DPDPA Notice to Data Principals

Section 5 of the Digital Personal Data Protection Act, 2023 requires every Data Fiduciary to give you a clear notice in plain English (or one of the 22 scheduled Indian languages you choose) describing the personal data being processed and the purpose. This page is our notice in English. On request we will provide a translation in any of the scheduled languages.

SMSLocal Technologies Private Limited, an Indian private limited company, is the Data Fiduciary for account-holder data (dashboard users, billing contacts). When you are the end recipient of a message sent through our platform by one of our customers, that customer is the Data Fiduciary and SMSLocal acts as a Data Processor on their behalf.

• Account data — name, email, mobile, company, GSTIN, password hash.
• Usage data — login events, API requests, dashboard actions, IP address.
• Compliance data — DLT IDs, template registrations, KYC documents.
• Billing data — wallet transactions, invoices, tax details.
• Message traffic metadata — sender, recipient mobile, timestamp, delivery status. Actual content is processed only to deliver the message.

• Running the platform, dashboards, and APIs.
• Delivering SMS, WhatsApp, and OTP messages to recipients.
• Meeting TRAI, DoT, and operator compliance requirements.
• Billing, invoicing, and GST reporting.
• Security, fraud prevention, and abuse investigation.
• Customer support and product communication.
• With your consent, marketing and product updates.

We rely on your consent for marketing. For every other purpose we rely on a legitimate use recognised by Section 7 of the Act — typically performance of contract, compliance with law, or for the safety of our platform.

Telecom operators, the DLT platforms they rely on (Jio, Vi, Airtel, BSNL, VIL), Meta / WhatsApp for WhatsApp Business API traffic, payment processors (such as Razorpay), cloud infrastructure providers, and professional advisers under confidentiality. We do not sell personal data and do not share it with ad networks.

Account data is kept for the life of the workspace plus the period required by Indian tax and telecom laws. Message metadata is retained for the period required by TRAI. Content retention is configurable in Settings → Data; the default is documented in the dashboard.

As a Data Principal you can:

• Request a summary of the personal data we hold about you.
• Request correction, completion, update, or erasure.
• Withdraw consent for any consent-based processing.
• Nominate an individual to exercise your rights if you are unable to.
• File a grievance with our Grievance Officer.

If you are not satisfied with our response you can escalate to our Grievance Officer at grievance@smslocal.in. If still unresolved, you may file a complaint with the Data Protection Board of India once it is operational under the Act.

SMSLocal is designed for business users. We do not knowingly process the personal data of a child (anyone under 18) or a person with disability who requires a guardian, without verifiable consent from the lawful guardian. If you believe we have inadvertently processed such data, write to us at dpo@smslocal.in.

Material changes are communicated at least 14 days in advance to workspace owners by email and via an in-app banner. The "Last updated" date above always reflects the current version.