Vir Reality Labs, Inc.
Effective date: April 17, 2026
At Vir Reality Labs, Inc. (“Vir Reality,” “we,” “us,” or “our”), the company behind the phone.link product, protecting your personal information is a priority. This Privacy Policy explains how we collect, use, share, and protect personal information in connection with our website, our SMS and phone verification services, and our related products (collectively, the “Services”).
This Privacy Policy is designed to help us comply with applicable privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”), and, where applicable, the EU General Data Protection Regulation (the “GDPR”) and the UK GDPR.
This Privacy Policy does not describe how we use cookies and similar tracking technologies. For that information, please refer to our Cookies Policy.
The entity responsible for your personal information is Vir Reality Labs, Inc., a Delaware corporation with its principal place of business at 253 N. La Peer Dr., Beverly Hills, CA 90211. phone.link is a product of Vir Reality Labs, Inc. When you browse our website or when we process your data for our own purposes (for example, to fight fraud or improve our Services), we act as the “business” or “controller,” as applicable under the relevant law.
When we provide Services to our customers, we process personal information about their end users on their behalf and pursuant to their instructions. In those cases, our customers act as the “business” or “controller,” and we act as the “service provider” or “processor.”
“Personal information” means information that identifies, relates to, or could reasonably be linked with an identifiable individual. Depending on how you interact with us, we may collect the following categories of personal information:
When you provide information directly to us, we will indicate whether particular fields are required.
We collect personal information in two main ways:
The table below summarizes the purposes for which we process personal information, the legal basis we rely on where applicable (primarily relevant under GDPR and similar laws), and how long we retain the information.
| Purpose | Legal Basis / Lawful Ground | Retention Period |
|---|---|---|
| To perform contracts and manage the customer relationship | Performance of a contract to which you or your company is party | For the duration of the contractual relationship; transaction records are retained for 5 years for evidentiary purposes. |
| To analyze use of the Services, understand customer needs, and improve functionality | Our legitimate interest in improving our products and services | Usage analytics are retained for up to 2 years; anonymized data may be retained indefinitely. |
| To manage customer feedback and reviews | Our legitimate interest in collecting feedback | 2 years from publication of the review. |
| To build and manage a prospect database | Our legitimate interest in developing and promoting our business | 3 years from the last contact with you. |
| To send newsletters, product updates, and direct marketing communications | Our legitimate interest in marketing to customers and prospects; your consent where required by law | 3 years from the end of the contractual relationship or last contact. |
| To respond to your information requests and inquiries | Steps taken at your request prior to entering a contract | For the duration of the contract if you become a client; otherwise 3 years from the last contact. |
| To retain administrative and financial records | Compliance with our legal and regulatory obligations | Invoices and tax records for 7 years; transaction records for 5 years for evidentiary purposes. |
| To process job applications and manage recruitment | Steps taken at your request prior to entering a contract | For the duration of the recruitment process; up to 3 months after rejection; up to 5 years from a hiring decision for evidentiary purposes. |
| To maintain a CV database | Your consent | 2 years from the last contact with you. |
| To prevent and detect fraud | Our legitimate interest in preventing fraud and complying with law | For the time necessary to qualify and respond to a fraud alert; relevant fraud records may be retained for 6 years from case closure. |
| To handle requests to exercise your privacy rights | Compliance with our legal obligations | Identity verification documents are deleted once verification is complete; opt-out records are retained for 3 years; other records are retained for 3 years from the request. |
We may share personal information with the following categories of recipients:
Sale or sharing of personal information. We do not sell your personal information in exchange for money. We do not knowingly sell or share the personal information of consumers under 16 years of age. We may “share” personal information as defined under the CCPA (e.g., for cross-context behavioral advertising) through the use of cookies and similar technologies; please see our Cookies Policy for details and how to opt out.
Vir Reality is headquartered in the United States, and your personal information is primarily stored in the United States. If you are located outside the United States, your personal information may be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate.
Where required by applicable law (for example, for transfers out of the European Economic Area or the United Kingdom), we use appropriate safeguards to protect your personal information, such as: (i) transfers to countries that have received an adequacy decision from the relevant authority; (ii) Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office; or (iii) other safeguards permitted by applicable law.
We maintain administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, use, alteration, or disclosure. These include encryption in transit, access controls, and regular review of our security practices. No method of transmission over the internet or method of electronic storage is entirely secure, however, and we cannot guarantee absolute security.
Subject to applicable law and certain exceptions, you may have the following rights regarding your personal information:
You may exercise these rights by emailing us at team@phone.link. We may ask you to provide information to verify your identity before responding to your request. You may also designate an authorized agent to make a request on your behalf, subject to verification as permitted by law.
Our Services are not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or a higher age threshold where required by applicable law). If we learn that we have collected personal information from a child without appropriate consent, we will take steps to delete it.
We may update this Privacy Policy from time to time, for example to reflect changes in applicable law, our services, or our business practices. Changes will take effect on the date indicated at the top of this policy. We encourage you to review this page periodically. Where required by law, we will provide additional notice of material changes.
If you have any questions about this Privacy Policy or our privacy practices, you can contact us at:
Vir Reality Labs, Inc.
253 N. La Peer Dr., Beverly Hills, CA 90211
Email: team@phone.link