Privacy Policy

01 Introduction

MOBITELSMS ("we", "our", "the Company") operates a carrier-grade telecom infrastructure platform providing SMS, VoIP, RCS, mobile core, and interconnect services to carriers, MVNOs, and enterprises worldwide. We are committed to protecting the privacy of our customers, their authorised users, and all individuals whose data we process in connection with operating the platform.

This Privacy Policy explains what personal data we collect, the purposes for which we use it, the legal bases we rely on, and the rights available to you. It applies to the MOBITELSMS website, the customer portal, and all associated services. By accessing or using the platform, you acknowledge this policy.

02 Information We Collect

We collect the following categories of personal data:

• Account data — full name, business email address, company name, registered address, phone number, and the details of authorised users on your account.
• Technical data — IP addresses, browser and device metadata, API call logs, platform usage logs, SMPP session metadata, and Call Detail Records (CDRs) generated by traffic flowing through the platform.
• Payment data — billing address and the last four digits of payment cards used. Full card numbers and authentication credentials are collected and processed exclusively by our payment processors and are never stored on our systems.
• Communications — messages you send to us via support tickets, the contact form, or email.
• Compliance data — information required for regulatory obligations, including 10DLC brand and campaign registrations, STIR/SHAKEN certificate details, and KYC documentation where required by law.

03 How We Use Your Information

We use the data we collect for the following purposes:

• Provisioning, operating, and maintaining the platform and its services.
• Billing, invoicing, and payment processing.
• Security monitoring, fraud detection, and abuse prevention.
• Compliance with telecom regulatory obligations, including STIR/SHAKEN attestation, 10DLC campaign management, and lawful intercept obligations.
• Providing customer support and responding to enquiries.
• Improving and developing platform features, informed by aggregated usage analytics.
• Sending transactional communications (invoices, alerts, service announcements) and, where you have opted in, product update emails.

04 Legal Basis for Processing

We process personal data on the following legal bases:

• Performance of contract — processing necessary to deliver the services you have subscribed to.
• Legitimate interests — security monitoring, fraud prevention, platform improvement, and direct marketing to existing customers (subject to your right to object).
• Compliance with legal obligations — retention of CDRs and billing records as required by applicable telecom regulations and tax law.
• Consent — where we have explicitly requested and obtained your consent, for example for non-essential marketing communications.

05 Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, regulatory, or reporting requirements:

• Account data — retained for the duration of your active account, plus 7 years after closure for billing compliance and dispute resolution purposes.
• CDR data — retained for 7 years in accordance with applicable telecom regulatory requirements.
• Payment records — retained for 7 years for tax and accounting compliance.
• Contact form submissions and support tickets — retained for 3 years from the date of submission.
• Platform and API access logs — retained for 90 days for security and abuse investigation.

When retention periods expire, data is securely deleted or anonymised.

06 Sharing of Data

We do not sell personal data. We may share your data with the following categories of third parties only where necessary:

• Payment processors — for secure transaction processing (Stripe, PayPal, and similar). These processors act under their own privacy policies and PCI-DSS obligations.
• Cloud infrastructure providers — data centre operators and cloud platforms hosting our infrastructure, operating under appropriate data processing agreements.
• Regulatory and law enforcement bodies — where we are legally required to disclose data, for example in response to a lawful court order or regulatory demand.
• Professional advisers — lawyers, auditors, and accountants, subject to obligations of confidentiality.

All third-party processors are subject to contractual data protection obligations consistent with this policy and applicable law.

07 International Transfers

MOBITELSMS operates globally. Your data may be processed in data centres located outside your country or jurisdiction, including outside the European Economic Area (EEA). Where such transfers occur, we use appropriate safeguards to ensure an equivalent level of data protection, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions where applicable.
• Binding data processing agreements with all sub-processors.

For more information about the safeguards in place for international transfers, contact privacy@mobitelsms.com.

08 Your Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your data where we no longer have a legal basis to retain it.
• Restriction — request that we limit processing while a dispute is resolved.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or for direct marketing.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@mobitelsms.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

09 Cookies

We use a minimal number of cookies, strictly limited to what is necessary for platform operation:

• Session cookies — used to authenticate and maintain your logged-in session in the customer portal. These are deleted when you close your browser or log out.
• CSRF protection tokens — used to protect form submissions from cross-site request forgery attacks.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No data is shared with advertising networks.

10 Contact

For all privacy-related enquiries, data subject requests, or concerns, please contact:

privacy@mobitelsms.com

MOBITELSMS Ltd.
Data Protection Officer
privacy@mobitelsms.com

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify all registered users by email of any material changes at least 14 days before they take effect. The updated policy will be published at this URL with a revised effective date. Continued use of the platform after the effective date constitutes acceptance of the updated policy.