Privacy Policy

1. Who We Are

Smart Marketing Services (operating under the brand sms4every1) is a communication technology company headquartered in Mumbai, India. We have been providing Bulk SMS, RCS, WhatsApp Business messaging, DLT registration assistance and digital marketing solutions to businesses across India since 2011.

For the purpose of this Privacy Policy, "we", "us" and "our" refer to Smart Marketing Services. "You" refers to any individual or business entity that visits our website at sms4every1.com, contacts us, or uses any of our services.

This Privacy Policy describes how we handle personal data in the context of our role as a Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 (DPDPA).

2. Information We Collect

We collect only the personal data that is necessary to provide our services and comply with applicable laws. The categories of data we collect are:

A. Information You Provide Directly

Contact & enquiry forms: Your name, email address, mobile number, company name and message.
Account registration: Username, email, password (stored in encrypted form), mobile number and business name.
DLT registration assistance: Business PAN, GST certificate number, company registration documents, authorised signatory details (name, Aadhaar number, PAN), and company letterhead. These are collected solely to file your DLT registration with TRAI-approved telecom operators.
Billing & payments: Invoice details including your name, billing address and GST number. We do not store credit or debit card numbers — payments are processed by our payment gateway partners.
WhatsApp opt-in data: Mobile numbers and consent records of end-users who have opted in to receive messages via your WhatsApp Business account, as required by Meta.

B. Information Collected Automatically

Usage data: Pages visited, time spent, links clicked, and features used on our platform.
Device & browser data: IP address, browser type, operating system, device type and screen resolution.
Campaign data: SMS delivery reports, delivery timestamps, and operator responses — linked to your account but not to individual end-recipients beyond what telecom operators provide.
Cookies: Session cookies, analytics cookies and preference cookies. See Section 9 for details.

3. How We Use Your Information

We use your personal data for the following purposes:

Service delivery: Processing and transmitting your Bulk SMS, RCS, WhatsApp and other messaging campaigns via telecom operator networks.
DLT compliance: Submitting your entity, Sender ID and template registration to TRAI-mandated DLT portals on your behalf.
Account management: Creating and managing your platform account, authenticating logins and maintaining your campaign history.
Billing: Generating invoices, processing payments and maintaining records as required under GST and Indian accounting laws.
Customer support: Responding to your queries, complaints and service requests.
Platform improvement: Analysing usage patterns (in aggregate) to improve platform performance, features and reliability.
Legal compliance: Retaining records as required by the IT Act, DPDPA, TRAI regulations and tax laws.
Marketing communications: Sending you updates about our services, offers or product announcements — only with your prior consent and always with an easy opt-out option.

We do not sell your personal data to any third party. We do not use your contact list or campaign data for our own marketing purposes.

4. Legal Basis & Applicable Laws

Our handling of personal data is governed by the following Indian laws and regulations:

Digital Personal Data Protection Act, 2023 (DPDPA): India's primary data protection law. We process personal data on the lawful bases of consent, contractual necessity and legitimate legal obligation.
Information Technology Act, 2000 & IT (Amendment) Act, 2008: Governs electronic data security and reasonable security practices under Section 43A.
Information Technology (Reasonable Security Practices and Procedures) Rules, 2011: We follow IS/ISO/IEC 27001 aligned practices for data security.
TRAI Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR): Governs how commercial SMS is sent in India, including DND scrubbing, sender registration and template approval.
Goods & Services Tax (GST) Act: Requires retention of billing records for a minimum of 6 years.

5. TRAI & DLT Compliance

As a business messaging service provider operating in India, we are required to comply with TRAI's Distributed Ledger Technology (DLT) framework. This directly affects how we handle certain data:

DND scrubbing: Before transmitting any promotional SMS campaign, we automatically filter your contact list against TRAI's Do Not Disturb (DND) registry. Numbers registered on the DND list will not receive promotional messages.
Sender ID registration: All Sender IDs (e.g., "SMSFOR") used on our platform must be registered on TRAI's DLT portal. We submit registration data on your behalf as part of our managed DLT service.
Template pre-approval: All commercial SMS templates must be pre-approved on the DLT platform before use. We assist you in template formatting and submission.
Audit trail: TRAI requires us to maintain a log of all commercial messages sent, including sender, template ID, timestamp and delivery status. These logs are retained for a minimum of 3 years.

Sending SMS to DND-registered numbers is prohibited under TRAI TCCCPR 2018 and carries significant penalties. Our platform enforces DND filtering automatically on all promotional campaigns.

6. Data Sharing & Third Parties

We share your data only where necessary to deliver our services or comply with law. We do not share data for advertising or marketing by third parties.

