Privacy Policy

Last updated: 1 July 2026

This policy explains what information SMSgateway.lk collects, why we collect it, and how we protect it, for our account holders and for the recipients of messages sent through the platform.

1. Information we collect

  • Account data: your name, business name, email address, phone number and login credentials (passwords are stored only as salted hashes).
  • Billing data: wallet transactions, invoices, package selections and payment references. We do not store card numbers; online payments are processed by the payment gateway.
  • Messaging data: recipient numbers, message content, sender IDs, delivery statuses and timestamps, kept so we can deliver messages, bill accurately and show your logs.
  • Contact lists: numbers and names you upload for your campaigns.
  • Technical data: access logs and audit records (who did what and when in your account) for security and support.

2. How we use it

  • To operate the Service: route messages to mobile operators, track delivery and maintain your wallet ledger.
  • To register sender IDs with operators (business documents you provide are shared with operators solely for approval).
  • To send you service notifications such as invoices, low-balance alerts and approvals.
  • To prevent abuse, spam and fraud on the platform.

3. Your contact lists belong to you

We never sell, rent, share or use your uploaded contact lists for any purpose other than delivering your messages. Your lists are isolated to your account and invisible to other customers.

4. Sharing

We share data only with: (a) mobile network operators and upstream carriers, as required to deliver your messages and register sender IDs; (b) our payment gateway, to process payments you initiate; and (c) authorities, where Sri Lankan law requires it. We do not sell personal data to anyone.

5. Retention

Account and ledger records are retained while your account is active and as required for accounting. Message logs are retained for operational history and support. You may request deletion of your account and uploaded contact lists; ledger records we must keep by law are retained in anonymised or restricted form.

6. Security

All traffic is encrypted in transit (HTTPS). Access to production systems is restricted and audited; passwords are hashed; staff access within your account is permission-scoped and logged.

7. Your rights

You can access and update your account information in the dashboard, export your logs, and contact us to correct or delete your data. Recipients may opt out of your messages at any time, and you are required to honour those opt-outs.

8. Contact

Privacy questions or requests: [email protected]