EasySendSMS GDPR Compliance: Your Rights and Our Responsibilities

Last Updated: March 8, 2026 | Effective Date: March 8, 2026

1. Introduction

This GDPR Compliance Policy ("Policy") outlines how EasySendSMS.com ("We", "Us", "Our", "Company") complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR") in relation to the personal data we collect, process, store, and protect through our bulk SMS platform, SMS API gateway, HLR lookup, number validation, and all related services (collectively, the "Services").

EasySendSMS is a globally trusted SMS gateway provider that has been serving businesses across 200+ countries since 2017. We are deeply committed to protecting the privacy, security, and fundamental rights of every individual whose personal data we process. This Policy demonstrates our dedication to GDPR compliance and provides transparency about how we handle personal data in accordance with the highest data protection standards.

This Policy should be read in conjunction with our Privacy Policy, Terms of Use, and Refund Policy, which together govern your use of our Services and describe our broader data protection practices.

2. Scope and Applicability

The GDPR applies to all organizations that process personal data of individuals located in the European Union (EU) and the European Economic Area (EEA), regardless of where the organization is established. As EasySendSMS processes personal data of EU/EEA residents through our messaging services, we are fully committed to complying with all GDPR requirements.

This Policy applies to:

Our Customers: Businesses, developers, and organizations that register for and use our SMS services, including those located within and outside the EU/EEA.
Message Recipients: Individuals who receive SMS messages sent through our platform by our customers, particularly those located in the EU/EEA.
Website Visitors: Individuals who visit www.easysendsms.com, access our developer documentation, or interact with our platform in any capacity.
Business Partners and Suppliers: Third parties with whom we share data in the course of providing our Services.

Where our customers use our Services to send messages to their own contacts, the customer acts as the data controller and EasySendSMS acts as the data processor. In such cases, our customers are responsible for ensuring that their own use of our Services complies with the GDPR, including obtaining valid consent from their message recipients.

3. Data Controller and Data Processor Roles

Under the GDPR, the distinction between data controllers and data processors is fundamental. EasySendSMS operates in both capacities depending on the context of the data processing activity:

3.1 EasySendSMS as Data Controller

EasySendSMS acts as the data controller when we determine the purposes and means of processing personal data. This applies to:

Account registration data collected when customers sign up at our registration page
Billing and payment information processed for credit purchases
Website usage data and analytics collected from visitors to easysendsms.com
Customer support communications and inquiry records
Marketing communications sent to customers who have opted in
Employee and contractor data (internal HR purposes)

3.2 EasySendSMS as Data Processor

EasySendSMS acts as the data processor when we process personal data on behalf of our customers (who are the data controllers). This applies to:

Recipient phone numbers provided by customers for message delivery
Message content submitted by customers through our platform or SMS API
Contact lists uploaded by customers for SMS marketing campaigns
Delivery reports and message metadata generated during message transmission
Data processed through our HLR lookup and number validation services

As a data processor, we process personal data strictly in accordance with our customers' instructions and the terms of our Data Processing Agreement (DPA). We do not use customer data for our own purposes beyond what is necessary to provide the contracted Services.

4. Personal Data We Process

In compliance with the GDPR's principle of transparency (Article 13 and 14), we provide a clear overview of the categories of personal data we process, the purposes of processing, and the legal basis for each:

Category of Data	Examples	Purpose	Legal Basis (GDPR Art. 6)
Account Registration Data	Name, email, phone number, company name, country	Account creation, identity verification, service delivery	Performance of contract (Art. 6(1)(b))
Billing and Payment Data	Billing address, payment method, transaction history	Payment processing, invoicing, fraud prevention	Performance of contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c))
Messaging Data (as Processor)	Recipient phone numbers, message content, sender ID	Message delivery on behalf of customers	Performance of contract (Art. 6(1)(b))
Usage and Technical Data	IP address, browser type, pages visited, API call logs	Platform improvement, security, analytics	Legitimate interest (Art. 6(1)(f))
Communication Data	Support tickets, emails, chat transcripts	Customer support, service improvement	Legitimate interest (Art. 6(1)(f))
Marketing Data	Email address, communication preferences	Newsletters, product updates, promotional offers	Consent (Art. 6(1)(a))
Verification Data	Government ID, business registration documents	KYC compliance, fraud prevention	Legal obligation (Art. 6(1)(c)); Legitimate interest (Art. 6(1)(f))

