Legal

Privacy Policy

Last updated: December 2024

This Privacy Policy explains how DEADLY DIGITAL STUDIOS, trading as YesSMS ("we", "us", "our"), collects, uses, stores, and protects your personal data when you use our SMS platform and services.

1. Who We Are

DEADLY DIGITAL STUDIOS is a company registered in England and Wales. We operate the YesSMS platform, providing SMS messaging services to businesses.

Data Controller: DEADLY DIGITAL STUDIOS
Trading Name: YesSMS
Email: privacy@yessms.io
Data Protection Officer: dpo@yessms.io

We are registered with the Information Commissioner's Office (ICO) as a data controller.

2. Information We Collect

2.1 Account Information

When you register for YesSMS, we collect:

  • Full name
  • Email address
  • Company name
  • Phone number
  • Billing address
  • Payment information (processed securely via our payment provider)

2.2 Contact Data (Your Recipients)

When you use our platform to send SMS messages, you upload or input:

  • Phone numbers of your message recipients
  • Names and other contact details you choose to store
  • Custom fields and tags you assign to contacts
  • Group memberships

Important: You are the data controller for your recipients' personal data. We process this data on your behalf as a data processor. You must ensure you have appropriate legal basis and consent to send SMS messages to these individuals.

2.3 Message Content

We store the content of SMS messages you send through our platform, including:

  • Message body text
  • Sender ID
  • Timestamp
  • Delivery status and reports

2.4 Usage Data

We automatically collect:

  • IP addresses
  • Browser type and version
  • Device information
  • Pages visited and features used
  • API call logs
  • Login timestamps

2.5 Cookies and Tracking

We use essential cookies required for the platform to function, and analytics cookies to improve our service. See our Cookie Policy for details.

3. How We Use Your Information

3.1 To Provide Our Services

  • Creating and managing your account
  • Processing and delivering SMS messages
  • Providing delivery reports and analytics
  • Processing payments and managing billing
  • Providing customer support

3.2 To Improve Our Services

  • Analysing usage patterns to improve the platform
  • Troubleshooting technical issues
  • Developing new features

3.3 To Communicate With You

  • Sending service notifications and updates
  • Responding to your enquiries
  • Sending marketing communications (with your consent)

3.4 Legal and Compliance

  • Complying with legal obligations
  • Preventing fraud and abuse
  • Enforcing our Terms of Service

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Contract: Processing necessary to perform our contract with you (providing the SMS service)
  • Legitimate Interests: Processing necessary for our legitimate business interests (improving services, preventing fraud)
  • Legal Obligation: Processing necessary to comply with legal requirements
  • Consent: Where you have given specific consent (marketing communications)

5. Data Sharing

5.1 Service Providers

We share data with trusted third parties who help us operate our business:

  • SMS Carriers: To deliver your messages (phone numbers and message content)
  • Payment Processors: To process payments (billing information)
  • Cloud Hosting: To host our platform (AWS, located in UK/EU)
  • Analytics: To understand usage patterns (anonymised data)

All service providers are bound by data processing agreements and must meet our security standards.

5.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5.4 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. International Transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area (EEA). Where we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules where applicable

7. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: For the duration of your account, plus 7 years after closure for legal/tax purposes
  • Message Logs: 90 days for delivery status, then aggregated/anonymised
  • Contact Data: Until you delete it or close your account
  • Financial Records: 7 years as required by UK law
  • Support Tickets: 3 years after resolution

You can request deletion of your data at any time, subject to our legal retention requirements.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: We do not make automated decisions that significantly affect you

To exercise these rights, email us at privacy@yessms.io. We will respond within 30 days.

9. Data Security

We implement robust security measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Secure data centres with physical access controls
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Employee security training
  • Incident response procedures

While we take all reasonable precautions, no system is completely secure. We encourage you to use strong passwords and protect your account credentials.

10. Your Responsibilities as a Customer

When you use YesSMS to send messages to your contacts, you act as the data controller for those individuals' data. You must:

  • Have a valid legal basis to contact recipients (consent, legitimate interest, etc.)
  • Provide recipients with your own privacy notice
  • Handle opt-out requests promptly
  • Keep contact lists accurate and up-to-date
  • Comply with PECR and anti-spam regulations
  • Not use our service for unsolicited marketing without proper consent

11. Children's Privacy

Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The "Last updated" date at the top indicates when the policy was last revised.

13. Complaints

If you have concerns about how we handle your data, please contact us first at privacy@yessms.io.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
https://ico.org.uk

14. Contact Us

For privacy-related enquiries:

Email: privacy@yessms.io
Data Protection Officer: dpo@yessms.io