Privacy Policy

SmartBulk Messenger – Privacy Policy Last Revised: September 19, 2025 This Privacy Policy explains how LocalHost Digital, doing business as SmartBulk Messenger (“SmartBulk,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information when you visit smartbulkmessenger.com, create an account, or use our messaging services, APIs, dashboards, mobile/desktop apps, and related websites (collectively, the “Services”). By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services. 1) Who We Are & How to Contact Us Controller (Canada): LocalHost Digital (SmartBulk Messenger), Ottawa, Ontario, Canada. Privacy Email: privacy@smartbulkmessenger.com Legal/Compliance: legal@smartbulkmessenger.com Support: support@smartbulkmessenger.com If you are in the EEA/UK, SmartBulk acts as a processor/service provider to our business customers for message content and certain recipient data they submit; those customers are the controllers of such data. For our direct marketing, website analytics, and account data, SmartBulk is a controller. 2) Scope This Policy covers personal information we process about: Account Users (Admins, Operators, Developers) Website Visitors (including cookies/analytics) End Recipients of messages sent via our Services by our business customers (where we usually act as processor) It does not cover third-party sites or services linked from our website. 3) Information We Collect A. Information You Provide Account & Profile: name, company, role, email, phone number, password (hashed), time zone, language. Billing: billing contact, address, tax IDs, plan and transaction details (payment processors handle card/bank data). Content & Settings: message templates, campaigns, media, attachments, opt-in flows, suppression lists, tags, consent records. Support & Communications: emails, chat transcripts, feedback, survey responses. B. Information Collected Automatically Usage & Log Data: IP address, device/OS/browser, pages viewed, timestamps, referring/exit pages, feature usage, error logs. Cookies & Similar Tech: session cookies, preference cookies, analytics pixels, and identifiers (see §10). C. Information We Process on Behalf of Customers (Processor Role) Recipient & Message Data: recipient identifiers (e.g., phone numbers, WhatsApp IDs, emails), consent status and timestamps, message content and metadata (sender ID, route, delivery status, interactions), unsubscribe/opt-out status. Integrations: CRM contacts, audience segments, custom fields imported via API or CSV. Customers are responsible for obtaining necessary consents and providing notices to their recipients. 4) How We Use Personal Information We use personal information to: Provide & Operate the Services (account creation, authentication, provisioning senders, routing messages, deliverability, troubleshooting). Ensure Compliance & Trust & Safety (CASL/TCPA/CAN-SPAM/GDPR where applicable; consent and opt-out management; fraud/spam/abuse prevention; carrier policy adherence). Bill & Administer Accounts (subscriptions, invoices, collections, tax compliance). Improve & Secure the Services (analytics, product development, quality assurance, incident response). Communicate with You (service notifications, security alerts, changes to terms, and—with your consent or as permitted—marketing about features or programs). Legal & Regulatory (records retention, audits, responding to lawful requests, enforcing our terms). Legal bases (where required): performance of contract, legitimate interests (e.g., service improvement, security), consent (e.g., marketing emails/SMS), and compliance with legal obligations. 5) Consent Management & Marketing (CASL) We support express consent capture and record-keeping for messaging. You can opt out of SmartBulk marketing communications at any time via unsubscribe links or by contacting privacy@smartbulkmessenger.com . Customers are responsible for honoring recipient opt-outs in their own campaigns; our platform provides suppression tools and APIs. 6) How We Share Information We do not sell personal information. We may share personal information as follows: Service Providers/Sub-Processors: hosting, cloud infrastructure, data storage, analytics, customer support, ticketing, email/SMS/WhatsApp/voice carriers, verification/KYC, payment processing, fraud prevention, logging/monitoring, and security services. These providers may access personal information only to perform services for us under contract. Telecom & Channel Partners: mobile carriers and messaging networks (e.g., SMS aggregators, WhatsApp Business providers, email delivery partners) receive message routing data and content as necessary to deliver communications and comply with their policies. Business Transfers: part of a merger, acquisition, financing, or sale of assets, subject to this Policy’s protections. Legal & Safety: to comply with law, court orders, or lawful requests; to protect the rights, property, or safety of SmartBulk, our customers, or others; to enforce our terms or prevent abuse. With Your Direction: when you request or authorize integrations (e.g., connecting your CRM), we share data as instructed. A current list or description of sub-processor categories is available upon request at privacy@smartbulkmessenger.com . 