Last updated: 1 January 2024
​
1.INTRODUCTION:
​
At Mobeep LLC, we understand the importance of privacy and are committed to protecting the personal data entrusted to us by our clients. As a rapidly growing and globally active provider of telecom and cloud communication services, Mobeep facilitates real-time delivery of Application-to-Person (A2P) messaging, such as alerts, one-time passwords (OTPs), transactional notifications, and promotional communications via SMS and related channels.
​
This Privacy Policy describes how we process personal data that is transmitted to our systems by enterprise clients, telecom aggregators, and service partners. Our services are strictly business-to-business (B2B) in nature, and we do not directly engage with or collect data from end users.
​
Mobeep acts solely as a data sub-processor or technical service provider, processing personal data only under the lawful instructions of our clients, who function as data controllers or primary processors. We do not determine the purposes or means of personal data processing, nor do we retain, analyze, or use this data for our own purposes. Once message delivery is complete, the data is automatically and permanently deleted from our systems, ensuring a stateless and privacy-respecting infrastructure.
​
This Privacy Policy is designed to be globally compliant and aligns with the key principles of internationally recognized data protection frameworks, including:

• The EU General Data Protection Regulation (GDPR)

• The UK Data Protection Act and UK GDPR

• The California Consumer Privacy Act (CCPA) and CPRA

• The Singapore Personal Data Protection Act (PDPA)

• The UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection And other applicable data protection regulations.

 
We apply a privacy-by-design and by-default approach across our services, and implement robust technical and organizational safeguards such as encryption, pseudonymisation, access control, and real-time data minimisation. This commitment helps our clients ensure compliance, maintain trust with their end users, and operate securely in diverse regulatory environments.
​
We encourage all our clients and partners to review this Privacy Policy carefully and reach out to us for any clarifications or compliance-related inquiries.
​
2. OUR ROLE AS A DATA SUB-PROCESSOR:
 
At Mobeep LLC, we function exclusively as a data sub-processor within the data processing ecosystem. This means that we process personal data solely on behalf of our clients, who act as either data controllers or primary data processorsunder the General Data Protection Regulation (GDPR).
​
We do not determine the purposes or the legal basis for which personal data is collected or processed. Instead, we act strictly under the documented instructions of our clients, as outlined in our service agreements or data processing agreements (DPAs). Our role is limited to providing the technical means and infrastructure necessary to transmit and deliver communication data (such as SMS or messaging content) from our clients to their intended end-users.
​
Key aspects of our role as a sub-processor include:

• No autonomy over personal data: We do not independently collect, analyze, use, or modify personal data. All processing is conducted as part of a defined service (e.g., message routing or delivery) initiated and controlled by our client.

• No data retention: We do not retain, store, or archive any personal data processed via our platform. Once the transmission task is completed—whether successful or failed—the data is immediately purged from our systems. Our systems are configured to support real-time, stateless processing.

• No profiling or data enrichment: We do not profile, categorize, or enhance any personal data received through our services. We do not share this data with any third parties except as strictly necessary to deliver the service and only under sub-processing agreements with equal or stronger data protection terms.

• Bound by client instructions and contracts: All data processing activities are governed by contracts that define the scope of our services and our obligations as a sub-processor, including confidentiality, security measures, and restrictions on further processing.

• Compliance with Data Protection Obligations: Mobeep, as a data sub-processor, upholds global data privacy standards by implementing strong technical and organizational measures. We ensure confidentiality, restrict access to authorized personnel, and use secure processing methods. Our operations support client compliance through audit assistance, breach notifications, and lawful data handling. All activities align with key privacy principles such as accountability, data minimisation, and privacy by design. (https://bit.ly/44j56yZ)

 
Ultimately, Mobeep does not act as a data controller and does not assume any legal or operational responsibility for determining how or why personal data is processed. Our services are built to support lawful processing by our clients and to ensure that privacy is protected through strict role segregation, technical security, and contractual controls.
 
3. PERSONAL DATA WE PROCESS:
 
On behalf of our clients, we may process the following personal data:​

• Email Address

• Phone Number

​
This data is transmitted through our telecom infrastructure for the sole purpose of delivering Application-to-Person (A2P) communication services such as SMS or messaging alerts.
 
4. HOW WE ACCESS YOUR DATA:
 
Mobeep accesses personal data only when it is transmitted to our systems by our clients as part of delivering A2P (Application-to-Person) communication services. This data typically flows through secure integration methods, such as APIs, SMS gateway configurations, or direct telecom routing systems. The data may include limited personal identifiers—such as a recipient’s name, phone number, or email address—required solely for message delivery.
​
We do not collect data from individuals directly, nor do we extract or retrieve data from any third-party sources. All data is processed in real time, without storage, and only for the duration necessary to complete the message transmission.
 
