Privacy Policy

This Privacy Policy explains how Dimaiat OÜ (registry code 16541442), operating under the brand name Textmodo, collects, uses, stores, and shares personal data when you use our website at textmodo.com and our SMS API services. Dimaiat OÜ is the data controller for the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, or GDPR). Textmodo provides two core products: Text Marketing, which enables businesses to send bulk SMS campaigns, and User Verification, which provides SMS-based OTP and two-factor authentication. This policy covers both products, as well as our website, dashboard, and any related services. By creating an account or using our services, you acknowledge that you have read and understood this policy. If you are using Textmodo on behalf of a company or other legal entity, you represent that you have authority to bind that entity to these terms.

When you sign up for a Textmodo account, we collect your email address and password. Passwords are hashed before storage — we never store them in plain text. Upon account creation, we generate a unique API key for you to authenticate requests to our platform. When you use our Text Marketing or User Verification APIs, we process the phone numbers you submit as part of your API requests, the content of SMS messages you send, delivery status data, timestamps, and related metadata. We act as a data processor with respect to the phone numbers and message content you transmit through our platform — you remain the data controller for your end users' personal data. We also collect technical data automatically when you visit our website or use our dashboard. This includes your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit. This data is collected through server logs and cookies.

We use your account data (email, hashed password, API key) to provide and maintain your Textmodo account, authenticate your API requests, and communicate with you about service updates, security alerts, and billing matters. The legal basis for this processing is the performance of our contract with you (GDPR Article 6(1)(b)). Message data and phone numbers submitted through our APIs are processed solely to deliver the SMS messages you request — whether those are marketing campaigns or verification codes. We do not use the content of your messages or your recipients' phone numbers for our own marketing purposes. The legal basis is again contractual necessity. Technical and usage data helps us monitor platform performance, detect and prevent abuse or fraud, and improve our services. We rely on our legitimate interest in maintaining a secure and functional platform (GDPR Article 6(1)(f)) for this processing. Where we send you optional product updates or newsletters, we do so only with your consent (GDPR Article 6(1)(a)), and you can withdraw that consent at any time.

To deliver SMS messages, we share phone numbers and message content with telecommunications carriers and SMS gateway providers. These third parties act as sub-processors and are contractually bound to process data only as necessary to deliver the messages and in compliance with GDPR requirements. We may use third-party service providers for hosting, analytics, payment processing, and customer support. Each provider is selected with data protection in mind, and we enter into data processing agreements with them as required under GDPR Article 28. Our infrastructure is hosted within the European Economic Area wherever feasible. We do not sell your personal data to third parties. We may disclose personal data if required by law, court order, or a binding request from a competent authority. We may also share data in connection with a merger, acquisition, or sale of assets, in which case we will notify affected users before their data becomes subject to a different privacy policy.

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit using TLS, hashing of passwords with modern algorithms, access controls limiting who within our organization can access personal data, and regular security reviews. API keys are generated with sufficient entropy to prevent brute-force attacks and can be regenerated by the account holder at any time through the dashboard. We encourage all users to keep their API keys confidential and to rotate them periodically. No system is completely secure, and we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) within 72 hours as required by GDPR Article 33, and we will inform affected individuals without undue delay where required by Article 34.

Account data is retained for as long as your account remains active. If you delete your account, we will erase your personal data within 30 days, except where we are required to retain certain records for legal or regulatory purposes (for example, to comply with Estonian accounting and tax obligations, which may require retention for up to 7 years). SMS message logs, including phone numbers and message content, are retained for 90 days after delivery to allow for delivery troubleshooting and dispute resolution. After this period, message content is permanently deleted. Aggregated, anonymized usage statistics (message counts, delivery rates) may be retained indefinitely as they do not constitute personal data. You can request earlier deletion of your data at any time by contacting us at contact@textmodo.com. We will respond to such requests within 30 days.

Under the GDPR, you have the right to access the personal data we hold about you, the right to rectification of inaccurate data, the right to erasure (the "right to be forgotten"), the right to restrict processing, the right to data portability, and the right to object to processing based on legitimate interests. Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, contact us at contact@textmodo.com. We will verify your identity before processing your request and will respond within 30 days. If your request is particularly complex, we may extend this period by an additional 60 days, and we will inform you of the extension and the reasons for it. If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, Estonia, or with the supervisory authority in your EU member state of residence.

Our website uses cookies — small text files stored on your device — to keep you logged in, remember your language preference (English, Estonian, or Russian), and understand how visitors use our site. Strictly necessary cookies are used for authentication and session management. These cannot be disabled as they are essential for the website to function. We may also use analytics cookies to collect anonymous usage data, such as which pages are visited most frequently. Analytics cookies are only set with your consent. You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Note that disabling strictly necessary cookies may prevent you from using the dashboard and other authenticated features of the site.

Textmodo's services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 18, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at contact@textmodo.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. When we make material changes, we will notify you by email (sent to the address associated with your account) or by posting a prominent notice on our website at least 14 days before the changes take effect. The "Effective" date at the top of this policy indicates when the current version came into force. We encourage you to review this page periodically. Your continued use of Textmodo after a revised policy takes effect constitutes your acceptance of the updated terms.

If you have questions about this Privacy Policy or about how we handle personal data, you can reach us at: Dimaiat OÜ Anne tn 83-6 50705 Tartu linn, Tartu maakond Estonia Registry code: 16541442 Email: contact@textmodo.com We aim to respond to all inquiries within 5 business days.