Data Privacy Policy

Last updated: 2025-05-22 [Date Placeholder - Finalize Later]

1. Introduction

Welcome to SimRelay. We are committed to protecting your privacy. This policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our service ("Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use the Service.

2. Data Controller

The data controller responsible for your personal data is:

8up Ventures GmbH
Lilienthalstraße 5c
12529 Schönefeld
Germany
Email: [email protected]

3. Information We Collect

We may collect information about you in a variety of ways. The information we may collect includes:

  • Personal Identification Information: Name, email address, phone number (for recipients if provided for forwarding), company name, billing information (securely processed via our payment processor, Stripe).
  • Account Information: User credentials (hashed passwords), organization details, configuration settings (e.g., hosted SIM numbers, recipient mappings).
  • Message Data: Content, sender, timestamp, and recipient information of SMS messages processed through our Service solely for the purpose of forwarding as configured by you. We aim to store this data only transiently as needed for reliable processing and potentially for short-term logging/auditing if applicable to your service tier and agreed upon terms.
  • Derivative Data: Information our servers automatically collect when you access the website and Service, such as your IP address (which may be anonymized), browser type, operating system, access times, and the pages you have viewed directly before and after accessing the site.
  • Usage Data: Information about how you use the Service, such as number of forwarded messages per billing cycle, feature usage patterns (collected automatically for service improvement and billing).
  • Payment Data: We use Stripe for payment processing. We do not directly store your full credit card number. Stripe's privacy policy applies to payment data processing. We may store partial payment details (like card type and last four digits) for identification and billing management.
  • Tracking and Cookie Data: We use cookies and similar tracking technologies to track activity on our website and Service and hold certain information. See section on "Cookies and Tracking Technologies" below.

4. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you to:

  • Create and manage your account.
  • Provide, operate, and maintain our Service.
  • Process your transactions and manage subscriptions (via Stripe).
  • Forward SMS messages according to your configuration.
  • Improve, personalize, and expand our Service and website offerings.
  • Communicate with you regarding your account or order, and respond to your requests (e.g., service updates, support, security alerts).
  • Send you newsletters, promotions, and marketing information (where consent is obtained, with opt-out options).
  • Monitor and analyze usage and trends to improve your experience with the website and Service.
  • Monitor usage for billing and enforcing usage limits.
  • Ensure security, prevent fraud, and troubleshoot problems.
  • Comply with legal obligations (e.g., tax laws, lawful requests).
  • Provide audit logs (for applicable Enterprise Tier customers).

5. Legal Basis for Processing (e.g., under GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described above depends on the Personal Data we collect and the specific context in which we collect it:

  • Contractual Necessity: Processing is necessary to perform our contract with you (e.g., to provide the SimRelay Service you subscribed to).
  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., for service improvement, security monitoring, fraud prevention, analytics, direct marketing based on existing relationship), provided these interests are not overridden by your data protection interests or fundamental rights and freedoms.
  • Consent: We have obtained your specific consent for processing (e.g., for certain marketing communications, non-essential cookies).
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

6. Data Sharing and Disclosure

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

  • By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
  • Third-Party Service Providers: We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. These include:
    • seven.io: For receiving webhooks and sending forwarded SMS messages. Their data processing terms and privacy policy apply.
    • Stripe: For payment processing. Their privacy policy applies.
    • Google Cloud Platform (GCP): For hosting our application infrastructure. Their security and privacy practices apply.
    • Google Analytics, Google Tag Manager, Google Ads: For website analytics and advertising purposes (see section below).
    • [List any other key providers, e.g., email service like Postmark/SendGrid, error tracking like Sentry]
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • With your Consent: We may disclose your personal information for any other purpose with your consent.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not sell your personal information.

7. Cookies and Tracking Technologies

We use cookies, web beacons, tracking pixels, and other tracking technologies on the website and Service to help customize the experience and improve the Service. When you access the website or Service, your personal information is not collected through the use of tracking technology automatically. Most browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Service (e.g., session management).

Specifically, we use:

  • Essential Cookies: Necessary for the operation of the Service, such as maintaining login sessions.
  • Analytics Cookies (Google Analytics): We use Google Analytics to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form (where possible via IP anonymization), including the number of visitors to the website, where visitors have come to the website from and the pages they visited. For more information on Google Analytics cookies, see the official Google Analytics cookie usage documentation and Google's Privacy Policy. You can opt-out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.
  • Advertising Cookies (Google Ads): We may use Google Ads remarketing services to advertise on third-party websites (including Google) to previous visitors to our site. This could mean that we advertise to previous visitors who haven't completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone's past visits to the SimRelay website. Any data collected will be used in accordance with our own privacy policy and Google's privacy policy. You can set preferences for how Google advertises to you using the Google Ad Settings page.
  • Google Tag Manager (GTM): We use Google Tag Manager to manage our website tags (snippets of code for tracking and analytics) without needing to edit the website code directly. GTM itself does not set cookies that track users, but it facilitates the deployment of tags from other services (like Google Analytics and Google Ads) which may set cookies. GTM usage is governed by Google Tag Manager Use Policy.
  • [Consider adding a Cookie Consent Banner/Mechanism if legally required based on user location and cookie types.]

8. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws, like tax/accounting requirements), resolve disputes, and enforce our legal agreements and policies. Account information is typically retained as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the Service. Usage data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. As noted, message data is processed transiently or logged short-term based on service terms.

9. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us (e.g., hashing passwords, using HTTPS, access controls), please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

10. Your Data Protection Rights (e.g., under GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Depending on your location, you may have rights such as:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data based on legitimate interests, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to withdraw consent: You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
  • The right to lodge a complaint: You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data.

Please contact us at [email protected] to exercise these rights. We may ask you to verify your identity before responding to such requests.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: [email protected]