Privacy Policy

SMSLocal.in ("SMSLocal", "we", "us", "our") is operated by Swadesh Mobile. We provide WhatsApp Business API services, bulk SMS broadcasting, chatbot automation, two-way messaging, and planned RCS Business Messaging services to businesses across India and abroad.

This Privacy Policy applies whenever you visit smslocal.in, register for an account, purchase or use our Services, integrate with our APIs, or contact our support, sales, billing, or grievance teams.

• Personal Information — data relating to an identified or identifiable natural person, as understood under the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.
• Customer Data — information you upload or transmit through the platform, including contact lists, message content, media, and chatbot conversations.
• End-Recipient — an individual who receives a WhatsApp, SMS, or RCS message sent via SMSLocal.
• Services — all SMSLocal products, including the WhatsApp Business API, bulk messaging, chatbot builder, analytics, and integrations.

Information you provide — account registration details (name, business name, email, mobile number, password, GSTIN, PAN, billing address), KYC and onboarding documents, payment information (processed through PCI-DSS compliant gateways; we do not store full card numbers), and your communications with our sales, support, billing, and grievance teams.

Customer Data you upload — end-recipient contact lists, message content, templates, chatbot flows, and two-way conversation transcripts.

Information collected automatically — device and connection data (IP address, browser type, device identifiers, operating system, timezone, language), usage data (pages visited, features used, API calls, campaign statistics), delivery, read, and engagement metadata from Meta, telecom operators, and Google, and information collected via cookies and similar technologies.

Information from third parties — identity verification and anti-fraud signals, profile data from authentication providers (Google, Microsoft), and information from Meta, telecom operators, payment processors, and integration partners.

We use the information we collect to:

• Create accounts and carry out identity verification, KYC, DLT, and WhatsApp onboarding.
• Deliver the Services and dispatch messages on your behalf.
• Process payments, generate invoices, and manage your wallet.
• Provide customer support and resolve grievances.
• Improve the platform and develop new features.
• Send service notifications, security alerts, and billing reminders.
• Send marketing communications, from which you may opt out at any time.
• Detect and prevent fraud, abuse, and spam.
• Comply with legal and regulatory obligations.

As an authorised WhatsApp Business Solution Provider, SMSLocal follows Meta's terms and policies. Customer Data is processed on Meta-hosted infrastructure and on SMSLocal servers. You must obtain valid opt-in consent from your end-recipients. SMSLocal does not use end-recipient numbers or message content for any unrelated purpose.

All SMS services comply with TRAI's Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR) and the DLT framework. Before sending SMS, customers must complete Entity Registration, Sender ID (Header) Registration, and Template Registration on the DLT platforms (Jio, Airtel, Vi, BSNL). Consent records and DLT identifiers are retained as mandated by TRAI, and promotional SMS is honoured only outside Do-Not-Disturb hours.

We are preparing to launch RCS Business Messaging. For this service we will collect mobile numbers, opt-in timestamps, IP addresses, message delivery status, interaction events, and opt-out preferences.

How we use it — to deliver messages, honour STOP / UNSUBSCRIBE keywords, respond to HELP / INFO replies, and generate delivery and engagement reports.

Legal basis — explicit consent obtained via a pre-unticked checkbox during registration.

Your rights — you may opt out using the STOP, UNSUBSCRIBE, CANCEL, END, or QUIT keywords or a settings toggle, email support@smslocal.in (24-hour response), and access or delete your personal data on request. Opted-out numbers are added to a suppression list.

Third parties — Infobip (carrier aggregator) and Google RBM handle routing. Retention — opt-in/opt-out timestamps and audit logs are retained for 24 months after account closure; message bodies for 90 days.

SMSLocal does not sell, rent, or trade your Personal Information or Customer Data. We share data only with:

• Meta (WhatsApp) and Google (RCS).
• Indian telecom operators and DLT registrars.
• Payment processors, banks, and tax authorities.
• Sub-processors and infrastructure providers under confidentiality obligations.
• Channel partners and resellers, as needed.
• Professional advisers under confidentiality.
• Law enforcement and regulators when legally compelled.
• A successor entity in a merger or acquisition, with notice to you.

We retain Personal Information and Customer Data only as long as necessary to provide the Services, comply with legal obligations, and resolve disputes.

• Account and KYC records — for the life of the account plus 5–8 years as required by Indian law.
• Message metadata and delivery logs — 180 days in active storage, longer in archival.
• Billing and tax records — at least 8 years.
• Contact lists and chatbot data — for the active life of the account, deleted within 90 days of closure.

Subject to applicable law, you have the right to:

• Access a summary of the Personal Information we hold about you.
• Correct and update inaccurate data.
• Request erasure, subject to legal retention requirements.
• Seek grievance redressal.
• Nominate another person to exercise your rights.

Additional rights for EU / EEA users (GDPR) — the GDPR grants rights to object to processing, restrict processing, data portability, and to lodge a complaint with a Supervisory Authority. Such requests may be directed to our customers (acting as data controllers) or to SMSLocal using the contact details in Section 19.

We use cookies and similar technologies (pixels, local storage, SDKs) to operate the website, remember your preferences, secure your account, and measure usage. You can control cookies through your browser settings, though disabling certain cookies may limit some features. See our Cookie Policy for more detail.

Your information may be processed or stored in India and in other countries where our service providers operate. Transfers of data outside your country rely on Standard Contractual Clauses, intra-group agreements, and provider certifications.

SMSLocal is intended exclusively for businesses and individuals over 18 years of age. We do not knowingly collect information from children. If a child has provided information to us, please contact support and we will delete it.

Our website and platform contain links to and integrations with third-party services (Shopify, WooCommerce, Zoho, Razorpay, Stripe, Meta, Google, and others). We are not responsible for their privacy practices. Please review the privacy policies of those third parties before sharing information with them.

We implement reasonable technical, administrative, and physical safeguards to protect your Personal Information, including:

• TLS / SSL encryption in transit.
• Encryption at rest for sensitive fields.
• Role-based access controls.
• Multi-factor authentication for administrative access.
• Secure cloud hosting.
• Periodic vulnerability assessments.
• Employee confidentiality obligations.

No method of transmission or storage is 100% secure. Keep your credentials confidential and notify support@smslocal.in of any suspected unauthorised access.

Swadesh Mobile cooperates with valid requests from Indian and foreign government, security, defence, revenue, regulatory, and law enforcement authorities. We disclose Personal Information and Customer Data when legally compelled, or when necessary to comply with law, enforce our terms, protect our users, or investigate fraud.

In accordance with the Information Technology Act, 2000, the IT (Reasonable Security Practices) Rules, 2011, and the DPDP Act, 2023, the Grievance Officer can be reached at:

• Name — to be appointed by Swadesh Mobile.
• Entity — Swadesh Mobile (operator of SMSLocal.in).
• Email — grievance@smslocal.in

Complaints are acknowledged within 48 hours and resolved within the timelines set by law.

We may update this policy to reflect changes in our practices, technology, legal requirements, or operations. Updated versions are posted with a revised date, and material changes receive additional notice by email or in-product notification. Your continued use of the Services after an update constitutes acceptance of the revised policy.

For questions or requests regarding our privacy practices:

• Email — privacy@smslocal.in
• Website — smslocal.in
• Operator — Swadesh Mobile