Privacy Policy

This Privacy Policy explains how SMS-LAH, a product of IT Paradise Solutions Sdn. Bhd. ("we", "us", or "our"), collects, uses, discloses, and safeguards personal data when you use our website at smslah.io and our SMS marketing platform (collectively, the "Service"). Please read this policy carefully. By using our Service, you agree to the practices described herein.

1. Who We Are

SMS-LAH is operated by IT Paradise Solutions Sdn. Bhd., incorporated in Malaysia. Our principal place of business and contact address is as set out in Section 11 below. We are committed to handling all personal data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

2. Data We Collect

We collect the following categories of personal data:

• Account Information: Name, email address, phone number, company name, and password (hashed) when you register for an account.
• Billing Data: Transaction records, credit purchase history, and invoice references. Payment processing is handled by authorised third-party payment processors; we do not store full card numbers.
• Usage Data: Campaign records, message content you compose, contact lists you upload, delivery reports, and platform activity logs.
• Contact Data You Upload: Phone numbers, names, and any custom fields of your recipients that you import into the platform. You are responsible for obtaining lawful consent from those contacts.
• Technical Data: IP address, browser type, device information, and cookies as described in Section 5.
• Communication Records: Emails and support tickets you send to us.

3. How We Use Your Data

We use personal data to:

• Provide, operate, and improve the Service.
• Process credit purchases and maintain your account balance.
• Deliver SMS campaigns on your behalf via telecommunications carriers.
• Send you service notifications, billing alerts, and low-credit warnings.
• Respond to support enquiries and handle complaints.
• Conduct analytics to understand how the platform is used and improve features.
• Comply with applicable law, regulations, court orders, or lawful government requests.
• Detect and prevent fraud, abuse, or unauthorised access.

We will not use your personal data or your contact upload data for our own marketing purposes unless you have explicitly opted in.

4. Data Sharing & Disclosure

We do not sell your personal data. We may share it with:

• Telecommunications Carriers: Phone numbers and message content are passed to carrier partners solely for the purpose of SMS delivery.
• Payment Processors: Billing data is processed by authorised payment gateway providers under their own privacy policies.
• Cloud & Infrastructure Providers: Data may be stored on servers hosted by reputable cloud providers. Data residency is primarily in Malaysia and/or Singapore.
• Legal Authorities: Where required by Malaysian law, court order, or regulatory authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality obligations.

5. Cookies

Our website uses the following types of cookies:

• Essential Cookies: Required for platform authentication and session management. These cannot be disabled.
• Analytics Cookies: Help us understand page usage and improve content. These are anonymised where possible.
• Preference Cookies: Remember your settings such as language and display preferences.

You may control non-essential cookies through your browser settings. Disabling cookies may affect certain platform features.

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data is retained for the duration of your account and for 7 years after closure for compliance purposes.
• Campaign and message logs are retained for 12 months by default and may be deleted upon request thereafter.
• Contact upload data is retained until you delete it from the portal or close your account.

7. Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

• TLS/HTTPS encryption for all data in transit.
• AES-256 encryption at rest for sensitive stored data.
• Role-based access controls and audit logs for internal systems.
• Regular security assessments and penetration testing.

While we take all reasonable steps to protect your data, no method of transmission over the Internet is completely secure. Please notify us immediately at it@mobile360.cc if you suspect any unauthorised access.

8. Your Rights

Under the PDPA and applicable law, you have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Withdraw consent for processing (where processing is consent-based), noting this may affect your ability to use the Service.
• Request deletion of your account and associated data, subject to legal retention requirements.

To exercise any of these rights, please email it@mobile360.cc with the subject line "Data Privacy Request". We will respond within 21 days.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered account holders or by posting a prominent notice on our website. The "Last updated" date at the top of this page will reflect the most recent revision. Continued use of the Service following notification of changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our designated Personal Data Compliance Officer:

• Email: it@mobile360.cc
• Company: IT Paradise Solutions Sdn. Bhd.
• Country: Malaysia