Access to this data is fully automated under system protocols and conducted strictly according to the instructionsprovided by the client (data controller or primary processor). In rare cases where manual access is necessary (e.g., for error resolution or legal compliance), such access is performed by authorized personnel only, is securely logged, and is governed by strict internal controls and confidentiality obligations to protect data privacy.
 
5. WHY WE ACCESS YOUR DATA:
 
We access personal data exclusively to carry out the communication services requested by our clients. This includes the delivery of alerts, one-time passwords (OTPs), transactional messages, service notifications, and permitted marketing communications to end-users via SMS or other messaging platforms. The data we process—typically names, phone numbers, or email addresses—is used only to ensure accurate and timely message delivery to the intended recipients.
 
We do not access or use personal data for our own purposes, such as internal analytics, advertising, user profiling, or data enrichment. Our involvement is purely operational and technical, carried out strictly under the client’s instructions and in accordance with contractual obligations. All processing activities are purpose-limited, ensuring we handle only the data necessary to perform the specific messaging service requested.
 
6. WHEN WE DELETE YOUR DATA:
 
Mobeep does not retain or store any personal data once the message delivery process is complete. All personal data transmitted through our systems is handled in real time and is automatically deleted immediately after the message is either successfully delivered or has failed.
 
Our platform is intentionally designed to be stateless, meaning it does not store personal identifiers—such as names, phone numbers, or email addresses—in logs, databases, or backups. This ensures that no residual data remains in our infrastructure beyond the limited window necessary for processing.
 
We do not create or maintain archives of personal data, and our systems are configured to minimize data exposure by default. This real-time deletion practice forms a key part of our privacy-by-design approach and supports our compliance with GDPR data minimization and storage limitation principles.

1. Individuals may have certain rights under applicable data protection laws, including the right to:

2. Access their personal data

3. Correct or update inaccuracies

4. Request deletion or restriction of processing

5. Object to processing

6. Withdraw consent (where applicable)

7. Request portability of data

 
As a data sub-processor, Mobeep is not authorized to respond to such requests directly. If we receive a request from a data subject, we will promptly forward it to the appropriate client (data controller or primary processor) for further handling. We support and cooperate with our clients to help them fulfill such requests in accordance with applicable legal requirements
 
7. WHETHER THE DATA IS ENCRYPTED:
 
Yes, all personal data processed through Mobeep’s systems is encrypted in transit using robust, industry-standard encryption protocols—primarily Transport Layer Security (TLS). This encryption ensures that personal data such as names, phone numbers, or email addresses remains secure and protected from interception, tampering, or unauthorized access while being transmitted between our clients, Mobeep’s platform, and downstream telecom partners.
 
In addition to encryption during transmission, we implement a range of security measures to protect the confidentiality and integrity of the data throughout its brief lifecycle on our platform. These include:

• Secure API access protected by authentication tokens and encryption

• Role-based access controls (RBAC) to limit internal access to only essential personnel

• Real-time monitoring and threat detection systems

• Regular security audits and compliance reviews

​
We do not store personal data, and therefore encryption at rest is not applicable. However, our infrastructure is designed with privacy and security by design and by default principles, in line with the requirements of the GDPR.
 
These measures help ensure that data processed through our systems remains secure, private, and inaccessible to unauthorized parties at all stages of its transit.
 
8. DATA SECURITY MEASURES:
 
Mobeep is committed to ensuring the security, integrity, and confidentiality of all personal data processed on behalf of its clients. Even though our processing is transient and we do not store personal data, we implement a comprehensive set of technical and organizational safeguards to minimize risk and uphold strong privacy protections.
 
Our data security practices include:

• Encryption in transit: All personal data transmitted via our systems is protected using strong, industry-standard encryption protocols such as Transport Layer Security (TLS), safeguarding it from interception or unauthorized access.

• Pseudonymisation: Where technically applicable and feasible, we implement pseudonymisation techniques—transforming personal data in a way that it can no longer be attributed to a specific individual without the use of additional information kept separately. This provides an additional layer of security during processing.

• Stateless architecture: Our platform is designed to be stateless, meaning we do not store personal data once message transmission is complete. No personal identifiers (e.g., names, phone numbers, email addresses) are retained post-processing.

• Access control and least privilege: We enforce strict role-based access controls (RBAC), ensuring that only authorized personnel may access systems and that access is granted solely on a need-to-know basis.

• API security and authentication: All integrations with our platform require secure API keys, authentication tokens, and (where applicable) IP whitelisting for added protection.

