Messente servers are hosted by secure data centres in Europe, Germany, whose protection practise conforms to the
Federal Data Protection Act (BDSG) as well as the German Teleservices Act (TMG). The Data Center and its information
security management system (ISMS) have attained certification in accordance with DIN ISO/IEC 27001.
Messente uses firewalls and logical access control to protect our servers from unauthorized system access, allowing
only trusted operations personnel to manage our systems who are required to use necessary security measures when
accessing and handling the data.
We also make sure to use strong configuration standards to harden our servers, and we keep them up-to-date with the
latest security patches. As such data access is limited to explicitly authorized personnel only as mentioned
We support strong cryptography (SHA-256 with RSA encryption) for communication over public networks, so that your
Messente Dashboard password, API username/password, and contents of your communications may be protected in transit as
set forth below.
Unencrypted protocols are supported on the customer side in response to customer demand, but we strongly
encourage customers to use secure
Messente has direct relationships with telecommunications carriers and services providers.
Some of the "last mile" connections of our partners might be unencrypted. We choose for secured
communication with carriers when available. Messente also has rate limiting in place on API calls to
prevent brute force attacks. Password complexity requirements are enforced on API username, password
and Messente Dashboard password. We strive to only work with partners that are GDPR compliant and have
agreements in place to ensure that they adhere to the set regulations for data protection.
Messente Dashboard passwords are cryptographically hashed before storing in our database. Strong password
requirements are enforced.
Messente Dashboard supports 2-factor authentication (2FA using Messente Verification API) when elected for
customers who want to add an additional access control. In this case, Messente Dashboard logins
require an additional verification code, which is sent by SMS or Verigator App to the phone
registered on your account, to be entered when logging in from a new country or browsers from
the ones used on the previous successful logins.
Use and Storage of Customer Data
All customer data processed and stored including:
Contact information and contact information changes, including payments and payment history
User interface interaction activity and activity logs, previous login time and login IP
User uploaded data for message delivery and phonebook management, including telephone numbers, names, and
accompanying notes chosen by the user
Messaging logs and accompanying request details including: time, the full content of request including but
notwithstanding IP, phonebook details, message delivery and reports (DLR), API and SMPP requests (full content of
request including but notwithstanding logs, time and IP)
Traffic routing information
The content of communications sent through or integrated with our Services, such as message bodies, sender names,
IP addresses and timestamps as described above
is handled as confidential and sensitive information and is only accessed by a limited number of people from
Messente’s team, as well as the rights retained by the client to limit content availability via hiding or hashing
The data is gathered, processed and stored only in cases of:
Performing contractual obligations and in order to deliver the service described in the Terms and Conditions or
as set forth in agreements between the client and Messente Communications
Customer support to the extent required to resolve the issue and prevent future issues from occurring
To improve service quality to the necessary extent by processing and analysing customer data or to alternate
message routing channels
To ensure the compliance with applicable laws and regulations, including data storage demands as set forth by
Estonian and EU regulations
Accessed by third parties only as far as is needed to sustain service functionality and stored by third parties
as demanded by law and the agreements between Messente Communications and it’s partners
The data gathered, processed and stored for marketing purposes is only done on an explicit consensual basis.
Data Retention Periods:
- All personal data relating to account details such as but not limited to: payment details and history, user
account information and uploaded information (such as the phonebook) are retained for the duration of the active use
of the account or until the data subjects request for data deletion, unless required otherwise by law.
- All user activity logs are kept for a reasonable time (no longer than one year) to provide service rapports and
service use history, or until the data subjects request for data deletion, unless required otherwise by law.
- All consensual personal data (such as but not limited to; marketing consent, newsletter subscription details
and tracking cookies) are kept for a reasonable time (no longer than a year) or the duration of the active use of
the account or until the data subjects request for data deletion, unless required otherwise by law.
- As Messente Communications is subject to both international communications legislation as well as
anti-terrorism legislation as a communications provider, we may be required to withhold the deletion of data
subjects personal data after the data deletion request, and will do so only if mandated by the authorities, in a
responsible manner, utilizing all needed security provisions to protect the data and limit access.