Privacy & Data Protection Policy

Effective Date: April 12, 2026

1. Strategic Commitment to Data Sovereignty

We operate on a "Privacy by Design" framework. Our infrastructure is engineered to minimize data exposure while maximizing transmission efficiency. This policy outlines our rigorous standards for the collection, processing, and safeguarding of data within our enterprise SMS gateway ecosystem.

2. Information Architecture & Collection

We categorize data into three distinct tiers:

• Identity Data: Legal name, corporate entity details, and verified email infrastructure used for account governance.
• Transmission Metadata: PII-masked destination numbers, routing headers, and carriage-level delivery timestamps.
• Payload Data: The actual content of SMS transmissions. Our system employs ephemeral storage protocols for message payloads, which are purged after successful delivery confirmation or a maximum of 48 hours of pending status.

3. Cryptographic Standards

All data at rest is secured via AES-256-GCM encryption. Data in transit between your API consumers, our cloud mesh, and the Android gateway nodes is protected via TLS 1.3 with Perfect Forward Secrecy (PFS). API keys are hashed using Argon2id protocols, ensuring that even in the event of hardware compromise, your credentials remain cryptographically secure.

4. Global Regulatory Compliance

Our platform is designed to facilitate compliance with global standards, including but not limited to:

• GDPR (EU): Data processing agreements and right-to-erasure mechanisms are built into the core API.
• CCPA (USA): Explicit "Do Not Sell" protocols are standard for all users.
• A2P Messaging Standards: We enforce carrier-required header integrity to ensure high deliverability and regulatory alignment.

5. Sub-Processors & Data Transfer

Data is only transferred to verified mobile carrier networks for the sole purpose of message termination. We do not engage in "Data Brokering" or commercialization of your contact lists.