We adhere to the GDPR principle of data minimization (Article 5(1)(c)) and collect only the personal data that is strictly necessary for the specified purposes. We do not process special categories of personal data (Article 9) such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

5. Legal Basis for Processing Personal Data

Under GDPR Article 6, every processing activity must be supported by a valid legal basis. EasySendSMS relies on the following legal grounds for processing personal data:

5.1 Consent (Article 6(1)(a))

Where we process personal data based on consent, we ensure that consent is freely given, specific, informed, and unambiguous, as required by GDPR Article 7. This applies primarily to marketing communications and optional data processing activities. You have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal. To withdraw consent, you may update your preferences in your account settings at your account dashboard or contact us at privacy@easysendsms.com.

5.2 Performance of a Contract (Article 6(1)(b))

Processing is necessary for the performance of the contract between EasySendSMS and our customers. This includes processing personal data to create and manage your account, deliver bulk SMS messages, process payments, provide API access, generate delivery reports, and fulfill our contractual obligations under our Terms of Use.

5.3 Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations to which EasySendSMS is subject. This includes tax and financial reporting requirements, responding to lawful requests from law enforcement or regulatory authorities, complying with telecommunications regulations, and maintaining records as required by applicable anti-money laundering (AML) and know-your-customer (KYC) regulations.

5.4 Legitimate Interest (Article 6(1)(f))

Processing is necessary for our legitimate business interests, provided these interests are not overridden by the fundamental rights and freedoms of the data subject. Our legitimate interests include:

Improving and optimizing our platform, services, and user experience
Ensuring the security and integrity of our systems and preventing fraud
Detecting and preventing spam and abuse on our platform (in accordance with our Anti-Spam Policy)
Conducting analytics to understand usage patterns and improve service quality
Protecting our legal rights and enforcing our Terms of Use

We conduct Legitimate Interest Assessments (LIAs) to balance our interests against the rights of data subjects before relying on this legal basis. Records of these assessments are maintained and available for review by supervisory authorities upon request.

6. GDPR Principles We Follow

EasySendSMS adheres to all seven core principles of the GDPR as set out in Article 5. These principles form the foundation of our data protection practices:

GDPR Principle	Article	How We Comply
Lawfulness, Fairness, and Transparency	Art. 5(1)(a)	We process data lawfully with a valid legal basis, treat data subjects fairly, and provide clear information about our processing activities through this Policy and our Privacy Policy.
Purpose Limitation	Art. 5(1)(b)	We collect personal data only for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
Data Minimization	Art. 5(1)(c)	We collect only the personal data that is adequate, relevant, and limited to what is necessary for the intended purpose.
Accuracy	Art. 5(1)(d)	We take reasonable steps to ensure personal data is accurate and up to date, and we provide mechanisms for data subjects to correct inaccurate data.
Storage Limitation	Art. 5(1)(e)	We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as detailed in Section 8 of this Policy.
Integrity and Confidentiality	Art. 5(1)(f)	We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or damage, as detailed in Section 9.
Accountability	Art. 5(2)	We maintain comprehensive records of processing activities, conduct impact assessments, and can demonstrate compliance with all GDPR principles at any time.

7. Consent Management for SMS Communications

As an SMS gateway provider, EasySendSMS plays a critical role in the messaging ecosystem. We require all customers who use our bulk SMS and SMS marketing services to comply with the GDPR's consent requirements when sending messages to individuals in the EU/EEA.

7.1 Customer Obligations

Our customers (as data controllers) are responsible for:

Obtaining Valid Consent: Ensuring that all message recipients have provided prior express consent (opt-in) to receive SMS communications, in compliance with GDPR Article 6(1)(a) and the ePrivacy Directive (2002/58/EC).
Providing Clear Disclosure: Informing recipients at the time of opt-in about the type, frequency, and purpose of the messages they will receive, and identifying the sender.
Maintaining Consent Records: Keeping accurate, verifiable records of all opt-in consents, including the date, time, method of consent, and the specific terms agreed to by the recipient.
Honoring Opt-Out Requests: Including a clear and functional opt-out mechanism in every marketing message (e.g., "Reply STOP to unsubscribe") and processing all opt-out requests immediately.
Maintaining Suppression Lists: Keeping an up-to-date suppression list of opted-out recipients and ensuring no further messages are sent to them.

