Privacy Policy
Last updated: April 2026
This Privacy Policy describes how SMS Gateway Platform ("we", "us", or "our") collects, uses, and protects your personal information when you use our SMS gateway service, website, and Android application. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
Information We Collect
We collect the following categories of personal information:
Account Information: When you register, we collect your email address, company name, and password (stored as a one-way hash). We also assign your organization a unique identifier and subdomain.
Device Information: When you connect an Android device as an SMS gateway, we collect the device model, operating system version, SIM operator name, and a unique device identifier. This information is necessary to manage your SMS-sending fleet.
Message Metadata: We collect metadata about SMS messages processed through our platform, including recipient phone numbers, message status (sent, delivered, failed), timestamps, and error codes. Message content (body text) is subject to our data retention policy and is automatically redacted after the configured retention period.
Usage Data: We collect information about how you interact with our platform, including login timestamps, API call counts, feature usage, and performance metrics.
Technical Data: We automatically collect IP addresses, browser type, and device information when you access our web dashboard.
Account Information: When you register, we collect your email address, company name, and password (stored as a one-way hash). We also assign your organization a unique identifier and subdomain.
Device Information: When you connect an Android device as an SMS gateway, we collect the device model, operating system version, SIM operator name, and a unique device identifier. This information is necessary to manage your SMS-sending fleet.
Message Metadata: We collect metadata about SMS messages processed through our platform, including recipient phone numbers, message status (sent, delivered, failed), timestamps, and error codes. Message content (body text) is subject to our data retention policy and is automatically redacted after the configured retention period.
Usage Data: We collect information about how you interact with our platform, including login timestamps, API call counts, feature usage, and performance metrics.
Technical Data: We automatically collect IP addresses, browser type, and device information when you access our web dashboard.
How We Use Your Information
We use your personal information for the following purposes:
Service Delivery: To provide, operate, and maintain the SMS gateway platform, including message routing, device management, and delivery status tracking.
Account Management: To manage your account, authenticate your identity, process your subscription, and communicate service-related updates.
Platform Improvement: To analyze usage patterns, diagnose technical issues, and improve our service quality and reliability.
Security: To detect, prevent, and respond to security incidents, fraud, and abuse of our platform. This includes monitoring for unauthorized access, suspicious SMS sending patterns, and compliance with acceptable use policies.
Legal Compliance: To comply with legal obligations, respond to lawful requests from authorities, and enforce our terms of service.
Service Delivery: To provide, operate, and maintain the SMS gateway platform, including message routing, device management, and delivery status tracking.
Account Management: To manage your account, authenticate your identity, process your subscription, and communicate service-related updates.
Platform Improvement: To analyze usage patterns, diagnose technical issues, and improve our service quality and reliability.
Security: To detect, prevent, and respond to security incidents, fraud, and abuse of our platform. This includes monitoring for unauthorized access, suspicious SMS sending patterns, and compliance with acceptable use policies.
Legal Compliance: To comply with legal obligations, respond to lawful requests from authorities, and enforce our terms of service.
Data Storage and Security
We implement robust security measures to protect your personal information:
Tenant Isolation: Each customer organization operates in a completely isolated database environment. Your data is never mixed with data from other organizations, and cross-tenant access is technically impossible at the database level.
Authentication Security: We use RS256 JWT tokens with short-lived access tokens (15 minutes) and separate refresh tokens (30 days). Passwords are hashed using bcrypt with appropriate cost factors.
Encryption: API tokens are stored as one-way hashes. Sensitive configuration values are encrypted at rest. All communications between your devices and our servers use TLS encryption.
Access Controls: Role-based access control (Admin, Customer, User) ensures that users can only access data appropriate to their role. All administrative access to customer data is logged in an audit trail with mandatory access reasons.
Infrastructure: Our servers are hosted in data centers with physical security controls, redundant power, and network monitoring.
Tenant Isolation: Each customer organization operates in a completely isolated database environment. Your data is never mixed with data from other organizations, and cross-tenant access is technically impossible at the database level.
Authentication Security: We use RS256 JWT tokens with short-lived access tokens (15 minutes) and separate refresh tokens (30 days). Passwords are hashed using bcrypt with appropriate cost factors.
Encryption: API tokens are stored as one-way hashes. Sensitive configuration values are encrypted at rest. All communications between your devices and our servers use TLS encryption.
Access Controls: Role-based access control (Admin, Customer, User) ensures that users can only access data appropriate to their role. All administrative access to customer data is logged in an audit trail with mandatory access reasons.