• Real-time monitoring and logging: Our infrastructure includes continuous system monitoring, anomaly detection, and secure audit trails for operational transparency and breach detection.

• Regular risk assessments and audits: We conduct internal reviews, vulnerability assessments, and periodic penetration tests to identify and address potential security gaps.
   

We are also committed to transparency in our security posture. Mobeep:

• Shares details of its security practices and subprocessors with clients upon request

• Cooperates fully with client audits and compliance reviews

• Assists clients in conducting Data Protection Impact Assessments (DPIAs) where needed

• Maintains documented incident response plans and breach notification procedures

 
All personnel with access to systems or data are subject to strict confidentiality obligations and receive ongoing training in data protection and cybersecurity best practices.
 
Our security approach follows privacy-by-design and by-default principles, ensuring personal data is always processed in a secure, minimal, and accountable manner.
 
9. DATA MINIMISATION AND PSEUDONYMISATION:
 
At Mobeep, we follow the principles of data minimisation and pseudonymisation to enhance privacy protection and reduce the risk associated with personal data processing.

• Data Minimisation:  We only process the minimum amount of personal data necessary to perform the specific service requested by our clients. This typically includes only basic identifiers such as a name, phone number, or email address required for message delivery. We do not collect or process any unnecessary or excessive data.

• Pseudonymisation: Where applicable, we apply pseudonymisation techniques during processing. This means replacing identifying information with coded or tokenized values so that the data cannot be attributed to an individual without the use of additional, separately stored information. Pseudonymisation adds an extra layer of protection in case of any unauthorized access during the short duration data is in transit through our systems.

 
These practices are part of our commitment to privacy-by-design and by-default, ensuring that personal data is processed securely, minimally, and in alignment with best practices across global privacy laws.
 
10. Third-Party Involvement or Access:
 
To deliver our services efficiently, Mobeep may engage trusted third-party service providers, such as telecom operators, cloud service providers, and infrastructure partners. These entities may access personal data only to the extent necessary to assist in message routing or platform functionality.
 
All such third parties are subject to confidentiality obligations and binding contractual agreements that include data protection and security terms consistent with this policy. Mobeep conducts due diligence to ensure that any third party we work with maintains high standards of data protection and security.
 
We do not sell, rent, or trade personal data, and we do not use personal data for any purpose other than delivering our services on behalf of our clients.
 
Cross border data transfer: As a global service provider, Mobeep may process data using infrastructure located in different countries. When personal data is transmitted across borders, we ensure that such transfers are subject to appropriate safeguards to maintain the same level of protection as required under applicable data privacy laws. This includes ensuring that any third parties or subprocessors involved in international data processing adhere to contractual obligations, including the implementation of adequate security measures, confidentiality agreements, and compliance with cross-border transfer standards (e.g., contractual clauses or binding corporate rules, as required by jurisdiction.
 
11. DATA BREACH NOTIFICATION:
 
Mobeep has implemented internal protocols to detect, investigate, and respond to any actual or suspected data security incidents. While we do not retain personal data beyond the delivery process, we remain committed to ensuring that any potential breach involving data processed through our systems is promptly addressed.
 
In the event of a confirmed or likely unauthorized access, disclosure, or compromise of personal data processed on behalf of our clients, Mobeep will:

• Notify the affected client(s) within 48 hours of becoming aware of the breach

• Provide a summary of known facts, including the nature of the breach, systems affected, and any preliminary impact assessment

• Outline the immediate steps taken or planned to mitigate the risk and prevent recurrence

• Assist the client, as needed, in fulfilling their own legal or regulatory breach notification obligations, including communication with affected individuals or supervisory authorities

​
Mobeep’s incident response plan is reviewed and tested periodically to ensure its effectiveness in managing and minimizing the risk of security events.
 
12. DATA RETENTION AND DISPOSAL:
 
As Mobeep processes data in real-time and does not retain personal data beyond the delivery of a message, no long-term storage or retention policies apply. However, we do retain limited, non-identifiable metadata (such as timestamps, delivery status, and message IDs) for operational integrity, billing, or compliance purposes.
​
This metadata does not contain personal identifiers and is purged or anonymized within predefined retention periods in line with applicable legal and contractual requirements.
 
13. CHANGES TO THIS POLICY:
 
Mobeep may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or privacy best practices. When we make material changes, we will:

• Update the “Last Updated” date at the top of the policy

• Notify our clients through appropriate communication channels

• Provide an opportunity for clients to review and raise any concerns
   

Continued use of our services after any updates shall be deemed as acceptance of the revised policy, to the extent permitted by law.
 
