Privacy Policy

1. Introduction

SMS Gateway ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Email address, name, password
• Payment Information: Credit card details (processed by Stripe, not stored by us)
• Device Information: Device names, phone numbers, API keys
• Message Content: SMS message text, recipient phone numbers, sender information
• Support Communications: Information in support tickets, emails, or chat messages

2.2 Automatically Collected Information

When you use the Service, we automatically collect:

• Log Data: IP addresses, browser type, pages visited, time spent, referring URLs
• Device Data: Device type, operating system, unique device identifiers
• Usage Data: API requests, message counts, delivery statuses, error logs
• Cookies: Session cookies for authentication and preferences

2.3 Information from Third Parties

We may receive information from:

• Payment Processors: Stripe provides transaction confirmations and fraud detection data
• Analytics Providers: Aggregated usage statistics (if you consent to analytics)

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process and deliver SMS messages, maintain your account
• Billing: Process payments, prevent fraud, send invoices and receipts
• Communications: Send service updates, security alerts, support responses
• Improvement: Analyze usage patterns, debug issues, develop new features
• Security: Detect and prevent fraud, abuse, and security incidents
• Compliance: Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your message content for advertising or marketing purposes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Improving our Service, preventing fraud, ensuring security
• Legal Compliance: Complying with tax, accounting, and legal requirements
• Consent: Where you have provided explicit consent (e.g., for marketing emails)

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Until you delete your account, plus 30 days for recovery
• Message Logs: 90 days for operational purposes, then deleted
• Message Content: Not stored permanently; only retained temporarily for delivery
• Payment Records: 7 years for tax and accounting compliance
• Support Tickets: 2 years for quality assurance and dispute resolution

After the retention period, we securely delete or anonymize your data.

6. How We Share Your Information

We do not sell your personal information. We may share your information with:

6.1 Service Providers

• Stripe: Payment processing (subject to Stripe's Privacy Policy)
• Cloud Hosting: Infrastructure providers hosting our servers
• Email Services: Transactional email delivery

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, principle of least privilege
• Authentication: Strong password requirements, API key authentication
• Monitoring: Intrusion detection, security logging, regular audits
• Vulnerability Management: Regular security updates and patches

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 GDPR Rights (EEA Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for processing at any time
• Complain: Lodge a complaint with a supervisory authority

8.2 CCPA Rights (California Users)

• Know: Request disclosure of data collected and shared
• Delete: Request deletion of personal information
• Opt-Out: Opt out of sale of personal information (we do not sell data)
• Non-Discrimination: Not be discriminated against for exercising rights

8.3 How to Exercise Your Rights

To exercise your rights, contact us at privacy@smsgateway.example. We will respond within 30 days.

You can also:

• Export your data from the dashboard
• Update your account information in settings
• Delete your account (Settings → Account → Delete Account)

9. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and session management
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use the Service (with your consent)

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

We do not use advertising or tracking cookies.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data from the EEA to other countries, we use:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent protection
• Other legally compliant transfer mechanisms

11. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@smsgateway.example. We will delete such information promptly.

12. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. We do not currently respond to DNT signals because there is no industry consensus on how to interpret them. We do not track users across third-party websites.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email to the address associated with your account
• Prominent notice in the dashboard
• Updating the "Last updated" date at the top of this page

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

15. EU Data Protection Authority

If you are located in the EEA and have concerns about our data practices that we have not addressed, you have the right to lodge a complaint with your local data protection authority.

A list of data protection authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en