Verizon Business Privacy Policy

1. Information Collected

Verizon Business collects five categories of information in the normal course of delivering commercial telecommunications services.

Personal information includes name, business email address, business phone number, work mailing address, job title and authentication credentials for the Verizon Business portal. Personal information is collected at contract signature, admin invitation and through user-initiated updates inside My Verizon Business.

Account information includes the Verizon Business account number, billing address, billing contact, tax identifiers, service agreement terms, AutoPay banking credentials (tokenised), purchase history and support case history.

Network information (CPNI) includes data about the telecommunications services used — call detail records, call destinations, minutes used, service configurations, roaming activity, SMS metadata and 5G data session metadata. CPNI is regulated by section 222 of the Communications Act and is subject to specific use and disclosure limitations.

Device information includes device identifiers (IMEI, MAC address, serial number), device model and OS version for wireless lines, IP phone registration attributes, MDM enrolment status and (where MDM is active) device compliance posture.

Usage information includes login activity on the Verizon Business portal, actions taken in the admin console, bulk-import files uploaded, report exports generated, support tickets raised and API call logs.

2. Purposes of Use

Verizon Business uses collected information for four principal purposes: service delivery (provisioning, billing, support, outage notification), fraud prevention (anomaly detection, credential misuse, CPNI signature validation), regulatory compliance (FCC reporting, CPNI annual certification, FCC audit response, CALEA lawful intercept when court-ordered) and service improvement (aggregated analytics, feature usage patterns, performance benchmarking). Personal information is processed only to the extent necessary for these purposes and under the lawful basis of contract performance, legitimate interest or explicit consent, as applicable.

3. Consent and Customer Proprietary Network Information (CPNI)

Under section 222 of the Communications Act, Verizon Business requires customer consent for certain uses of CPNI beyond the services currently subscribed. By default, CPNI is used to deliver and bill the services you have already purchased. CPNI use to market new categories of service requires opt-out consent; this policy serves as the 30-day notice of that opt-out right. Customers may opt out of CPNI use for marketing at any time through the privacy settings inside My Verizon Business or by emailing privacy@verizonbusiness.at. Opt-out choices do not affect service delivery.

4. Third-Party Disclosure

Verizon Business discloses information only to three classes of recipient. Regulators and law enforcement, in response to lawful requests from the Federal Communications Commission, court-issued subpoenas, CALEA warrants and FTC enforcement orders. Service providers that process data on our behalf under written agreements imposing confidentiality, data-minimisation and security obligations equivalent to or stronger than those in this privacy policy — including payment processors, cloud infrastructure (AWS, Azure, Google Cloud under the SCI arrangement described in Cloud Solutions), email delivery and customer-support tooling. Affiliates within the Verizon Communications corporate group, where the sharing is consistent with the purposes described in this privacy policy and with applicable CPNI rules. Verizon Business does not sell personal information as defined under CCPA/CPRA.

5. Cross-Border Data Transfers

Customer data is primarily stored and processed in the United States. Where a customer subscribes to international services (for example, MPLS connectivity delivered through the international connectivity product), limited metadata may transit partner facilities in the contracted regions. Transfers rely on standard contractual clauses where applicable and on the adequacy frameworks recognised by US and partner-country regulators.

6. Security Controls

Verizon Business maintains a written information security programme aligned with NIST 800-53 and independently audited to SOC 2 Type II. Controls include encryption in transit (TLS 1.2+) and at rest (AES-256), multi-factor authentication for all Verizon Business portal sign-ins, role-based access control, IP allowlisting at the Enterprise tier, immutable audit logging, 24/7 security operations centre, intrusion detection and response, vulnerability management and annual penetration testing. Access to CPNI is restricted to personnel with a documented business need.

7. Retention Periods

Usage analytics on each Verizon Business online account retain for 24 months with daily refresh. Billing records retain for seven years to meet IRS record-keeping requirements. CPNI retains for 24 months in active systems and 18 additional months in archive unless extended by legal hold. Support case content retains for five years. Website cookies retain per category (see Cookies section) with consent refresh at 12 months. Deletion of personal information on request follows the CCPA/CPRA timelines described below.

8. User Rights Under CCPA/CPRA

Residents of California have the right to access the personal information Verizon Business holds about them, delete personal information subject to exceptions (for example, billing records retained for IRS compliance), correct inaccurate personal information, opt out of the sale or sharing of personal information (Verizon Business does not sell personal information as defined by CCPA/CPRA), limit the use of sensitive personal information and exercise these rights without discrimination. Rights are exercised through the data subject request portal at privacy@verizonbusiness.at. Verifiable requests receive a substantive response within 45 days; complex requests may extend by 45 further days on notice. Residents of states with similar statutes (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA) receive equivalent rights under this policy.

9. Cookies

verizonbusiness.at uses three categories of cookies. Strictly necessary cookies maintain authentication session state, remember MFA device registration and protect against CSRF. These cannot be disabled without breaking the site. Preference cookies remember language, layout and region. Analytics cookies measure aggregated traffic for site improvement. No third-party advertising cookies run on verizonbusiness.at. The cookie banner at first visit allows opt-out of non-essential categories; choices persist for 12 months before re-prompt. The cookie inventory is published inside the Cookie Preferences centre linked from the footer.

10. Children's Privacy

Verizon Business services are commercial and not directed to children under 13. Verizon Business does not knowingly collect personal information from children under 13. If a parent or guardian believes that a child under 13 has submitted personal information, please contact privacy@verizonbusiness.at and we will investigate and delete the data where appropriate in line with the Children's Online Privacy Protection Act (COPPA).

11. Privacy Officer Contact

The Verizon Business Privacy Officer handles privacy queries, data subject requests and regulatory liaison. Email: privacy@verizonbusiness.at. Postal mail: Privacy Officer, Verizon Business, 1095 Avenue of the Americas, New York, NY. Telephone: 1-800-465-4054. International callers: +1-908-559-4899.

12. California Notice of Financial Incentive

From time to time Verizon Business offers bundled-service pricing incentives that require the customer to consent to specific uses of CPNI for cross-sell or service-upgrade recommendations. Under CCPA/CPRA such programmes qualify as a financial incentive. Customers may withdraw consent at any time without penalty; the incentive pricing reverts to standard commercial rates at the next billing cycle. Full details of any active financial incentive programme are published inside My Verizon Business under account preferences.

13. FTC Complaint Mechanism and Regulatory Escalation

Customers who believe Verizon Business has not met an obligation under this privacy policy may file a complaint with the Federal Trade Commission at ftc.gov or with the California Attorney General at oag.ca.gov/privacy for CCPA/CPRA matters. Residents of other states with privacy statutes can escalate to their respective Attorneys General. The Verizon Business Privacy Officer welcomes advance contact to attempt resolution before regulatory escalation. FCC complaints relating to CPNI handling or common-carrier obligations can be lodged at the FCC Consumer Complaint Centre.

14. Changes to This Privacy Policy

Verizon Business may update this privacy policy from time to time. Material changes will be communicated 30 days in advance by email to primary admins on every active Verizon Business online account and by in-portal banner inside My Verizon Business. The effective date at the top of this page reflects the last update. Historical versions of this privacy policy remain available on request.

15. Last Updated

This Verizon Business privacy policy was last updated on 17 April 2026 and supersedes all prior versions.