DATA HANDLING AND  PROCESSING POLICY

Physical security

Messente servers are hosted by secure data centres in Europe, Germany, whose protection practise conforms to the Federal Data Protection Act (BDSG) as well as the German Teleservices Act (TMG). The Data Center and its information security management system (ISMS) have attained certification in accordance with DIN ISO/IEC 27001.


System security

Messente uses firewalls and logical access control to protect our servers from unauthorized system access, allowing only trusted operations personnel to manage our systems who are required to use necessary security measures when accessing and handling the data.

We also make sure to use strong configuration standards to harden our servers, and we keep them up-to-date with the latest security patches. As such data access is limited to explicitly authorized personnel only as mentioned above.


Application security

We support strong cryptography (SHA-256 with RSA encryption) for communication over public networks, so that your Messente Dashboard password, API username/password, and contents of your communications may be protected in transit as set forth below.


Unencrypted protocols are supported on the customer side in response to customer demand, but we strongly encourage customers to use secure protocols.

Messente has direct relationships with telecommunications carriers and services providers. Some of the "last mile" connections of our partners might be unencrypted. We choose for secured communication with carriers when available. Messente also has rate limiting in place on API calls to prevent brute force attacks. Password complexity requirements are enforced on API username, password and Messente Dashboard password. We strive to only work with partners that are GDPR compliant and have agreements in place to ensure that they adhere to the set regulations for data protection.

Messente Dashboard passwords are cryptographically hashed before storing in our database. Strong password requirements are enforced.

Messente Dashboard supports 2-factor authentication (2FA using Messente Verification API) when elected for customers who want to add an additional access control. In this case, Messente Dashboard logins require an additional verification code, which is sent by SMS or Verigator App to the phone registered on your account, to be entered when logging in from a new country or browsers from the ones used on the previous successful logins.

Use and Storage of Customer Data

All customer data processed and stored including:

is handled as confidential and sensitive information and is only accessed by a limited number of people from Messente’s team, as well as the rights retained by the client to limit content availability via hiding or hashing content.

The data is gathered, processed and stored only in cases of:

  1. Performing contractual obligations and in order to deliver the service described in the Terms and Conditions or as set forth in agreements between the client and Messente Communications

  2. Customer support to the extent required to resolve the issue and prevent future issues from occurring

  3. To improve service quality to the necessary extent by processing and analysing customer data or to alternate message routing channels

  4. To ensure the compliance with applicable laws and regulations, including data storage demands as set forth by Estonian and EU regulations

  5. Accessed by third parties only as far as is needed to sustain service functionality and stored by third parties as demanded by law and the agreements between Messente Communications and it’s partners

  6. The data gathered, processed and stored for marketing purposes is only done on an explicit consensual basis.

Data Retention Periods: