SMSAlert
Language 🇬🇧 EN 🇷🇴 RO
Create a free account Login
Services
SMS API / SMS Gateway WhatsApp Business API Alertisimo (Push) SMSAlert Sync (Android) GSM Devices All services
Software
CRM Chat Bookindo — Online Appointments
Platform
Integrations & Modules Prices
Resources
API Documentation Blog
Privacy

Privacy
Policy

How we collect, use and protect your personal data in accordance with EU Regulation 2016/679 (GDPR).

Last updated: April 2022

This policy applies to the SMSAlert platform, operated by Xelandru Software SRL, and governs the way we process personal data in accordance with Regulation (EU) 2016/679 (GDPR), applicable from 25 May 2018. By using the platform, you agree to this policy.

1. Data Controller

The personal data controller is:

  • Name: Xelandru Software SRL
  • Tax ID / VAT: RO45962641
  • Trade Reg. No.: J40/7086/14.04.2022
  • Address: Str. Vitioara nr. 48, ap. 20, Bucharest, Sector 3
  • Email: contact@smsalert.mobi

2. Categories of Data Collected

We may collect and process the following categories of data:

  • Identity data: first name, last name, company name.
  • Contact data: email address, phone number, postal address (for billing).
  • Technical data: IP address, browser type, operating system, session identifiers, API tokens.
  • Usage data: pages visited, actions within the platform, activity logs, volume of messages sent.
  • Financial data: billing information, Tax ID (for business clients); we do not store card data — payments are processed by Stripe.
  • Profile data: notification preferences, account settings, activated channels.

3. Purpose of Processing

Your data is processed for the following purposes:

  • Providing contracted services (SMS sending, WhatsApp, Push, API access).
  • Account management and authentication on the platform.
  • Billing and accounting records in accordance with legal obligations.
  • Technical support and resolution of requests.
  • Improving the platform based on aggregated and anonymised usage data.
  • Sending commercial communications (with your consent or based on legitimate interest towards existing customers).
  • Compliance with applicable legal obligations in Romania and the EU.

4. Legal Basis for Processing (Art. 6 GDPR)

We process your data on the basis of one or more legal grounds:

  • Performance of a contract — for providing the services you have requested (Art. 6(1)(b)).
  • Legal obligation — for billing, tax reporting and other applicable legal requirements (Art. 6(1)(c)).
  • Legitimate interest — for platform security, fraud prevention, commercial communications towards existing customers (Art. 6(1)(f)).
  • Consent — for analytics and marketing cookies, newsletter (Art. 6(1)(a)). You may withdraw your consent at any time, without affecting the lawfulness of prior processing.

5. Your Rights

Under GDPR, you have the following rights, exercisable by written request to contact@smsalert.mobi:

Right of Access

To obtain confirmation that your data is being processed and a copy thereof.

Right to Rectification

To correct inaccurate or incomplete data without undue delay.

Right to Erasure

To request erasure of your data when it is no longer necessary or the processing is unlawful (the "right to be forgotten").

Right to Data Portability

To receive your data in a structured, machine-readable format and to transmit it to another controller.

Right to Object

To object to processing for direct marketing purposes or based on legitimate interest.

Right to Restriction of Processing

To restrict the processing of your data while the accuracy or a dispute is being verified.

Withdrawal of Consent

To withdraw your consent at any time, without affecting the lawfulness of prior processing.

Right to Lodge a Complaint

To contact ANSPDCP (dataprotection.ro), the supervisory authority in Romania.

We respond to requests within 30 calendar days.

6. Retention Period

We retain personal data for as long as necessary for the purpose for which it was collected:

  • Active account data: for the duration of the contractual relationship.
  • Billing data and accounting documents: 10 years, in accordance with Romanian tax legislation.
  • API activity logs: 90 days, thereafter deleted or anonymised.
  • Marketing data (newsletter): until withdrawal of consent or a deletion request.
  • Data after account closure: up to 90 days, after which they are irreversibly deleted (except for data subject to a statutory retention obligation).

7. Cookies

We use the following categories of cookies:

  • Essential cookies — necessary for platform operation and secure authentication. Cannot be disabled.
  • Analytical / performance cookies — help us understand how the site is used (e.g. Matomo, with IP anonymisation).
  • Functional cookies — retain your preferences (language, UI settings).
  • Marketing / targeting cookies — used to display relevant content and analyse campaign effectiveness. Activated only with your consent.

You can block cookies from your browser settings or through the consent banner. Disabling essential cookies may make the platform unusable.

8. Marketing and Commercial Communications

We use identity, contact, technical, usage and profile data to determine the services and offers relevant to you. Marketing communications are sent to existing customers on the basis of legitimate interest or to those who have given their explicit consent.

You may at any time request the cessation of marketing communications by:

  • The unsubscribe link in any message received.
  • Adjusting the preferences in your SMSAlert account.
  • A direct request to contact@smsalert.mobi.

9. Third Parties and Processors

We do not sell or rent your personal data. We may share data with third parties solely in the context of providing services:

  • Payment processors: Stripe Inc. — transaction processing (with adequate safeguards in accordance with Standard Contractual Clauses).
  • Cloud infrastructure providers — hosting and data storage, under data processing agreements (DPA).
  • Public authorities — only when required by law (e.g. ANAF, supervisory authorities).

We obtain your explicit consent before sharing data with third parties for their own marketing purposes.

10. International Data Transfers

Your data is processed primarily in the European Economic Area (EEA). For transfers to third countries (e.g. USA — Stripe), we ensure that adequate safeguards are in place: Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR) or that the recipient is certified under an equivalent mechanism.

11. Data Security

We have implemented appropriate technical and organisational measures to prevent accidental loss, unauthorised use, access, alteration or disclosure of your personal data:

  • Encryption in transit (TLS) and at rest for sensitive data.
  • Restricted access to data on a need-to-know basis.
  • Employees and contractors who access data are bound by confidentiality clauses.
  • Documented procedures for responding to security incidents.

In the event of a security incident affecting your data, we will notify you and inform ANSPDCP within the timeframes prescribed by GDPR (72 hours from discovery), where there is a high risk to your rights.

12. Policy Changes

We reserve the right to update this policy periodically. Significant changes will be communicated by email or through a prominent notice on the platform. Continued use of the services after the publication of changes constitutes acceptance of the new version. The current version is always available at smsalert.mobi/confidentialitate.

13. Automated Decision-Making and Profiling (Art. 22 GDPR)

At present, SMSAlert does not use systems of exclusively automated decision-making or profiling that produce legal effects or significantly affect you. Any significant decision relating to your account (e.g. suspension, access restriction) involves human review.

In the future, we may implement automated mechanisms (e.g. automatic detection of suspicious traffic, account classification based on usage volume). If we do so, you will be informed in advance and will be able to:

  • Request human intervention in the decision-making process.
  • Contest the automated decision.
  • Express your point of view before the decision takes effect.

The policy will be updated accordingly before the launch of any such system.

14. Contact and Exercise of Rights

For any question relating to the processing of your data or to exercise the rights set out in section 5, contact us:

  • Email: contact@smsalert.mobi
  • Postal address: Str. Vitioara nr. 48, ap. 20, Bucharest, Sector 3, Romania

If you are not satisfied with the response received, you have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP): www.dataprotection.ro.