This policy explains how KIYA Communications collects, uses, stores, and protects information when you visit our website, register an account, or send messages through our SMS gateway.
Last updated · 02 September 2024KIYA Communications (“KIYA”, “we”, “us”) is a company registered in the Republic of Seychelles, with its registered office in Victoria, Mahé. We operate a global SMS gateway used by businesses to send marketing campaigns, transactional notifications, and one-time passwords (OTPs) to their end users. For the purposes of EU/UK data protection law, KIYA generally acts as a data processor on behalf of the business that uses our platform (our “customer”), and as a data controller for information we collect directly from website visitors and account holders.
You can reach our team at [email protected].
This policy applies to:
If you are an end user receiving an SMS sent through KIYA, the business that contacted you is the data controller. Please refer to their privacy notice for details about how they obtained your number and what they do with your data. We process that information only on their instructions.
Where the EU/UK GDPR applies, we rely on the following legal bases:
Message bodies and recipient numbers submitted through our API are processed strictly to deliver each message and to produce delivery receipts. We do not read message content for advertising purposes and we do not sell message content or recipient numbers.
Carriers and downstream operators may also process message metadata in order to deliver the SMS over their network; this is unavoidable for any SMS service worldwide and is governed by their own terms.
OTP traffic receives the same confidentiality controls as any other message. By default we minimise persistence of OTP message bodies in long-term storage, and they are not exposed in customer-facing logs after the configured retention window. Customers can configure shorter retention or content-redaction on a per-route basis.
We share data only with parties strictly necessary to operate the service:
A current list of sub-processors is available on request from [email protected].
SMS is inherently global: a message sent to a recipient abroad must be transmitted to operators in that country. Where personal data leaves the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or adequacy decisions where available.
We protect data using a layered approach: TLS 1.2+ in transit, encryption at rest, isolated production environments, role-based access controls, mandatory 2FA for staff, key rotation, and continuous monitoring. We follow recognised industry frameworks for SMS aggregators and review our controls regularly. No system is perfectly secure, but we work hard to minimise risk and to notify customers promptly of incidents that affect them.
Subject to local law, individuals have rights to access, correct, delete, restrict, or object to the processing of their personal data, and to data portability. Where we act as a processor for one of our customers, we will refer your request to that customer and assist them in responding. Where we act as a controller, please email [email protected] and we will respond within applicable statutory timeframes.
If you are in the EEA or UK, you may also lodge a complaint with your local data protection authority.
Our marketing site uses a small number of strictly necessary cookies and, where you consent, simple analytics cookies that help us understand which pages are useful. We do not run third-party advertising trackers.
KIYA is a B2B service intended for businesses and their authorised personnel. Our website is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16.
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify customers through the dashboard or by email.
Questions about this policy or how we handle your data?