7.2 EasySendSMS Anti-Spam Enforcement

To support GDPR compliance across our platform, EasySendSMS maintains a strict zero-tolerance anti-spam policy. We employ automated monitoring systems and manual review processes to detect and prevent unsolicited messaging. Accounts found to be sending messages without valid consent will be subject to escalating enforcement actions, including warnings, temporary suspension, permanent termination, and forfeiture of remaining credits. For full details, please refer to the Anti-Spam Policy section within our Terms of Use.

8. Data Retention

In accordance with the GDPR's storage limitation principle (Article 5(1)(e)), we retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal, regulatory, and contractual obligations. Our specific retention periods are as follows:

Data Category	Retention Period	Justification
Account registration data	Duration of active account + 24 months	Contractual obligations, dispute resolution
Message content	Not stored beyond delivery processing	Data minimization principle
Message metadata and delivery reports	Up to 6 months	Service quality, troubleshooting, analytics
Billing and transaction records	7 years minimum	Tax and financial reporting obligations
Server log files	Up to 12 months	Security monitoring, fraud prevention
Customer support records	Up to 24 months after resolution	Service quality, training, dispute resolution
Cookie and analytics data	Up to 13 months (per CNIL guidelines)	Website analytics and improvement
Aggregated/anonymized data	Indefinitely	No longer constitutes personal data under GDPR

At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymized using industry-standard methods. If immediate deletion is not technically feasible (e.g., data stored in backup archives), we isolate the data and apply protective measures until deletion can be completed. We conduct periodic reviews of our data retention practices to ensure ongoing compliance.

9. Data Security Measures

In compliance with GDPR Article 32, EasySendSMS implements comprehensive technical and organizational measures to ensure a level of security appropriate to the risk of processing. Our security infrastructure is designed to protect personal data against unauthorized access, alteration, disclosure, destruction, and accidental loss.

9.1 Technical Measures

Encryption in Transit: All data transmitted between your systems and our platform is encrypted using TLS 1.2 or higher (SSL/HTTPS).
Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption standards.
EU-Based Infrastructure: Our primary SMS servers are located in the European Union, ensuring that data processing occurs within the EU wherever possible.
Firewalls and Intrusion Detection: Enterprise-grade firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) continuously monitor our infrastructure for threats.
Secure API Access: Our SMS API is secured through unique API keys, IP whitelisting options, HTTPS-only connections, and rate limiting.
Regular Security Testing: We conduct regular vulnerability assessments, penetration testing, and code reviews to identify and remediate potential security weaknesses.
Secure Payment Processing: All payment transactions are processed through PCI-DSS Level 1 compliant payment gateways. We do not store full credit card numbers on our servers.
Pseudonymization: Where feasible, we apply pseudonymization techniques to reduce the identifiability of personal data during processing.

9.2 Organizational Measures

Access Controls: Role-based access controls (RBAC) and multi-factor authentication (MFA) restrict access to personal data to authorized personnel on a strict need-to-know basis.
Employee Training: All employees and contractors who handle personal data receive regular GDPR awareness training and data protection education.
Confidentiality Agreements: All employees and third-party service providers are bound by confidentiality and non-disclosure agreements.
Incident Response Plan: We maintain a documented data breach incident response plan to ensure rapid detection, containment, notification, and resolution (see Section 10).
Audit Logging: All access to personal data and critical systems is logged and monitored for security and compliance purposes.
Regular Audits: We conduct periodic internal audits of our data protection practices and security controls to ensure ongoing GDPR compliance.

10. Data Breach Notification

In compliance with GDPR Articles 33 and 34, EasySendSMS has established robust procedures for detecting, reporting, and responding to personal data breaches.