7) International Transfers We are based in Canada and may store or process information in Canada, the United States, the European Economic Area, the United Kingdom, or other countries where we or our service providers operate. We use appropriate safeguards for cross-border transfers, such as contractual protections and industry-standard security measures. 8) Data Retention We retain personal information for as long as necessary to provide the Services, for our legitimate business needs, and to comply with legal obligations. Typical retention periods: Data Category Default Retention Account profile & billing records While account is active + up to 7 years for tax/audit Application & security logs 12–24 months (shorter for high-volume logs) Message content (processor role) Configurable by customer; commonly 30–180 days Consent & suppression lists While necessary to honor legal obligations and opt-outs Support tickets 24 months after closure We may anonymize or aggregate data for analytics and service improvement. 9) Security We implement reasonable and appropriate technical and organizational measures, including encryption in transit, access controls, least-privilege, logging/monitoring, vulnerability management, and employee training. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. If we become aware of a security incident affecting personal information, we will notify affected customers/individuals in accordance with applicable laws and our contractual obligations. 10) Cookies & Similar Technologies We use: Strictly Necessary Cookies: authentication, session management, fraud prevention. Functional Cookies: preferences, language, UI settings. Analytics Cookies/Pixels: usage statistics and product improvement (IP addresses, device/browser, events). Marketing/Attribution Pixels (optional): if you consent, to measure campaigns and attribute signups. You can manage cookies in your browser settings. Some features may not function properly without certain cookies. 11) Your Privacy Rights Canada (PIPEDA) You may request access to your personal information we hold, request corrections, and inquire about our use and disclosures. Contact privacy@smartbulkmessenger.com . If we act as processor for a business customer, we will direct you to that customer (the controller). You may also contact the Office of the Privacy Commissioner of Canada regarding unresolved concerns. We aim to respond to requests within applicable timelines. EEA/UK (If Applicable) Depending on your location and the legal basis, you may have rights to access, rectify, erase, restrict or object to processing, portability, and to withdraw consent at any time. You also have the right to lodge a complaint with your supervisory authority. Where SmartBulk is processor, please contact the controller (our customer) first. U.S. State Laws (If Applicable) Residents of certain U.S. states may have rights to access, delete, correct, or opt out of certain processing. We do not “sell” personal information as defined by those laws. To exercise rights, email privacy@smartbulkmessenger.com . Verification: We may need to verify your identity and jurisdiction before processing requests. Authorized agents may submit requests as permitted by law. 12) Children’s Privacy The Services are not directed to children under the age of majority (18 in Ontario) and are intended for business use. Do not submit children’s personal information unless you have lawful authority and we have agreed in writing. 13) Processor Addendum (DPA) For customers subject to data protection laws requiring a data processing agreement, our Data Processing Addendum (DPA) applies and forms part of the contract for the Services. The DPA addresses roles, processing instructions, security measures, sub-processors, international transfers, and data subject request cooperation. Contact legal@smartbulkmessenger.com to obtain or execute the DPA. 14) Do-Not-Track & Automated Decisions Our Sites do not respond to Do-Not-Track signals. We do not engage in solely automated decision-making that produces legal or similarly significant effects without human review. 15) Changes to This Policy We may update this Policy from time to time. We will post the updated Policy with a new “Last Revised” date and, where required, provide additional notice. Your continued use of the Services after changes become effective signifies acceptance. 16) How to Reach Us Privacy Questions/Requests: privacy@smartbulkmessenger.com Data Protection / DPA: legal@smartbulkmessenger.com General Support: support@smartbulkmessenger.com Mailing Address: SmartBulk Messenger (LocalHost Digital), Ottawa, Ontario, Canada