Data Handling Policy

Physical security

Messente servers are hosted by secure data centres in Europe, Germany, whose protection practise conforms to the Federal Data Protection Act (BDSG) as well as the German Teleservices Act (TMG). The Data Center and its information security management system (ISMS) have attained certification in accordance with DIN ISO/IEC 27001.

System security

Messente uses firewalls and logical access control to protect our servers from unauthorized system access, allowing only trusted operations personnel to manage our systems who are required to use necessary security measures when accessing and handling the data.

We also make sure to use strong configuration standards to harden our servers, and we keep them up-to-date with the latest security patches. As such data access is limited to explicitly authorized personnel only as mentioned above.

Application security

We support strong cryptography (SHA-256 with RSA encryption) for communication over public networks, so that your Messente Dashboard password, API username/password, and contents of your communications may be protected in transit as set forth below.

Unencrypted protocols are supported on the customer side in response to customer demand, but we strongly encourage customers to use secure protocols.

Messente has direct relationships with telecommunications carriers and services providers. Some of the "last mile" connections of our partners might be unencrypted. We choose for secured communication with carriers when available. Messente also has rate limiting in place on API calls to prevent brute force attacks. Password complexity requirements are enforced on API username, password and Messente Dashboard password. We strive to only work with partners that are GDPR compliant and have agreements in place to ensure that they adhere to the set regulations for data protection.

Messente Dashboard passwords are cryptographically hashed before storing in our database. Strong password requirements are enforced.

Messente Dashboard supports 2-factor authentication (2FA using Messente Verification API) when elected for customers who want to add an additional access control. In this case, Messente Dashboard logins require an additional verification code, which is sent by SMS or Verigator App to the phone registered on your account, to be entered when logging in from a new country or browsers from the ones used on the previous successful logins.

Use and Storage of Customer Data

All customer data processed and stored including:

  • Contact information and contact information changes, including payments and payment history
  • User interface interaction activity and activity logs, previous login time and login IP
  • User uploaded data for message delivery and phonebook management, including telephone numbers, names, and accompanying notes chosen by the user
  • Messaging logs and accompanying request details including: time, the full content of request including but notwithstanding IP, phonebook details, message delivery and reports (DLR), API and SMPP requests (full content of request including but notwithstanding logs, time and IP)
  • Traffic routing information
  • The content of communications sent through or integrated with our Services, such as message bodies, sender names, IP addresses and timestamps as described above

is handled as confidential and sensitive information and is only accessed by a limited number of people from Messente’s team, as well as the rights retained by the client to limit content availability via hiding or hashing content.

The data is gathered, processed and stored only in cases of:

  1. Performing contractual obligations and in order to deliver the service described in the Terms and Conditions or as set forth in agreements between the client and Messente Communications
  2. Customer support to the extent required to resolve the issue and prevent future issues from occurring
  3. To improve service quality to the necessary extent by processing and analysing customer data or to alternate message routing channels
  4. To ensure the compliance with applicable laws and regulations, including data storage demands as set forth by Estonian and EU regulations
  5. Accessed by third parties only as far as is needed to sustain service functionality and stored by third parties as demanded by law and the agreements between Messente Communications and it’s partners
  6. The data gathered, processed and stored for marketing purposes is only done on an explicit consensual basis.

Data Retention Periods:

  • All personal data relating to account details such as but not limited to: payment details and history, user account information and uploaded information (such as the phonebook) are retained for the duration of the active use of the account or until the data subjects request for data deletion, unless required otherwise by law.
  • All user activity logs are kept for a reasonable time (no longer than one year) to provide service rapports and service use history, or until the data subjects request for data deletion, unless required otherwise by law.
  • All consensual personal data (such as but not limited to; marketing consent, newsletter subscription details and tracking cookies) are kept for a reasonable time (no longer than a year) or the duration of the active use of the account or until the data subjects request for data deletion, unless required otherwise by law.
  • As Messente Communications is subject to both international communications legislation as well as anti-terrorism legislation as a communications provider, we may be required to withhold the deletion of data subjects personal data after the data deletion request, and will do so only if mandated by the authorities, in a responsible manner, utilizing all needed security provisions to protect the data and limit access.