I. Important pages
II. Product Security
Messente Dashboard supports 2-factor authentication (2FA using Messente Verification API) when elected for customers who want to add an additional access control. Messente also supports strong cryptography (SHA-256 with RSA encryption) for communication over public networks, so that your Messente Dashboard password, API username/password, and contents of your communications may be protected.
Messente uses firewalls and logical access control to protect our servers from unauthorized system access, allowing only trusted operations personnel to manage our systems who are required to use necessary security measures when accessing and handling the data.
Messente supports strong cryptography for communication over public networks, so that your Messente Dashboard password, API username/password, and contents of your communications may be protected. Unencrypted protocols are supported on the customer side in response to customer demand, but we strongly encourage customers to use secure protocols such as HTTPS (TLS 1.2/1.3).
Messente’s servers are hosted by secure data centers in Europe, Germany, whose protection practice conforms to the Federal Data Protection Act (BDSG) as well as the German Teleservices Act (TMG). The Data Center and its information security management system (ISMS) have attained certification in accordance with DIN ISO/IEC 27001. We strive to only work with partners that are GDPR compliant and have agreements in place to ensure that they adhere to the set regulations for data protection.
Messente follows industry standard development practices including, but not limited to, automated tests and code reviews, deployment process, CI, etc. We pay a lot of attention to security as well and whenever there are vulnerabilities discovered in any of the tools or operating systems we are using. On a regular basis, we also upgrade all of the 3rd party libraries used in our software to ensure we are covered with the latest security patches.
Messente tracks user behavior within the platform that is essential (updating accounting details, crediting setup, login, logout, user invitations, etc). Some of the audit logs are persistent, and others get deleted in a week, depending on the nature of the logs.
Messente follows secure development standards and procedures, as well as ensures data security with our partners and through active vulnerability testing.
We follow industry-standard security practices throughout the development and customer care processes.
Messente has direct relationships with telecommunications carriers and service providers. Some of the "last mile" connections of our partners might be unencrypted due to the nature of the SMS underlying protocol. We choose secured communication with carriers when available. Messente also has rate limiting in place on API calls to prevent brute force attacks. Password complexity requirements are enforced on API username, password, and Messente Dashboard password. We strive to only work with partners that are GDPR compliant and have agreements in place to ensure that they adhere to the set regulations for data protection. This includes Data Processing Agreements that include minimum security provisions and auditing rights.
Messente has a disaster recovery and continuity plan designed to ensure the delivery of services at all times. Our uptime commitment is elaborated in the SLA.
Messente provides a documented incident response which includes procedures for detecting, containing, and mitigating security incidents (see annex).
Whenever there is a security incident, Messente determines the extent of the issue, which data was exposed, and which customers were also affected.
Cloud computing - Messente uses Hetzner Online GmbH which is based out of Germany and Finland. It’s used for internal logs, query logs, and details, API request details and logs, and hosting services. Physical security – secure location, security cameras, locked and secured server rooms, security guards on premises 24/7. System security – anonymization, access limitation to required personnel only, mandated VPN and 2FA, adherence to all of the latest good security practices. Signed DPA with the partner confirming compliance.
III. Compliance
Compliance entails service continuity and reliability. Uptime, real-time monitoring & alerting.
Data Privacy
- GDPR Compliance
Messente follows a “minimal processing methodology” in our work, where we limit the amount and duration of all data processing to the minimum needed to provide our services to customers. Customers are welcome to ask for custom retention periods and limits to further enhance their own compliance. Learn more: Data Handling Policy
- Operational Resilience
Business Continuity
Messente has drawn out the most essential aspects of our business and developed our own plan to deal with unexpected circumstances. We’ve used the “Analyse, Design, Implement, and Test” method to ensure we keep our business integrity intact and are able to provide services in a global world. This includes multiple varied location backups for all key functions, remote readiness, handover and retraining plans and more. - ensuring our people, processes, premises and providers are covered for redundancies. Learn more: Transfer Impact Assessment
Whenever Messente (or its sub-processors) processes personal data in countries other than the country in which Messente is established, Messente will ensure an adequate level of protection for personal data by means of organizational, technical, and contractual measures as is required by Data Protection Legislation and our Data Protection Agreements. We follow the GDPR data processing rules outside of the EEA and use the highest relevant standards where possible.
- Disaster Recovery
The purpose of our DR Plan is to inventory all of the IT infrastructure, capture all of the information relevant to the organization’s ability to recover its IT from a disaster and document the steps that the organization will follow in the event that a disaster occurs.
