Privacy Policy
Effective Date: July 14, 2026 | Last Updated: July 14, 2026
1 Overview & Scope
This Privacy Policy describes how Soft Solutions ("we", "us", "our") collects, uses, stores, shares, and protects information when you use our multi-channel business messaging platform and associated services — including Bulk SMS, RCS (Rich Communication Services), WhatsApp Business Messaging, and Voice Broadcasting ("Services").
This Policy applies to:
- Customers and users who register for and use our platform ("Customers").
- Visitors to our website and web properties.
- End-recipients of messages sent through our platform ("Recipients"), to the extent we process their data.
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our Services.
2 Who We Are
Soft Solutions is a business messaging service provider established in 2011, headquartered at:
Plot No. 66, New Maruthi Nagar, Hyderabad, Telangana, India.
We act as a Data Processor for the personal data of your message Recipients (you — the Customer — are the Data Fiduciary/Controller). For data relating to our own Customers and website visitors, we act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (India).
3 Information We Collect
3.1 Customer Account Data
- Name, email address, mobile number, company name.
- Billing address, GST number, and payment-related information.
- Login credentials (passwords stored as salted hashes — never in plain text).
- API keys and authentication tokens.
- KYC / identity documents where required for regulatory compliance.
3.2 Campaign & Messaging Data
- Recipient phone numbers and contact lists uploaded by Customers.
- Message content, templates, media files, and rich card assets.
- Campaign configuration, scheduling parameters, and send logs.
- Delivery reports, read receipts, and interaction data (button taps, URL clicks).
3.3 Technical & Usage Data
- IP addresses, browser type, operating system, and device identifiers.
- Pages visited, features used, session duration, and clickstream data.
- API request logs including endpoints, timestamps, and response codes.
- Error logs and platform performance metrics.
3.4 Communications Data
- Support tickets, emails, and chat conversations with our team.
- Feedback, survey responses, and account notes.
4 How We Collect Information
- Directly from you: Registration forms, account settings, file uploads, support requests.
- Automatically: Server logs, cookies, and analytics tools when you use our platform or website.
- From third parties: Telecom operators and delivery network partners provide delivery status and carrier metadata for messages you send.
- From your campaigns: Contact lists and message content you upload or create within our platform.
5 How We Use Your Information
| Purpose | Data Used |
| Account creation & authentication | Name, email, password, phone |
| Delivering messaging services (SMS / RCS / WhatsApp / Voice) | Recipient numbers, message content, templates |
| Billing, invoicing & credit management | Account data, usage logs, payment info |
| Delivery reporting & analytics | Campaign logs, delivery status, interaction data |
| Regulatory & DLT / TRAI compliance | Sender IDs, templates, entity registration data |
| Fraud prevention & abuse detection | IP logs, API usage, campaign content |
| Customer support | Account data, support tickets, communications |
| Platform improvement & security monitoring | Usage data, error logs, performance metrics |
| Legal compliance & regulatory reporting | As required by applicable law |
| Sending service updates & notifications | Email, phone (transactional only) |
We do not use your data or your Recipients' data for targeted advertising, nor do we sell data to third-party marketers.
6 Legal Basis for Processing
Under the Digital Personal Data Protection Act, 2023 (India) and other applicable laws, we process personal data on the following bases:
- Consent: Where you have given explicit consent (e.g., marketing communications to you).
- Contractual necessity: Processing required to deliver the Services you have subscribed to.
- Legal obligation: Compliance with TRAI regulations, tax laws, court orders, or government directives.
- Legitimate interests: Fraud prevention, platform security, service improvement, and abuse monitoring — balanced against your rights.
7 Sharing & Disclosure
We do not sell your personal data. We may share information only in these circumstances:
- Telecom operators & messaging gateways: Recipient numbers and message content are transmitted to network operators and gateway partners strictly to deliver messages you dispatch.
- Meta / WhatsApp: WhatsApp messages are processed via the official WhatsApp Business API. Meta's privacy policy governs their processing of such data.
- RCS aggregators & partners: RCS messages are routed through authorised RCS aggregators and carrier networks.