14. LEGAL BASIS OF PROCESSING:
 
Mobeep acts solely as a service provider or data sub-processor, meaning we process personal data only on behalf of and under the direction of our clients. We do not collect, determine the means of processing, or define the legal grounds for such processing. The responsibility for establishing a lawful basis for the collection and use of personal data lies entirely with our clients, who act as data controllers or primary processors.
 
Our clients may rely on a variety of legal bases, depending on their jurisdiction and the nature of their services. These may include:

• The individual’s consent to receive a communication or service

• Performance of a contract, such as delivering a transactional message or notification

• Compliance with a legal obligation, such as sending regulatory alerts

• The client’s legitimate business interest, provided it does not override the individual’s rights

• Other grounds recognized under relevant data protection or consumer privacy laws

 
Mobeep does not validate, monitor, or control the legal basis asserted by our clients. Instead, we operate as a neutral technical platform that supports the secure and efficient delivery of messages and communications as directed.
 
To ensure compliance with applicable data protection laws, we enter into binding service or data processing agreements with our clients. These agreements define the scope of our responsibilities, including:

• Our obligation to act only on documented instructions

• Our commitment to implement appropriate security measures

• Our duty to assist clients in fulfilling their legal obligations, where applicable

• Our restrictions on further processing or data sharing

• Our support in responding to regulatory inquiries related to processing activities

 
Mobeep encourages its clients to be transparent with their own users regarding how their data is collected and used, including the engagement of third-party service providers like Mobeep.
 
15. CHILDREN’S DATA:
 
Mobeep’s services are designed for business and enterprise use and are not intended for individuals under the age of 16, or the minimum age of digital consent as defined under applicable laws in the relevant jurisdiction.
 
We do not knowingly process or facilitate the transmission of personal data relating to children or minors. Our clients, as data controllers, are responsible for ensuring that any data transmitted through our platform is lawfully collected and does not violate age-related consent requirements.
 
If Mobeep becomes aware that it has inadvertently processed personal data of a child without the necessary consent or authorization, we will take immediate steps to delete such data and notify the relevant client.
 
16. CONTACT INFORMATION AND DATA PROTECTION OFFICER:
 
If you have any questions, concerns, or requests relating to this Privacy Policy or how Mobeep processes personal data on behalf of its clients, you may contact us using the details below:
Privacy Contact – Mobeep LLC
Email: management@mobeep.io, legal@mobeep.io

We will respond to all legitimate inquiries in a timely and transparent manner, typically within the timeframe required by applicable data protection laws.
 
COOKIE POLICY
​
Last Updated: 1 January 2024
​
At Mobeep LLC, we respect your privacy and are committed to being transparent about how we use cookies and similar technologies when you visit our website. This Cookie Policy explains what cookies are, how we use them, and your choices regarding their use.
​
1. What Are Cookies?
​
Cookies are small text files that a website places on your device when you visit. They are widely used to make websites work, improve performance, and provide information to the site owners.
​
Cookies can be:

• Session cookies: Deleted when you close your browser

• Persistent cookies: Remain on your device for a set period

• First-party cookies: Set by the website you are visiting

• Third-party cookies: Set by a different domain, often for analytics or advertising

​
2. How We Use Cookies:
 
Mobeep uses cookies in a limited and privacy-conscious manner. We do not use cookies to collect personal data or track individual user behavior for marketing purposes.
 
We may use cookies for the following purposes:

• Essential cookies – to enable basic website functionality and security features

• Performance cookies – to monitor website performance and usage (e.g., page load times)

• Analytics cookies – to understand how visitors interact with the site (aggregated and anonymized data only)

 
We do not use advertising, profiling, or behavioral tracking cookies.
 
3. Cookies We May Use:
​
Essential:

• Purpose: Enables core site functionality (e.g. login, navigation)

• Duration: Session-based

​
Analytics (e.g. Google Analytics):

• Purpose: Tracks aggregate website usage statistics (IP anonymized)

• Duration: Persistent (e.g., 6 months)

​
Note: Third-party services we use (e.g., analytics or content delivery networks) may place their own cookies. These cookies are governed by their respective privacy policies.
 
4. Managing Cookie Preferences:
 
Most browsers allow you to control cookie settings. You can:

• Accept or reject cookies by adjusting your browser settings

• Delete cookies already stored on your device

• Use browser add-ons to block third-party scripts

​
Please note that disabling essential cookies may affect website functionality.
​
5. Updates to This Cookie Policy:
 
We may update this Cookie Policy from time to time to reflect changes in technology, legal requirements, or our operations. The latest version will always be available on this page.