SMS Localhost ("we", "us", "our") is operated by SuperDarkCode Labs (Pvt) Ltd, a company registered in Zimbabwe. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at sms.localhost.co.zw and any associated services, APIs, or mobile applications (collectively, the "Service").
By using the Service, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Service.
01
Information We Collect
1.1 Information You Provide
- Account information: Username, email address, first and last name, password, and optional company or organization name when you register.
- Organization data: Organization name, member details, and role assignments when you create or join an organization.
- Contact lists: Phone numbers, names, email addresses, and any custom fields you upload or enter for your contacts and contact groups.
- Message content: The text of SMS and WhatsApp messages you compose, including campaign messages, templates, and drafts.
- Billing information: Transaction records, purchase history, bundle selections, and redemption token usage. Payment card details are processed directly by our payment provider (PesePay) and are never stored on our servers.
- Sender ID applications: Proposed sender names and associated business justifications.
- Support communications: Any messages or information you provide when contacting our support team.
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, timestamps, and interaction patterns within the dashboard.
- Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
- Message delivery metadata: Recipient phone numbers, delivery statuses, timestamps, provider message IDs, and error codes.
- API activity: API key usage, request timestamps, endpoints called, and response statuses.
- Log data: Server logs including access times, referring URLs, and system error information.
1.3 Information From Third Parties
- Social sign-in providers: If you authenticate via Google, GitHub, Microsoft, or LinkedIn, we receive your name, email address, and profile picture as permitted by your account settings with that provider.
- SMS delivery providers: Delivery receipts, status callbacks, and error reports from our upstream messaging partners.
- Payment processor: Transaction confirmation, payment status, and reference numbers from PesePay.
02
How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To send your SMS and WhatsApp messages, manage your campaigns, process contact lists, and operate all platform features.
- Account management: To create and maintain your account, authenticate your identity, and manage organization memberships and permissions.
- Billing and payments: To process credit purchases, generate receipts, track credit balances, and send low-credit alerts.
- Communication: To send transactional emails including account verification, password resets, purchase confirmations, sender ID status updates, and credit alerts.
- Platform improvement: To analyze usage patterns, identify bugs, improve performance, and develop new features.
- Security: To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
- Compliance: To comply with applicable laws, regulations, legal processes, and enforceable government requests.
- Sender ID review: To evaluate and process sender ID applications, including verifying business identity and preventing impersonation.
We do not read, analyze, or mine the content of your messages for advertising, profiling, or marketing purposes. Message content is processed solely for delivery and compliance screening.
03
Legal Basis for Processing
We process your personal data on the following legal grounds:
- Contract performance: Processing necessary to provide the Service you have signed up for (account management, message delivery, billing).
- Legitimate interests: Processing necessary for our legitimate business interests, such as platform security, fraud prevention, and service improvement, where these interests are not overridden by your rights.
- Consent: Where you have given explicit consent, such as opting in to marketing communications or connecting a social sign-in account.
- Legal obligation: Processing required to comply with applicable laws and regulations.
04
Data Storage, Retention, and Security
4.1 Storage
Your data is stored on secure servers hosted in data centres with physical access controls, redundant power, and network security measures. Database backups are encrypted and stored separately from production systems.
4.2 Security Measures
- All connections are encrypted using TLS/HTTPS.
- Passwords are hashed using industry-standard algorithms (PBKDF2 with SHA-256).
- API keys are hashed at rest and displayed only once at creation.
- Access to production systems is restricted to authorized personnel with multi-factor authentication.
- Regular security reviews and dependency updates are performed.
- Session tokens expire after a period of inactivity.
4.3 Retention
Account data
Active + 30 days
Retained while your account is active, plus 30 days after deletion for recovery.
Message logs
12 months
SMS/WhatsApp metadata and content retained for your reference.
Billing records
7 years
Required for financial record-keeping and tax compliance.
Server logs
90 days
System and access logs for security and debugging.
Contact data
Active + 30 days
Deleted contacts are permanently removed within 30 days.
05
Third-Party Services and Data Sharing
5.1 Service Providers
We share data with the following categories of third-party service providers, solely to operate the Service:
- SMS gateway providers: Recipient phone numbers and message content are transmitted for delivery. These providers are contractually obligated to use this data only for message delivery.
- Payment processor (PesePay): Transaction amounts, currency, and reference numbers are shared to process purchases. PesePay handles all card data directly.
- Email delivery service: Your email address is used to send transactional emails.
- Hosting and infrastructure providers: Your data is processed on servers operated by our hosting provider in accordance with their security commitments.
We do not sell, rent, or trade your personal information or contact lists to any third party for marketing or advertising purposes.
5.2 Legal Disclosures
We may disclose your information if required by law, court order, or government regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a lawful request from public authorities.
06
Your Rights and Choices
You have the following rights regarding your personal data:
- Access: View your account information, message history, contacts, and billing records from your dashboard at any time.
- Correction: Update your profile, organization details, and contact information directly from the dashboard settings.
- Deletion: Delete individual contacts, groups, campaigns, and templates from the dashboard. To request full account deletion, contact us at network@superdarkcodelabs.co.zw.
- Data export: Request a copy of your data in a machine-readable format by contacting our support team.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
- Objection: You may object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds.
To exercise any of these rights, contact us at network@superdarkcodelabs.co.zw. We will respond within 30 days.
07
Cookies and Similar Technologies
- Essential cookies: We use session cookies for authentication and CSRF protection. These are strictly necessary for the Service to function and cannot be disabled.
- Preference cookies: We store user preferences (such as dismissed onboarding prompts) in browser local storage.
- No tracking cookies: We do not use third-party analytics, advertising, or tracking cookies. We do not participate in any ad networks or retargeting programs.
08
International Data Transfers
Your data may be processed in countries other than Zimbabwe where our service providers operate. When data is transferred internationally, we ensure appropriate safeguards are in place, including contractual obligations on data processors to protect your information in accordance with this policy.
09
Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.
10
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify the relevant data protection authorities as required by applicable law.
11
Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes:
- We will update the "Last updated" date at the top of this page.
- We will notify registered users via email.
- We will display a notice on the dashboard for 30 days following the change.
Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
12
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us: