1. Introduction

IPROG TECH ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SMS API services. By accessing or using our services, you consent to the practices described in this policy.

2. Information We Collect

We collect the following types of information when you use our services:

Personal Information

Name, Email Address, Phone Number

Usage Data

API usage, message logs, timestamps

Account Information

Credentials, billing details, preferences

Technical Data

IP address, device information, browser type

2.0 Purpose of Data Collection

We collect personal information to provide, maintain, and improve our SMS API services. Specifically:

• Personal Information: To create and manage your account, authenticate your identity, and communicate with you about our services.
• Usage Data: To process SMS messages, monitor service performance, prevent abuse, and provide customer support.
• Account Information: To process payments, manage billing, and maintain your account preferences.
• Technical Data: To ensure security, prevent fraud, troubleshoot technical issues, and comply with legal obligations.

2.1 Account Verification (KYC) Information

Starting January 1st, 2026, account verification (Know Your Customer - KYC) is required. When you complete account verification, we collect additional information:

Purpose of KYC Data Collection:

We collect KYC information to verify user identity, comply with telecommunications regulations, prevent fraud and abuse, ensure compliance with legal requirements, and maintain the security and integrity of our SMS API services. This verification process helps us protect both our platform and our users from unauthorized access and misuse.

For Student Accounts:

• Valid identification documents (government-issued ID)
• Educational institution information (school name, course/program)
• Project details (project title, description)
• Team member information (names, email addresses, courses, social media links) if applicable

For Business Accounts:

• Valid identification documents (government-issued ID)
• Business registration documents
• Business information (company name, TIN, business address)
• Business owner contact information (Philippine mobile number)

For All Accounts:

• SMS template information (header text, footer text, sample message content)
• Verification status and approval history

2.2 Payment Proof Documents

When you make a payment, we collect payment proof documents (receipts, screenshots, transaction records) to verify and process your payment transactions.

Purpose of Payment Proof Data Collection:

We collect payment proof documents to verify payment transactions, process account credits, prevent payment fraud, resolve billing disputes, maintain financial records, and comply with financial regulations and audit requirements.

2.3 Sender Name Registration Documents

When you register a custom sender name, we collect business documents including letter of agreement and company logo for verification and approval purposes.

Purpose of Sender Name Documents Collection:

We collect sender name registration documents to verify business identity, ensure compliance with telecommunications regulations, prevent misuse of sender names, maintain sender name registry records, and protect against spam and fraudulent messaging.

2.4 SMS Message Logs

When you send SMS messages through our API, we collect and store message logs containing phone numbers, message content, delivery status, and timestamps.

Purpose of SMS Message Logs Collection:

We collect SMS message logs to deliver your messages, track delivery status, provide customer support, troubleshoot delivery issues, prevent spam and abuse, comply with telecommunications regulations, and maintain service quality and reliability.

3. How We Use Your Information

We use the information we collect for the following purposes:

To provide, maintain, and improve our SMS API services
To process transactions, manage accounts, and handle billing
To communicate with you about your account, services, and support requests
To send SMS messages as requested through our API
To monitor and analyze usage patterns and improve service performance
To detect, prevent, and address technical issues and security threats
To verify user identity and conduct account verification (KYC) as required by telecommunications regulations
To create and manage SMS templates based on verified account information
To comply with legal and regulatory requirements, including telecommunications and data privacy laws

4. Sharing Your Information

We may share your information in the following circumstances:

Service Providers

We work with trusted third-party vendors who perform services on our behalf, such as cloud hosting, payment processing, SMS gateway providers, and data analytics. These providers are contractually obligated to protect your information.

Legal Compliance

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

5. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure API endpoints with rate limiting and monitoring

KYC Data Access Control:

Raw KYC data, including identification documents, business registration documents, and all associated verification information, is accessible only to authorized administrators with appropriate security clearance. Regular users can only view their own verification status and basic information submitted, but cannot access the raw documents or detailed verification records. This admin-only access ensures that sensitive personal information is protected and only accessed when necessary for verification, compliance, or support purposes.

Payment and Financial Documents Access Control:

Payment proof documents (receipts, screenshots, and other financial documents) are accessible only to authorized administrators for payment verification and processing purposes. Regular users can view their own payment status and transaction history, but cannot access raw payment documents uploaded by other users. This admin-only access protects sensitive financial information and ensures proper payment processing.

Sender Name Documents Access Control:

Business documents submitted for sender name registration (letter of agreement, company logos, and related documents) are accessible only to authorized administrators for verification and approval purposes. Regular users can view their own sender name request status, but cannot access raw documents or detailed verification records of other users. This admin-only access protects business-sensitive information.

SMS Message Logs Access Control:

SMS message logs containing phone numbers and message content are accessible only to authorized administrators for support, troubleshooting, and compliance purposes. Regular users can only view their own message history and logs. This admin-only access ensures that personal communication data is protected and only accessed when necessary for service delivery or legal compliance.

Personal Information, Account Information, and Technical Data Access Control:

Personal information (name, email, phone number), account information (credentials, billing details), and technical data (IP addresses, device information) are accessible to authorized administrators for account management, customer support, security monitoring, fraud prevention, and compliance purposes. Regular users can view and manage their own information through their account dashboard. Admin access to user data across all accounts is restricted to authorized personnel only and is logged for security and audit purposes.

Note: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

You have the following rights regarding your personal data:

Access

Request a copy of your personal data

Update

Correct inaccurate or incomplete information

Delete

Request deletion of your personal data

Object

Opt-out of certain data processing activities

To exercise any of these rights, please contact us at admin@iprogtech.com. We will respond to your request within 30 days.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

• The nature of the data and the purpose for which it was collected
• Legal, regulatory, and contractual requirements
• Operational needs, such as account management and dispute resolution

KYC and Verification Data: Account verification information, including identification documents, business registration documents, and related verification data, are retained in accordance with telecommunications regulations and data privacy laws. This data may be retained for the duration of your account and for a reasonable period after account closure or termination as required by law for regulatory compliance, dispute resolution, and fraud prevention purposes.

Automatic Deletion: Raw KYC data (including uploaded identification documents and business registration documents) will be automatically deleted 24 months after account closure or termination, unless a longer retention period is required by law or for ongoing legal proceedings. After this period, only anonymized metadata necessary for compliance records may be retained.

Payment Proof Documents: Payment receipts, screenshots, and other financial documents are retained for the duration of your account and for 12 months after account closure or the last payment transaction, whichever is later. This retention period is necessary for financial record-keeping, dispute resolution, and compliance with financial regulations.

Automatic Deletion: Payment proof documents will be automatically deleted 12 months after account closure or the last payment transaction, unless required for ongoing disputes or legal proceedings.

Sender Name Documents: Business documents (letter of agreement, company logos) submitted for sender name registration are retained for the duration of your account and for 12 months after account closure or sender name deactivation, whichever is later. This retention period is necessary for verification records and compliance purposes.

Automatic Deletion: Sender name documents will be automatically deleted 12 months after account closure or sender name deactivation, unless required for ongoing verification or legal proceedings.

SMS Message Logs: SMS message logs containing phone numbers and message content are retained for 6 months for operational purposes, troubleshooting, and customer support. After this period, message content is automatically deleted, and only anonymized metadata (timestamps, delivery status) may be retained for analytics and compliance purposes.

Automatic Deletion: SMS message content and phone numbers will be automatically deleted 6 months after message delivery, unless required for ongoing support requests or legal compliance.

Personal Information: Name, email address, and phone number are retained for the duration of your account and for 12 months after account closure, unless required for ongoing legal proceedings or compliance purposes.

Automatic Deletion: Personal information will be automatically deleted 12 months after account closure, unless required by law or for ongoing legal proceedings.

Account Information: Credentials, billing details, and account preferences are retained for the duration of your account and for 12 months after account closure, unless required for financial record-keeping, dispute resolution, or legal compliance.

Automatic Deletion: Account information will be automatically deleted 12 months after account closure, except for billing records which may be retained for 7 years as required by financial regulations.

Usage Data (API Usage, Timestamps): API usage statistics, timestamps, and non-content usage metadata are retained for 24 months for analytics, service improvement, and compliance purposes.

Automatic Deletion: Usage data will be automatically deleted 24 months after collection, unless required for ongoing support requests or legal compliance.

Technical Data: IP addresses, device information, and browser type are retained for 12 months for security monitoring, fraud prevention, and troubleshooting purposes.

Automatic Deletion: Technical data will be automatically deleted 12 months after collection, unless required for ongoing security investigations or legal compliance.

When your data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a notice on our website or through our API

Your continued use of our services after the changes become effective constitutes acceptance of the updated Privacy Policy.

Privacy Policy