Data Processing Addendum
For business customers who need a written processor agreement. Last updated 2026-06-26
Plain-language summary
This addendum supplements our Terms and Privacy Policy. You (the customer) are the data controller of the recipient data you send through SMSKit; we are the data processor, acting only on your documented instructions.
This is scaffolding pending legal review — not legal advice. A counsel-reviewed, countersignable DPA is issued on request before launch.
1. Roles
SMSKit processes personal data (message content, recipient phone numbers, delivery metadata) solely to provide the service on your behalf. You are responsible for having a lawful basis and recipient consent for the messages you send.
2. Scope & purpose of processing
- Subject matter: routing and delivery of SMS through phones and SIMs you supply.
- Duration: for the term of your account, plus your plan's retention window.
- Data categories: recipient numbers, message content, device telemetry, and account contact details.
3. Security
Each account's data lives in its own isolated database — never pooled with other customers. Phone numbers and message content are masked in our operational logs. Secrets are held in a managed key vault.
4. Subprocessors
- Paystack — billing.
- Twilio Verify — recovery phone verification.
- Firebase / FCM — push wake-ups to your phones.
5. Data subject rights & deletion
We assist you in responding to access, correction, and deletion requests. On account closure we delete the account's database and its sidecar files.
6. Requesting a signed DPA
To receive a countersignable copy, email support@smskit.cloud with your legal entity name.