10.1 Notification to Supervisory Authority (Article 33)

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory data protection authority within 72 hours of becoming aware of the breach. The notification will include:

A description of the nature of the breach, including the categories and approximate number of data subjects and data records affected
The name and contact details of our Data Protection Officer
A description of the likely consequences of the breach
A description of the measures taken or proposed to address the breach and mitigate its effects

10.2 Notification to Affected Individuals (Article 34)

Where a data breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected individuals without undue delay. The notification will be provided in clear and plain language and will include:

A description of the nature of the breach
The likely consequences of the breach
The measures taken or proposed to address the breach
Recommendations for individuals to protect themselves
Contact details for further information

10.3 Notification to Customers (Data Controllers)

When EasySendSMS is acting as a data processor and becomes aware of a personal data breach affecting customer data, we will notify the affected customer (data controller) without undue delay so that they can fulfill their own notification obligations under the GDPR. We will provide all necessary information and cooperation to support the customer's breach response.

10.4 Breach Documentation

In accordance with GDPR Article 33(5), we maintain a comprehensive breach register documenting all personal data breaches, including the facts surrounding each breach, its effects, and the remedial actions taken, regardless of whether the breach was reportable to the supervisory authority.

11. Data Subject Rights Under the GDPR

The GDPR grants individuals (data subjects) a comprehensive set of rights regarding their personal data. EasySendSMS is committed to facilitating the exercise of these rights and responding to all legitimate requests promptly and transparently.

Right	GDPR Article	Description
Right of Access	Article 15	You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data, along with information about the processing.
Right to Rectification	Article 16	You have the right to request correction of inaccurate personal data and completion of incomplete data.
Right to Erasure (Right to Be Forgotten)	Article 17	You have the right to request deletion of your personal data when it is no longer necessary, when you withdraw consent, or when processing is unlawful.
Right to Restriction of Processing	Article 18	You have the right to request that we restrict the processing of your data in certain circumstances, such as when you contest its accuracy.
Right to Data Portability	Article 20	You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object	Article 21	You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.
Right Not to Be Subject to Automated Decision-Making	Article 22	You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
Right to Withdraw Consent	Article 7(3)	Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint	Article 77	You have the right to lodge a complaint with a supervisory data protection authority in your EU/EEA member state of residence.

11.1 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to our Data Protection Officer at privacy@easysendsms.com. To protect your privacy and security, we may require you to verify your identity before processing your request. We will respond to all legitimate requests within 30 days (one month) as required by GDPR Article 12(3). In complex cases or where we receive a large number of requests, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it within the initial 30-day period.

Requests are processed free of charge unless they are manifestly unfounded or excessive (particularly if repetitive), in which case we may charge a reasonable fee or refuse to act on the request, as permitted by GDPR Article 12(5).

11.2 Rights of Message Recipients

If you are a recipient of SMS messages sent through our platform and wish to exercise your GDPR rights, please note that EasySendSMS acts as a data processor on behalf of the sender (our customer), who is the data controller. We recommend that you contact the sender directly to exercise your rights. If you are unable to identify the sender or need assistance, you may contact us at privacy@easysendsms.com, and we will make reasonable efforts to help direct your request to the appropriate data controller.

12. International Data Transfers

EasySendSMS operates multiple SMS servers in Europe and prioritizes EU-based data processing wherever possible. However, as a global SMS gateway provider serving 200+ countries, certain data transfers outside the EU/EEA may be necessary to deliver our Services. In compliance with GDPR Chapter V (Articles 44–49), we ensure that all international data transfers are protected by appropriate safeguards:

12.1 Transfer Mechanisms

Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (as adopted under Commission Implementing Decision (EU) 2021/914) with all third-party service providers and sub-processors located outside the EU/EEA to ensure adequate data protection.
Adequacy Decisions: Where applicable, we transfer data to countries that have been recognized by the European Commission as providing an adequate level of data protection under GDPR Article 45.
Transfer Impact Assessments (TIAs): In accordance with the Schrems II ruling (Case C-311/18), we conduct Transfer Impact Assessments to evaluate the legal framework of the destination country and implement supplementary measures where necessary.
Supplementary Technical Measures: We implement additional safeguards such as end-to-end encryption, pseudonymization, and access controls to further protect data during international transfers.