Infrastructure: Our servers are hosted in data centers with physical security controls, redundant power, and network monitoring.
Data Retention
We retain your data according to the following policies:
Message Content: SMS message body text is automatically redacted after the retention period configured in your organization settings (default: 7 days after delivery). After redaction, only metadata (timestamps, status, error codes) is retained for operational analytics.
Account Data: Your account information is retained for the duration of your subscription. Upon account termination, your data is scheduled for permanent deletion within 30 days, subject to any legal retention obligations.
Audit Logs: Security and access audit logs are retained for 90 days to support incident investigation and compliance requirements.
Backups: Encrypted database backups are retained for disaster recovery purposes and are permanently deleted on a rolling schedule.
You can request immediate data export or deletion at any time through your account settings or by contacting us directly.
Message Content: SMS message body text is automatically redacted after the retention period configured in your organization settings (default: 7 days after delivery). After redaction, only metadata (timestamps, status, error codes) is retained for operational analytics.
Account Data: Your account information is retained for the duration of your subscription. Upon account termination, your data is scheduled for permanent deletion within 30 days, subject to any legal retention obligations.
Audit Logs: Security and access audit logs are retained for 90 days to support incident investigation and compliance requirements.
Backups: Encrypted database backups are retained for disaster recovery purposes and are permanently deleted on a rolling schedule.
You can request immediate data export or deletion at any time through your account settings or by contacting us directly.
Your Rights (GDPR)
Under the General Data Protection Regulation, you have the following rights regarding your personal data:
Right to Access: You can request a complete export of all personal data we hold about you. Use the Data Export feature in your account settings to download your data in a machine-readable JSON format.
Right to Rectification: You can update your personal information at any time through your account settings, including your email address, company name, and contact details.
Right to Erasure: You can request the deletion of your account and all associated personal data. This action is irreversible and includes the deletion of your organization database, all user accounts, message records, and device registrations.
Right to Data Portability: You can export your data in a structured, commonly used, and machine-readable format (JSON) at any time through the platform.
Right to Restrict Processing: You can request that we limit the processing of your personal data under certain circumstances, such as while we verify the accuracy of your data.
Right to Object: You can object to the processing of your personal data for specific purposes, including direct marketing and profiling.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time through the cookie consent settings or by contacting us.
To exercise any of these rights, use the privacy controls in your account dashboard or contact our privacy team at the address provided below.
Right to Access: You can request a complete export of all personal data we hold about you. Use the Data Export feature in your account settings to download your data in a machine-readable JSON format.
Right to Rectification: You can update your personal information at any time through your account settings, including your email address, company name, and contact details.
Right to Erasure: You can request the deletion of your account and all associated personal data. This action is irreversible and includes the deletion of your organization database, all user accounts, message records, and device registrations.
Right to Data Portability: You can export your data in a structured, commonly used, and machine-readable format (JSON) at any time through the platform.
Right to Restrict Processing: You can request that we limit the processing of your personal data under certain circumstances, such as while we verify the accuracy of your data.
Right to Object: You can object to the processing of your personal data for specific purposes, including direct marketing and profiling.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time through the cookie consent settings or by contacting us.
To exercise any of these rights, use the privacy controls in your account dashboard or contact our privacy team at the address provided below.
Cookies
Our platform uses cookies to ensure proper functionality and improve your experience:
Essential Cookies: These cookies are strictly necessary for the operation of our platform. They include session cookies for authentication, CSRF protection tokens, and locale preference storage. These cookies cannot be disabled as they are required for the platform to function securely.
Analytics Cookies: With your explicit consent, we may use analytics cookies to understand how visitors interact with our public pages. These cookies are only placed after you provide consent through our cookie consent banner.
You can manage your cookie preferences at any time through the cookie consent banner at the bottom of any page. Your preferences are stored locally and respected across all pages of our platform.
Essential Cookies: These cookies are strictly necessary for the operation of our platform. They include session cookies for authentication, CSRF protection tokens, and locale preference storage. These cookies cannot be disabled as they are required for the platform to function securely.
Analytics Cookies: With your explicit consent, we may use analytics cookies to understand how visitors interact with our public pages. These cookies are only placed after you provide consent through our cookie consent banner.
You can manage your cookie preferences at any time through the cookie consent banner at the bottom of any page. Your preferences are stored locally and respected across all pages of our platform.
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us:
Email: privacy@smsgateway.example.com
We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
Email: privacy@smsgateway.example.com
We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.