Privacy Policy

1. Introduction and Scope

At SymphonyRoute ("we", "us", "our", "company"), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the SymphonyRoute platform and services.

This policy applies to our website, APIs, dashboard, and all SymphonyRoute services. By using our services, you agree to the terms of this policy. If you do not agree with these terms, please do not use our services.

This policy is designed to comply with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR) and other relevant privacy regulations.

2. Personal Data We Collect

To provide and improve our services, we collect personal data in the following categories:

Identity and Contact Information: Name, email address, phone number, job title, company name, and address information. This information is used for account creation, customer support, and communication purposes.

Account Information: Username, password (encrypted), account settings, preferences, and API keys. This information is necessary for you to use our services.

Usage Data: Your platform usage, API calls, SMS messages sent, success/failure rates, provider performance metrics, and other analytics data. This data is used to improve our services and provide you with a better experience.

Technical Data: IP address, browser type and version, operating system, device information, referring URLs, page view durations, and other automatically collected technical information. This data is used for security, debugging, and service optimization.

Payment Information: Billing address, payment method information (last four digits of credit card, payment processor information). Full credit card information is processed directly by our payment processors and is not stored in our systems.

Communication Data: Information you provide when contacting us (emails, support requests, feedback).

3. Data Collection Methods

We collect your personal data through the following methods:

Directly From You: We collect information directly from you when you create an account, update your profile, create support requests, or contact us.

Automatic Collection: When you use our services, we automatically collect technical information from your device and browser. This is done through cookies, log files, web beacons, and similar technologies.

Third-Party Sources: In some cases, we may receive information from business partners, social media platforms, or public sources (e.g., for company information).

Integrations: When you integrate with SMS providers, we process data received from those providers. This data is used solely to provide our services.

4. Purposes of Data Use

We use the personal data we collect for the following purposes:

Service Provision: Managing your account, providing SMS delivery services, granting API access, operating the dashboard, and providing technical support.

Transaction Management: Processing payments, generating invoices, managing subscriptions, and maintaining accounting records.

Service Improvement: Analyzing platform performance, improving user experience, developing new features, and enhancing service quality.

Security: Preventing fraud, detecting security breaches, ensuring account security, and maintaining legal compliance.

Communication: Sending service updates, important notifications, technical support, and marketing communications (if you have consented).

Legal Compliance: Fulfilling our legal obligations, complying with court orders, meeting regulatory requirements, and protecting our legal rights.

Analytics and Reporting: Analyzing data to generate usage statistics, prepare business intelligence reports, and make strategic decisions.

5. Data Sharing and Third Parties

We do not share your personal data with third parties except in the following circumstances:

Service Providers: We share limited data with third-party service providers necessary to provide our services. These include cloud infrastructure providers (AWS, Google Cloud), payment processors (Stripe, PayPal), email services, analytics tools, and SMS providers. These providers only access data necessary to provide our services and cannot use your data for their own purposes.

Business Partners: We may share limited data with trusted business partners to improve our services or offer new features. These shares are protected by contracts and used only for specified purposes.

Legal Obligations: We may be required to share your personal data in case of legal obligations, court orders, government requests, or regulatory authority requests. In such cases, we will notify you to the extent legally possible.

Business Transfers: In case of merger, acquisition, restructuring, or asset sale, your personal data may be transferred to the new owner or legal successor. You will be notified of such changes.

Explicit Consent: With your explicit consent, we may share data with third parties you specify.

We never sell your personal data to third parties for advertising or marketing purposes.

6. Data Security

We implement industry-standard technical and organizational security measures to protect your data:

Encryption: All sensitive data (passwords, API keys, payment information) is encrypted using industry-standard encryption algorithms (AES-256, TLS 1.3). Data is encrypted both at rest (during storage) and in transit (during transmission).

Access Control: Data access is granted only to authorized personnel, based on business requirements, following the principle of least privilege. All access is logged and regularly reviewed.

Security Infrastructure: We protect our infrastructure with firewalls, intrusion detection systems, DDoS protection, and regular security audits.

Regular Backups: Your data is regularly backed up, and we have disaster recovery plans in place.

