Legal

Data Processing Policy

Last updated: June 2026

This is a template provided for convenience and should be reviewed by a qualified lawyer before being relied upon. It summarises the data-processing terms that may also be set out in a separate Data Processing Agreement (DPA).

1. Roles

When you send messages through SMSID, you act as the data controller of the recipient personal data (such as phone numbers and message content) and SMSID acts as a data processor processing that data on your documented instructions.

2. Scope of processing

Subject matter: transmission and delivery of messages you submit.
Duration: for the term of your account and applicable retention periods.
Nature & purpose: routing messages to carriers, recording delivery status, and billing.
Data subjects: your message recipients.
Data types: mobile numbers, message content, delivery metadata.

3. Our obligations as processor

Process personal data only on your instructions and as needed to provide the service.
Ensure personnel are bound by confidentiality.
Apply appropriate technical and organisational security measures.
Assist you, where reasonable, with data-subject requests and security obligations.
Delete or return personal data at the end of the service, subject to legal retention.

4. Sub-processors

We use sub-processors to deliver the service, including our upstream messaging carrier (for message routing) and our payment provider (for billing). They are bound by obligations consistent with this policy. We will inform you of material changes to sub-processors.

5. International transfers

Messages may be routed through carriers located in different countries to reach recipients. Where personal data is transferred internationally, appropriate safeguards are applied as required by law.

6. Security measures

Measures include encryption in transit (HTTPS), encryption of sensitive secrets at rest, hashed credentials, access control, and monitoring. See our Privacy Policy for more.

7. Data breach

We will notify you without undue delay after becoming aware of a personal data breach affecting your data, and provide reasonable information to help you meet your notification obligations.

8. Your responsibilities as controller

You are responsible for having a lawful basis and valid consent for the recipients you message, for the accuracy of recipient data, and for complying with our Anti-Spam Policy and applicable law.

9. Contact

For data-processing matters or to request a signed DPA, contact us via our contact page.