12.2 Sub-Processor Transfers

When personal data is transferred to telecommunications carriers and aggregators for the purpose of message delivery, these transfers are governed by our data processing agreements and are limited to the minimum data necessary for delivery (typically the recipient's phone number and message content). We maintain a list of our sub-processors and their locations, which is available upon request.

13. Data Processing Agreements (DPA)

In compliance with GDPR Article 28, EasySendSMS enters into Data Processing Agreements with all customers for whom we act as a data processor. Our standard DPA covers:

Subject Matter and Duration: The scope, nature, purpose, and duration of the data processing activities.
Types of Personal Data: The categories of personal data processed and the categories of data subjects.
Obligations of the Processor: Our obligations regarding data security, confidentiality, sub-processor management, data breach notification, and cooperation with the controller.
Sub-Processor Management: Our procedures for engaging sub-processors, including prior notification to the controller and ensuring that sub-processors are bound by equivalent data protection obligations.
Data Subject Rights: Our obligation to assist the controller in responding to data subject access requests and other rights requests.
Audit Rights: The controller's right to conduct audits and inspections to verify our compliance with the DPA and the GDPR.
Data Return and Deletion: Our obligations to return or delete all personal data upon termination of the processing agreement, at the controller's choice.
International Transfers: The safeguards in place for any transfers of personal data outside the EU/EEA, including Standard Contractual Clauses.

To request a copy of our Data Processing Agreement, please contact us at privacy@easysendsms.com. We also enter into DPAs with our own sub-processors to ensure end-to-end GDPR compliance throughout the data processing chain.

14. Data Protection Impact Assessments (DPIA)

In accordance with GDPR Article 35, EasySendSMS conducts Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals. DPIAs are conducted before initiating any new processing activity that involves:

Systematic and extensive evaluation of personal aspects of individuals, including profiling
Processing of personal data on a large scale
Systematic monitoring of publicly accessible areas
Use of new technologies that may pose elevated privacy risks
Processing that could result in discrimination, identity theft, financial loss, or other significant harm

Our DPIAs include a systematic description of the processing operations, an assessment of the necessity and proportionality of the processing, an evaluation of the risks to data subjects, and the measures envisaged to address those risks. Where a DPIA indicates that the processing would result in a high risk that cannot be mitigated, we consult with the relevant supervisory authority before proceeding (GDPR Article 36).

15. Records of Processing Activities (ROPA)

In compliance with GDPR Article 30, EasySendSMS maintains comprehensive Records of Processing Activities (ROPA) that document all personal data processing operations carried out under our responsibility. Our ROPA includes:

The name and contact details of the controller and/or processor, and the Data Protection Officer
The purposes of each processing activity
A description of the categories of data subjects and categories of personal data
The categories of recipients to whom personal data has been or will be disclosed
Details of any transfers to third countries, including the transfer mechanism and safeguards
The envisaged retention periods for each category of data
A general description of the technical and organizational security measures in place

Our ROPA is maintained in electronic format and is regularly reviewed and updated. It is available for inspection by the relevant supervisory data protection authority upon request.

16. Sub-Processors and Third-Party Data Sharing

EasySendSMS engages a limited number of trusted third-party sub-processors to assist in delivering our Services. In compliance with GDPR Article 28(2) and (4), we ensure that:

All sub-processors are bound by written data processing agreements that impose equivalent data protection obligations
Sub-processors are carefully vetted for their security practices and GDPR compliance posture before engagement
Customers are informed of any intended changes to the list of sub-processors, with the opportunity to object
We remain fully liable for the acts and omissions of our sub-processors

Our primary categories of sub-processors include:

Telecommunications Carriers and Aggregators: For routing and delivering SMS messages via our SMS routes (including premium and economy routes)
Cloud Infrastructure Providers: For hosting our platform and ensuring high availability
Payment Processors: For securely processing financial transactions
Analytics Providers: For understanding website usage and improving our Services

EasySendSMS does not sell, rent, or trade personal data to third parties for their own marketing or commercial purposes. A current list of our sub-processors is available upon request by contacting privacy@easysendsms.com.

