Privacy Policy

1. Who we are

StartMessaging is a communication API platform that provides OTP SMS, WhatsApp Business API, and authentication services to developers and businesses, primarily in India and globally. Our platform is operated from India and subject to Indian law, including the Digital Personal Data Protection Act, 2023 (DPDP Act).

You can reach us at startmessagingdotcom@gmail.com for any privacy-related queries.

2. Information we collect

We collect information in three ways:

Information you provide

• Account registration: name, email address, and phone number
• Billing: wallet top-up details and payment transaction records
• Support interactions: messages and attachments you send us

Information generated by your use of the API

• API request logs: endpoint called, timestamp, response status, and delivery outcome
• Recipient phone numbers you submit for OTP or WhatsApp message delivery (treated as transient processing data)
• API key identifiers (we do not store plaintext API keys)
• Wallet balance changes and transaction history

Automatically collected information

• IP address and user-agent for dashboard sessions
• Session cookies (functional only — no cross-site tracking)
• Aggregated usage analytics (page views, feature usage) via Vercel Analytics — no personally identifiable information is linked

3. How we use your information

• Service delivery: Processing your API requests, routing OTP messages via telecom partners, and delivering WhatsApp messages via Meta's Business API
• Billing and payments: Recording wallet top-ups, deducting per-message charges, and providing transaction history
• Account management: Authentication, API key issuance, and account notifications
• Support: Responding to tickets, investigating delivery failures, and resolving billing disputes
• Compliance: Maintaining records required under TRAI regulations, the DPDP Act 2023, and other applicable law
• Service improvement: Aggregated, anonymised analysis of API usage patterns to improve reliability and add features

We do not sell your personal data or use it for advertising.

4. Information sharing

We share data only where necessary to operate the service:

• Telecom aggregators: Recipient phone numbers and message content are passed to licensed SMS aggregators and telecom operators solely for delivery. These partners are contractually bound to use the data only for that purpose.
• Meta (WhatsApp): WhatsApp message content and recipient numbers are processed by Meta under their Business Data Processing Terms.
• Payment processors: Wallet top-up transactions are handled by Razorpay (or similar PCI-DSS compliant processor). We do not store card details.
• Legal requirements: We may disclose data if required by law, court order, or regulatory authority, or to protect the rights and safety of our users and the public.

5. Data retention

We retain your account information and transaction history for as long as your account is active and for a minimum of five (5) years thereafter, as required under applicable Indian financial and telecom regulations.

API request logs (including recipient phone numbers) are retained for ninety (90) days for debugging and support purposes, after which they are purged from operational systems. Aggregated, non-identifiable statistical data may be kept indefinitely.

If you request account deletion, we will delete or anonymise your personal data within thirty (30) days, subject to the retention obligations described above. See our Account Deletion page for the full process.

6. Your rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws, you have the right to:

• Access: Request a summary of the personal data we hold about you
• Correction: Ask us to correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal retention obligations)
• Grievance redressal: Lodge a complaint with us or with the Data Protection Board of India once constituted
• Nomination: Nominate another person to exercise your rights in the event of your death or incapacity (as provided under the DPDP Act)

If you are based in the EU/EEA, you additionally have rights under the GDPR, including data portability and the right to object to processing. To exercise any of these rights, email startmessagingdotcom@gmail.com. We will respond within thirty (30) days.

7. Cookies and tracking

Our marketing website uses only functional session cookies required to operate the dashboard login. We do not use third-party advertising cookies or cross-site tracking pixels.

Vercel Analytics collects aggregated, anonymised page-view data to help us understand site performance. This data is not linked to individual users and does not use cookies.

8. Security

We implement industry-standard security measures including:

• TLS encryption for all data in transit
• Hashed storage of API keys (plaintext keys are never stored)
• Wallet transactions processed by PCI-DSS compliant payment partners
• Access controls restricting staff access to production data
• Regular security reviews of API endpoints

No system is completely secure. If you discover a security vulnerability, please report it responsibly to startmessagingdotcom@gmail.com.

9. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, product features, or applicable law. The “Last updated” date at the top of this page will reflect any revisions. For material changes, we will notify registered users by email before the change takes effect.

10. Contact us

For privacy queries, data access requests, or to report a concern, contact us at startmessagingdotcom@gmail.com or through our contact page.