- Payment processors: Billing data is shared with licensed payment gateways for transaction processing. We do not store full card details.
- Cloud infrastructure providers: We use reputable cloud hosting and database services subject to data processing agreements.
- Legal & regulatory authorities: We may disclose data to law enforcement, TRAI, or courts when required by law, valid legal process, or to protect our rights.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity with prior notice to you.
All third-party processors are bound by contractual data protection obligations.
8 Recipient Data & End-User Privacy
When you upload contact lists or send messages through our platform, you are the Data Fiduciary responsible for those Recipients' personal data. Your obligations include:
- Obtaining valid, documented consent from Recipients before messaging them.
- Honouring opt-out requests promptly and removing opted-out numbers from future campaigns.
- Ensuring that the personal data of Recipients is accurate and lawfully obtained.
- Complying with TRAI TCCCPR 2018, DPDP Act 2023, and any other applicable privacy laws.
As your Data Processor, Soft Solutions will:
- Process Recipient data only as necessary to deliver the Services.
- Not use Recipient data for any purpose beyond service delivery and compliance.
- Delete or return Recipient data upon account termination or upon your written request, subject to legal retention obligations.
- Assist you in responding to data subject rights requests where technically feasible.
9 Data Retention
| Data Category | Retention Period |
| Account registration data | Duration of account + 3 years post-closure |
| Campaign & message logs | 2 years from campaign date |
| Delivery reports & interaction data | 1 year from dispatch date |
| Billing & financial records | 7 years (statutory requirement) |
| Support communications | 2 years from ticket closure |
| API access logs | 1 year |
| Contact lists / uploaded numbers | Retained until deleted by Customer or account closure |
Data may be retained longer where required by law, regulatory directive, or active legal proceedings.
10 Security Measures
We implement industry-standard technical and organisational measures to protect your data, including:
- HTTPS / TLS encryption for all data in transit.
- Encrypted storage for sensitive credentials and API keys.
- Role-based access controls limiting data access to authorised personnel only.
- Regular security reviews and vulnerability assessments.
- Firewalls, intrusion detection, and server-level access restrictions.
- Audit logs for administrative actions and data access events.
Despite these measures, no system is completely immune to security risks. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.
11 Cookies & Tracking
Our website and platform use cookies and similar tracking technologies for the following purposes:
- Session cookies: Required to keep you logged in during your session. Deleted when you close your browser.
- Preference cookies: Remember your settings and display preferences.
- Analytics cookies: Help us understand how users navigate and use the platform so we can improve it. Analytics data is aggregated and anonymised where possible.
- Security cookies: Used for CSRF protection and fraud prevention.
We do not use advertising or third-party tracking cookies. You may configure your browser to reject cookies, but doing so may limit certain platform functionality.
12 Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data, subject to our legal retention obligations.
- Right to Data Portability: Request your account data in a commonly used, machine-readable format.
- Right to Withdraw Consent: Withdraw consent for processing activities based on consent, without affecting prior lawful processing.
- Right to Grievance Redressal: Lodge a complaint with our Grievance Officer (see Section 16) or with the Data Protection Board of India once operational.
To exercise any of these rights, email us at support@softsms.in with the subject line "Data Rights Request". We will respond within 30 days.
13 Children's Privacy
Our Services are intended solely for business use by adults aged 18 and above. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.
If you believe a minor has provided us with personal data, please contact us immediately at support@softsms.in.
14 Cross-Border Transfers
Our primary infrastructure is located in India. However, certain third-party service providers (such as messaging gateways, cloud hosting, and analytics tools) may process data in other jurisdictions.
Where data is transferred outside India, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses with data processors.
- Transfers only to jurisdictions with adequate data protection standards or under approved transfer mechanisms.
- Compliance with cross-border transfer rules under the DPDP Act 2023 as notified by the Government of India.
15 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of material changes by email or by posting a prominent notice on our platform at least 7 days before the changes take effect.
The "Last Updated" date at the top of this page indicates when the Policy was most recently revised. We encourage you to review this page periodically.
Your continued use of our Services after the effective date of any revision constitutes your acceptance of the updated Policy.