Staff Training: All our employees are regularly trained on data security and privacy matters.

Security Breach Notification: If any security breach is detected, we will immediately notify you and relevant regulatory authorities in accordance with legal requirements.

However, no internet-based system is 100% secure. We do our best to protect your data, but we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and services:

Essential Cookies: Required for the basic functionality of our services. For example, used for session management, security, and preference storage. You cannot use our services without these cookies.

Performance Cookies: Used to analyze platform performance, debug, and improve user experience. These cookies collect anonymous data.

Functionality Cookies: Used to remember language preferences, theme settings, and other user preferences.

Analytics Cookies: Used to analyze usage statistics, page views, user behaviors, and platform interactions. This data is processed in aggregate and anonymous form.

Cookie Management: You can manage cookies through your browser settings. However, if you disable essential cookies, some features of our services may not work. Most browsers accept cookies automatically, but you have the option to reject cookies through your browser settings.

8. Data Retention Periods

We retain your personal data for as long as necessary for our collection purposes:

Account Data: Retained while your account is active and until account deletion. After account deletion, your data is deleted within 30 days, except for legal retention obligations (e.g., 10 years for accounting records).

Usage Data: Usage data for analytics and improvement purposes is generally retained for 2 years, but may be retained longer in anonymized format.

Communication Data: Support requests and communication records are retained for 3 years.

Payment Information: Retained for 10 years due to legal accounting requirements.

Log Files: Log files for security and debugging purposes are generally retained for 90 days.

When you delete your account or the retention period expires, your personal data is securely deleted or anonymized.

9. Data Subject Rights (GDPR)

You have the following rights regarding your personal data:

Right to Information: You have the right to know what personal data is being processed, processing purposes, who the data is shared with, and retention periods.

Right of Access: You can request a copy of your processed personal data. This request is generally fulfilled within 30 days.

Right to Rectification: You can request correction of incorrect or incomplete personal data.

Right to Erasure (Right to be Forgotten): Under certain conditions (e.g., if data is no longer necessary, if you withdraw your consent), you can request deletion of your personal data. However, some data may not be deleted due to our legal retention obligations.

Right to Restrict Processing: If you are disputing the accuracy of your data or objecting to processing, you can temporarily restrict processing of your data.

Right to Data Portability: You can receive certain data in a structured, commonly used, and machine-readable format.

Right to Object: You can object to our processing activities based on legitimate interests. We will evaluate your objection and stop processing if you have valid grounds.

Automated Decision-Making: You have the right not to be subject to automated decision-making processes (including profiling).

To exercise these rights, you can send an email to privacy@symphonyroute.com. We respond to your request within 30 days. We may request some information to verify your identity.

10. Children's Privacy

Our services are intended for users aged 18 and over. We do not knowingly collect personal information from children under 18. If we discover that we have collected personal information from a child, we will immediately delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. International Data Transfers

As our services are provided globally, your personal data may be transferred to servers outside your country. Your data may be stored on servers located in the European Union and the United States of America, in particular.

In international data transfers, appropriate security measures are taken, and your data is processed only in accordance with the terms of this policy. If data is transferred from the European Union, GDPR standard contractual clauses or other legal mechanisms are used.

You can contact us to learn which countries your data is processed in.

12. Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through the platform. You can also track changes by checking the "Last Updated" date at the top of this page.

Your continued use of our services after changes take effect means you accept the updated policy. If you do not accept the changes, you can close your account and stop using our services.

For significant changes (e.g., significant changes in data use purposes, new data sharing), we will notify you in advance as much as possible and obtain new consent if necessary.

13. Third-Party Links

Our website and services may contain links to third-party websites. These links are provided for convenience only, and we are not responsible for the privacy practices of these websites. When you visit a third-party website, we recommend reading that site's privacy policy.

14. Contact and Complaints

If you have questions, requests, or concerns about our privacy policy, data processing activities, or your rights, please contact us:

Email: privacy@symphonyroute.com

You can also file a complaint with the relevant data protection authority if you believe your data protection rights have been violated. In the European Union, this is the relevant member state's data protection authority.