17. Data Protection Officer (DPO)

In accordance with GDPR Articles 37–39, EasySendSMS has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with the GDPR. The DPO's responsibilities include:

Informing and advising EasySendSMS and its employees about their obligations under the GDPR and other data protection laws
Monitoring compliance with the GDPR, including managing internal data protection activities, training staff, and conducting internal audits
Advising on Data Protection Impact Assessments (DPIAs) and monitoring their performance
Acting as the point of contact for data subjects regarding all issues related to the processing of their personal data and the exercise of their rights
Cooperating with and acting as the point of contact for the supervisory data protection authority

You can contact our Data Protection Officer directly at:

Email: privacy@easysendsms.com
Subject Line: "Attn: Data Protection Officer"

The DPO operates independently and reports directly to the highest level of management. The DPO is not dismissed or penalized for performing their duties, in accordance with GDPR Article 38(3).

18. Cookies and GDPR Compliance

In compliance with the GDPR and the ePrivacy Directive (2002/58/EC), EasySendSMS obtains user consent before placing non-essential cookies on your device. Our cookie practices include:

Cookie Consent Banner: We display a clear cookie consent banner when you first visit our Website, allowing you to accept or decline non-essential cookies before they are placed on your device.
Granular Consent: We provide the ability to manage cookie preferences by category (strictly necessary, performance, functional, advertising).
Consent Records: We maintain records of cookie consent to demonstrate compliance with GDPR requirements.
Easy Withdrawal: You can change your cookie preferences at any time through your browser settings or by revisiting our cookie consent options.

For detailed information about the cookies we use and how to manage them, please refer to the Cookies section of our Privacy Policy.

19. Automated Decision-Making and Profiling

In accordance with GDPR Article 22, EasySendSMS does not make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on individuals, without appropriate human oversight.

We may use automated systems for the following purposes, all of which include human review mechanisms:

Fraud Detection: Automated analysis of account activity and transaction patterns to detect potentially fraudulent behavior. Flagged accounts are reviewed by our security team before any action is taken.
Spam Prevention: Automated content filtering and traffic pattern analysis to detect potential spam or policy violations. Suspected violations are reviewed by our compliance team before enforcement actions are applied.
Account Risk Scoring: Automated assessment of account risk levels based on usage patterns. Accounts flagged as high-risk are reviewed by our team before any restrictions are imposed.

If you believe that an automated decision has been made about your account in error, you have the right to request human review by contacting support@easysendsms.com.

20. Children's Data

Our Services are designed for use by businesses and individuals who are at least 18 years of age (or the age of legal majority in their jurisdiction). We do not knowingly collect or process personal data from children under the age of 16 (or the applicable age of digital consent in their EU/EEA member state, as specified under GDPR Article 8). If we become aware that we have inadvertently collected personal data from a child without appropriate parental or guardian consent, we will take immediate steps to delete that data from our systems. If you believe that a child has provided us with personal data, please contact us at privacy@easysendsms.com.

21. Changes to This GDPR Compliance Policy

EasySendSMS reserves the right to update this GDPR Compliance Policy at any time to reflect changes in our data processing practices, legal requirements, or regulatory guidance. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our Website or within your account dashboard
Send an email notification to the address associated with your account for significant changes
Where required by the GDPR, obtain your consent before implementing changes that affect the way we process your personal data

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically to stay informed about how we protect your data and comply with the GDPR.

22. Contact Us

If you have any questions, concerns, or requests regarding this GDPR Compliance Policy, your personal data, or our data protection practices, please contact us through the following channels:

Data Protection Officer: privacy@easysendsms.com
General Support: support@easysendsms.com
Spam & Abuse Reports: abuse@easysendsms.com
Billing Inquiries: billing@easysendsms.com
Contact Form: www.easysendsms.com/contact-us
Website: www.easysendsms.com

We aim to respond to all GDPR-related inquiries within 30 days of receipt, in accordance with GDPR Article 12(3). For urgent data protection matters, please include "URGENT — GDPR" in your email subject line for priority handling.

If you are not satisfied with our response or believe that we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with the supervisory data protection authority in your EU/EEA member state of habitual residence, place of work, or place of the alleged infringement (GDPR Article 77).

EasySendSMS GDPR Compliance