How we collect, use, and protect your personal data.
This Privacy Policy explains how SrilankaBulkSMS.com, operated by SBS Telecom Limited, collects, uses, discloses, and protects your personal information when you use our bulk SMS gateway service. Please read this policy carefully. By using our service you agree to the practices described here.
SrilankaBulkSMS.com is owned and operated by SBS Telecom Limited, a company registered in England and Wales (Company Number: 09253896), with its registered office in the United Kingdom. SrilankaBulkSMS is the dedicated Sri Lanka division of SBS Telecom Limited, providing carrier-grade bulk SMS services to businesses in Sri Lanka and internationally.
As the data controller for information collected through SrilankaBulkSMS.com, SBS Telecom Limited is committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner. This policy applies to all visitors to our website, all registered account holders, and all users of our SMS API and portal services.
If you have any questions about this policy or about how we handle your data, please contact our privacy team at privacy@srilankabulksms.com.
We collect the following categories of information when you use our service:
When you register for an account, we collect your name, business name, email address, phone number, industry sector, and a securely hashed password. This information is necessary to create and manage your account, verify your identity, and communicate with you about your service.
We automatically collect information about how you use our platform, including your IP address, browser type, operating system, pages visited, API endpoint calls made, timestamps, and session duration. This data helps us monitor platform performance, detect fraudulent activity, and improve our service. We also log API requests and responses (excluding SMS message content where not necessary for delivery) for security auditing and debugging purposes.
When you make a payment, our PCI-DSS-compliant payment processor collects and handles your card details directly. We do not store full card numbers or CVV codes on our servers. We do retain billing records including the amount paid, payment date, transaction reference, and the last four digits of any card used, for accounting and dispute resolution purposes.
When you send SMS messages through our platform, we process the recipient phone numbers, message content, sender ID, and routing parameters. This data is necessary to deliver your messages. SMS content is retained in our systems for a limited period to enable delivery reports and dispute resolution, after which it is purged from active storage. You are solely responsible for ensuring that recipient data you provide to us has been collected lawfully and that your recipients have consented to receive messages from you.
We use the information we collect for the following purposes:
We do not sell your personal data to any third party, and we never will. We share your information only in the following limited circumstances:
Third-party service processors: We use carefully selected third-party companies to help us operate our service, including cloud hosting providers, payment processors, email service providers, and analytics tools. These companies access your data only to perform specific tasks on our behalf and are contractually bound to process it solely for that purpose and to maintain appropriate security standards.
Carrier partners: To deliver SMS messages, we transmit recipient phone numbers, sender IDs, and message content to the relevant mobile network operators (Dialog, Mobitel, Airtel, Hutch, and international carriers). These carriers process only the data necessary to deliver your messages in accordance with their own privacy obligations.
Group companies: As a division of SBS Telecom Limited, your account data may be shared internally with our UK parent company for financial reporting, compliance, and technical support purposes.
Legal requirements: We may disclose your information if required to do so by law, court order, or government authority, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of SBS Telecom Limited, our customers, or the public.
We implement robust technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security practices include:
Encryption: All data transmitted between your browser or application and our servers is encrypted using TLS 1.2 or higher. Passwords are stored using bcrypt hashing with a high cost factor. Sensitive data at rest is encrypted using AES-256.
Access controls: Access to production systems and customer data is restricted to authorised personnel only, and is governed by a least-privilege access policy with multi-factor authentication required for all administrative access.
Infrastructure standards: Our platform is hosted on ISO 27001-certified cloud infrastructure with SOC 2 Type II compliance. Regular penetration testing and vulnerability assessments are conducted by independent third parties.
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to keep your account credentials confidential and to use strong, unique passwords for your portal account.
We retain your personal data for as long as your account is active and for a period of two years after account closure. This retention period allows us to resolve any post-closure billing disputes, respond to regulatory inquiries, and comply with our financial record-keeping obligations under UK law.
SMS message content is retained in active systems for 90 days after sending to support delivery reports and dispute resolution. After 90 days, message content is purged from active storage; aggregated delivery statistics (without message content) are retained for up to two years for reporting purposes.
After the relevant retention period expires, your data is securely deleted or anonymised in accordance with our data deletion policy. You may request early deletion of your data subject to certain legal exceptions — see section 7 below for your rights.
Under applicable data protection law (including the UK General Data Protection Regulation and the Data Protection Act 2018), you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at privacy@srilankabulksms.com. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
Our website uses cookies — small text files stored on your device — to provide core functionality and to help us understand how visitors use our site. We use the following categories of cookies:
Functional cookies: These are essential for the operation of our website and portal. They enable you to log in, maintain your session, remember your preferences, and use the core features of the service. These cookies cannot be disabled without breaking the service.
Analytics cookies: We use privacy-respecting analytics tools to understand how visitors navigate our website — which pages are viewed most, how users arrive at our site, and where they leave. This data is aggregated and anonymised; it is not linked to individual users. You may opt out of analytics cookies through your browser settings or by using our cookie preference centre.
We do not use advertising, tracking, or cross-site profiling cookies. You can manage your cookie preferences at any time through your browser settings. Note that disabling functional cookies may affect your ability to use the portal.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our privacy team:
This Privacy Policy was last updated in March 2025. We reserve the right to update this policy from time to time to reflect changes in our practices or in applicable law. We will notify registered users of any material changes by email and by posting a notice in the portal at least 14 days before the changes take effect.