Service-essential sharing:

Telecom operators (Airtel, Jio, Vi, BSNL and others): Your message content, Sender ID and recipient numbers are transmitted to the relevant operator network for delivery. This is inherent to how SMS and RCS work.
Meta (WhatsApp Business API): For WhatsApp services, message content and recipient numbers are processed via Meta's Business API infrastructure. Meta's own privacy policy applies to data processed through their platform.
DLT platform operators: When we file DLT registrations on your behalf, your business details are submitted to the relevant telecom operator's DLT portal (e.g., Airtel DLT, JioTrueSync, Vi DLT, BSNL DLT).
Payment gateways: Billing transactions are processed by our PCI-DSS-compliant payment partners. We share only the billing information necessary to complete the transaction.
Cloud hosting providers: Our platform infrastructure is hosted on servers located in India. Our hosting providers have contractual data processing obligations consistent with the IT Act.

Legal disclosure:

We may disclose personal data if required by a court order, government authority or law enforcement agency under applicable Indian law. We will notify you of such requests where legally permitted to do so.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law:

Account data: Retained for the duration of your account plus 2 years after account closure.
Campaign & message logs: Retained for 3 years as required by TRAI regulations.
DLT registration documents: Retained for the duration of the DLT registration plus 3 years.
Billing records: Retained for 6 years as required under GST law.
Contact form & enquiry data: Retained for 1 year or until you request deletion, whichever is earlier.

After the applicable retention period, data is securely deleted or anonymised.

8. Your Rights Under DPDPA 2023

The Digital Personal Data Protection Act, 2023 grants you the following rights as a Data Principal. You may exercise these rights by contacting our Grievance Officer (see Section 12).

🔍

Right to Access

Request a summary of the personal data we hold about you and how it is being processed.

✏️

Right to Correction

Request correction or update of any inaccurate or incomplete personal data we hold.

🗑️

Right to Erasure

Request deletion of your personal data when it is no longer necessary for the purpose it was collected, subject to legal retention obligations.

🚫

Right to Withdraw Consent

Withdraw consent for data processing at any time. Withdrawal does not affect lawfulness of prior processing.

👥

Right to Nominate

Nominate another individual to exercise your data rights in the event of your death or incapacity.

💬

Right to Grievance Redressal

File a grievance with our Grievance Officer. If unresolved, you may escalate to the Data Protection Board of India.

We will respond to all valid rights requests within 30 days. Some requests may be subject to identity verification before we process them.

9. Cookies & Analytics

Our website uses cookies to ensure it functions correctly and to understand how visitors use it. We use the following types:

Essential cookies: Required for core site functionality such as navigation and session management. Cannot be disabled.
Analytics cookies: Help us understand aggregate website traffic and usage patterns (e.g., page views, referral sources). Data is anonymous and not linked to individual users.
Preference cookies: Remember choices you make (e.g., language, chatbot state) to improve your experience.

You can control non-essential cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our site. We do not use advertising or tracking cookies that follow you across third-party websites.

10. Security Measures

We implement technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration or destruction:

Encryption: Data in transit is encrypted using TLS 1.2 or higher. Passwords are stored using strong one-way hashing.
Access control: Access to personal data is restricted to authorised personnel on a need-to-know basis.
Infrastructure security: Our servers are hosted in India with firewalls, intrusion detection, and regular security audits.
DLT document handling: Sensitive business documents collected for DLT registration are stored in access-controlled environments and deleted after the registration process is complete.

In the unlikely event of a personal data breach that poses a risk to individuals, we will notify the affected users and the Data Protection Board of India as required under DPDPA 2023.

11. Children’s Privacy

Our services are designed for businesses and adult professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact our Grievance Officer immediately and we will delete it promptly.

Under the DPDPA 2023, processing of personal data of children requires verifiable parental consent. We do not target or knowingly serve children.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and DPDPA 2023, we have appointed a Grievance Officer to address any concerns or complaints about how we handle your personal data.

Grievance Officer
Smart Marketing Services
Mumbai, Maharashtra, India

Email: smsforeveryone@gmail.com
Phone: +91 9323389977
Hours: Monday – Saturday, 9 AM – 7 PM IST

We will acknowledge your grievance within 48 hours and endeavour to resolve it within 30 days.

If your grievance is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India once it is constituted under the DPDPA 2023.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, business practices or applicable law. When we make material changes, we will:

Update the Last Updated date at the top of this page.
Display a notice on our website homepage for 30 days after the change.
Send an email notification to registered account holders for significant changes.

Your continued use of our website or services after any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

Table of Contents