Messente's top priority will be to enact the steps outlined in this DR Plan to bring all of the organization’s groups and departments back to business as usual as quickly as possible. This includes:
- Preventing the loss of the organization’s resources, such as hardware, data and physical IT assets
- Minimizing downtime related to IT
- Keeping the business running in the event of a disaster
The DR Plan will also detail how this document will be maintained and tested.
SLA - Service Level Agreement
The following Service Level Agreement (“SLA”) applies to the Services offered by Messente, incorporated in Estonia under the registration code 12418041, with its registered address at Tartumaa, Tartu linn, Tartu linn, Akadeemia tn 3, 51003, VAT number: EE101613370 to [CUSTOMER/PARTNER DETAILS] (“User”) pursuant to [SERVICE AGREEMENT/BILATERAL AGREEMENT] (“Agreement”). Capitalized terms used herein carry the same meaning as assigned to them in the Agreement unless stated otherwise.1. Scope of the SLA
This SLA shall apply solely to the Services provided by Messente pursuant to the Agreement with the exclusion of any part of the Message transmission chain that is under the control of other entities forming the Message transmission chain. This SLA shall not apply to any services, hardware, physical goods and/or software (“Third Party Software and Goods”) not supplied by Messente, nor to any combination of Third Party Software and Goods with Services provided by Messente.
2. General uptime commitment
3. Service levels
User may subscribe to one of the following support packages: Essential Assistance, Priority Care, Professional Support or Enterprise Customer. User’s choice of support package shall determine the service level provided by Messente to User. User may upgrade their support package by contacting Messente.
4. Support times
Messente shall provide support services based on the selected support plan
|
Service Level |
Support Availability |
|
Essential Assistance |
Total 8 hours / 5 working days -- Clarification: Monday to Friday between 9 AM and 5 PM GMT+3 |
5. Incident levels and response times
Incidents under this SLA are categorized as follows:
|
Incident level |
Description |
|
1 Critical |
Usage of the Services is materially or wholly disrupted; Complete failure of the Services. Examples of critical incidents:
|
|
2 Major |
Usage of the Services is impacted without complete failure of the Services; critical functions of the Services are not operational wholly or to a material extent; Examples of major incidents:
|
|
3 Minor |
Minor functions of the Services are impacted; usage of the Services is not prevented; Examples of minor incidents:
|
The following response times shall apply to each category of incident depending on the support package subscribed to by the User:
|
Incident level |
Essential Assistance |
|
1 Critical |
4 business hours |
|
2 Major |
4 business hours |
|
3 Minor |
4 business hours |
6. Exclusions from Uptime calculation
- The following shall be excluded from Uptime calculation: planned and unplanned maintenance breaks, database and platform update events, force majeure, any downtime caused by circumstances outside of Messente’s control.
- Messente may temporarily suspend the Services on the third Wednesday of every month between 4 PM and 8 PM GMT+3 to perform planned maintenance on its systems and the Services. Messente may temporarily suspend the Services at any other time for unplanned maintenance, if necessary in Messente’s reasonable discretion, and shall in such cases notify the User five (5) days in advance, if practicable.
- Any downtime caused by or resulting from acts beyond Messente’s control, including but not limited to acts of God, natural disaster, war, invasion or hostilities, terrorist threats or acts, riot or other civil unrest, government law or order or other action, embargoes or sanctions in effect after the date of this SLA, pandemic, strikes, labor stoppages, state of emergency, or failure of telecommunications networks (“Force Majeure Event”), shall be excluded from Uptime calculation. Messente shall take reasonable measures to minimize the effects of the Force Majeure Event.
- User acknowledges that due to the nature of Message transmission chains, Messente may not guarantee successful delivery of Messages. Any failure or unavailability of Services caused by circumstances outside Messente’s control, including without limitation disruptions in telecommunication networks, acts or inactions of telecommunication operators or messaging aggregators, or issues related to Message addressee handheld devices shall be excluded from Uptime calculation.
7. Support tickets
In order to receive support services, User shall submit a support ticket to Messente by e-mail to support@messente.com, via contact form in Messente’s websites or live chat in customer dashboard. The support ticket shall at minimum contain a description of the issue giving rise to the support ticket, the part of the Services the issue pertains to (e.g. inability to use the Messente dashboard; failure to send Messages; etc.), time of first encounter of the issue by the User and any mitigation steps taken to resolve the issue.
Upon receipt of a support ticket containing the aforementioned minimum information, Messente shall initiate the response process in accordance with response times stated in Section 5 above.8. Miscellaneous provisions
- This SLA shall be governed by the governing law stated in the Agreement it is appended to.
- In case of any conflicting provisions between this SLA and the Agreement, this SLA shall prevail insofar as such conflicting provisions are related to support services.