MNET
CoreAccess+

Privacy Policy

Last updated: April 28, 2026  |  Effective: April 28, 2026

This Privacy Policy describes how MNET, LLC collects, uses, and shares information in connection with your use of CoreAccess+, a contact center integration application. CoreAccess+ acts as a data processor on behalf of the organizations ("Clients") that deploy it. If you have questions about how your organization handles your data, please contact your organization directly.

Table of Contents

  1. Overview
  2. Information We Collect
  3. How We Use Information
  4. How We Share Information
  5. Data Retention
  6. Data Security
  7. Your Rights
  8. Changes to This Policy
  9. Contact Us

1. Overview

MNET, LLC ("MNET," "we," "us," or "our") is a systems integrator and the developer of CoreAccess+. CoreAccess+ is a contact center integration application that enables organizations to integrate member and customer data systems with their contact center platform.

In operating CoreAccess+, MNET functions primarily as a data processor — processing data on behalf of the organizations that license and deploy the Application. The deploying organization is the data controller responsible for determining the purposes and means of processing personal data.

This Privacy Policy applies to data processed through CoreAccess+ and information collected through MNET's business operations related to the Application.

2. Information We Collect

MNET collects only application error logs generated by CoreAccess+ for the purpose of diagnosing technical issues, maintaining application stability, and improving service reliability. These logs may include technical details such as error codes, timestamps, and system state information, but do not contain personal data.

Member and customer data (such as names, account numbers, authentication tokens, or contact information) is transmitted through CoreAccess+ solely to facilitate contact center operations as directed by the deploying Client organization. MNET does not store, retain, or independently collect this data — it remains under the control of the Client organization at all times.

If you have questions about how your personal data is handled during a contact center interaction, please contact the organization you engaged with directly.

3. How We Use Information

Information processed through CoreAccess+ is used for the following purposes:

  • Service Delivery: Enabling contact center agents to access member information, authenticate callers, and facilitate account inquiries during engagements
  • AI Bot Integration: Facilitating conversational AI interactions to handle member inquiries and route conversations appropriately
  • Authentication: Processing OTP and 2FA verification to authenticate members during contact center interactions
  • Security: Detecting, preventing, and responding to fraud, abuse, or security incidents
  • Application Improvement: Analyzing usage patterns and performance to improve the Application (using anonymized/aggregated data where possible)
  • Legal Compliance: Complying with applicable laws, regulations, and legal processes

4. How We Share Information

MNET does not sell, share, or disclose member or customer data to any third party. Member and customer data accessed through CoreAccess+ belongs to and remains under the control of the Client organization at all times — MNET facilitates access to the Client's own data within their own systems and does not treat this as a data sharing activity.

As part of normal application operations, data may pass through the following infrastructure sub-processors:

  • Contact Center Platform: CoreAccess+ integrates with the Client's contact center platform. Interaction data flows through that platform's infrastructure subject to its respective privacy policy
  • Amazon Web Services (AWS): The Application uses AWS services including Amazon Lex for conversational AI processing. Data may be processed by AWS subject to AWS's privacy terms
  • Service Providers: MNET may engage third-party vendors to support application operations (hosting, security, monitoring) under data processing agreements

MNET may also disclose data in the following limited circumstances:

  • Legal Requirements: We may disclose data if required by law, regulation, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, data may be transferred as part of that transaction

5. Data Retention

MNET retains data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law:

  • Session data (authentication tokens, OTPs): Retained only for the duration of the active engagement session
  • Interaction logs: Retained for up to 90 days for troubleshooting and security purposes, unless Client configuration specifies otherwise
  • Application usage data: Retained for up to 12 months for performance monitoring
  • Legal hold data: Retained as required by applicable legal obligations

Client organizations may configure their own data retention policies within the Application settings.

6. Data Security

MNET implements industry-standard technical and organizational security measures to protect data processed through CoreAccess+, including:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of sensitive data at rest
  • Access controls and authentication requirements for administrative access
  • Regular security assessments and vulnerability testing
  • Secure API key and credential management
  • Audit logging of data access and system events

No method of transmission or storage is 100% secure. In the event of a data breach that affects your information, MNET will notify affected parties as required by applicable law.

7. Your Rights

CoreAccess+ is deployed within the Client organization's own infrastructure and integrates directly with their core systems and contact center platform. Personal data passes through the application in real time and is not stored or retained by MNET.

Because MNET does not hold personal data, MNET cannot fulfill data access, correction, deletion, or portability requests directly. Any such requests should be directed to the organization whose contact center you interacted with — they are the data controller and are responsible for responding to data subject rights requests under applicable law.

8. Changes to This Policy

MNET may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last updated" date at the top of this page.

Your continued use of CoreAccess+ after any changes to this Policy constitutes your acceptance of the updated Policy.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MNET, LLC
540 W. Frontage Rd, Suite 2115
Northfield, IL 60093
USA

We will respond to all legitimate requests within 30 days. For data subject requests related to Client-controlled data, we will coordinate with the relevant Client organization.