Privacy Policy
Privacy Policy Overview
This Privacy Policy explains how GSMXCODE collects, uses, discloses, and protects your personal information. We are committed to transparency and compliance with global privacy regulations including GDPR, CCPA, and other applicable laws.Policy Sections
Your Rights
1. Introduction & Scope
1.1. Policy Application
This Privacy Policy applies to all personal data collected by GSMXCODE through our Platform, services, and any related interactions. This policy is incorporated by reference into our Terms of Service.
1.2. Legal Compliance
We comply with global privacy regulations including:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA)
- Other applicable national laws
1.3. Data Controller Information
GSMXCODE acts as the data controller for personal data processed through our Platform:
GSMXCODE
Email: [email protected]
2. Data We Collect
2.1. Personal Information Collected
We collect the following categories of personal data:
| Data Category | Examples | Collection Method | Legal Basis |
|---|---|---|---|
| Identity Information | Name, business name, tax ID | Account registration, KYC verification | Contract necessity, legal obligation |
| Contact Information | Email, phone, business address | Account registration, support requests | Contract necessity, legitimate interest |
| Financial Information | Payment method, transaction history | Payment processing, order fulfillment | Contract necessity, legal obligation |
| Technical Information | IP address, device info, browser data | Automated collection, analytics | Legitimate interest, consent |
| Service Data | IMEI numbers, device models, order details | Service usage, order processing | Contract necessity, legitimate interest |
| Communication Data | Support tickets, chat transcripts, emails | Customer interactions | Contract necessity, legitimate interest |
2.2. KYC/AML Data Collection
For compliance with financial regulations and payment processor requirements, we may collect:
- Government-issued identification documents
- Proof of business address and registration
- Proof of payment method ownership
- Business license and certification documents
2.3. Automated Data Collection
We automatically collect technical information including:
- IP addresses and geographic location data
- Device type, operating system, and browser information
- Usage patterns and platform interaction data
- Security and authentication logs
3. How We Use Your Data
3.1. Primary Usage Purposes
We use personal data for the following business purposes:
| Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Service Delivery | Identity, contact, service, technical | Contract necessity |
| Payment Processing | Financial, identity, contact | Contract necessity, legal obligation |
| Customer Support | Contact, communication, service | Contract necessity, legitimate interest |
| Security & Fraud Prevention | Technical, financial, identity | Legitimate interest, legal obligation |
| Legal Compliance | All categories as required | Legal obligation |
| Service Improvement | Technical, usage patterns, service | Legitimate interest |
| Marketing & Communications | Contact, usage patterns | Consent, legitimate interest |
3.2. Legitimate Business Interests
We process data based on legitimate interests including:
- Platform security and abuse prevention
- Service quality improvement and optimization
- Business operations and administrative purposes
- Network and information security
- Direct marketing (where permitted by law)
3.3. Legal Basis for Processing
All data processing activities are based on one or more legal grounds:
Contract Necessity
Processing required to fulfill our contractual obligations to you.
Legal Obligation
Processing required to comply with legal and regulatory requirements.
Legitimate Interest
Processing necessary for our legitimate business interests.
Consent
Processing based on your explicit consent for specific purposes.
4. Data Sharing & Disclosure
4.1. Third-Party Service Providers
We share data with the following categories of service providers:
| Service Provider Category | Data Shared | Purpose | Safeguards |
|---|---|---|---|
| Payment Processors | Financial, identity, contact | Payment processing, fraud prevention | Contractual, PCI DSS compliance |
| Cloud Infrastructure | All data categories | Platform hosting, data storage | Encryption, access controls |
| Communication Services | Contact, communication | Customer support, notifications | Contractual, encryption |
| Analytics Providers | Technical, usage patterns | Service improvement, analytics | Anonymization, contractual |
| Third-Party Developers | Service data, technical | Service fulfillment, support | Contractual, limited access |
4.2. Legal Disclosures
We may disclose personal data when required by law or necessary to:
- Comply with legal processes or governmental requests
- Protect our rights, property, or safety
- Enforce our Terms of Service or other agreements
- Prevent or investigate fraud, security breaches, or other wrongdoing
4.3. Business Transfers
In the event of a merger, acquisition, or sale of all or portion of our assets, user data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.
5. Data Protection & Security
5.1. Security Measures
We implement comprehensive technical and organizational security measures:
Technical Measures
- SSL/TLS encryption for data transmission
- Encrypted data storage at rest
- Regular security audits and testing
- DDoS protection and mitigation
- Secure API authentication
Organizational Measures
- Employee privacy and security training
- Access controls and role-based permissions
- Regular security policy reviews
- Incident response procedures
- Vendor security assessments
5.2. Data Breach Procedures
In the event of a data breach, we will:
- Immediately investigate and contain the breach
- Notify affected users and regulatory authorities as required by law
- Provide guidance on protective measures users can take
- Implement corrective actions to prevent future breaches
5.3. Security Limitations
While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining appropriate safeguards.
6. Your Privacy Rights
6.1. Comprehensive Rights Overview
Depending on your location and applicable laws, you may have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request copies of your personal data | Submit request via email or platform |
| Correction | Request correction of inaccurate data | Update profile or submit request |
| Deletion | Request deletion of your personal data | Submit deletion request via email |
| Portability | Request transfer of your data to another service | Submit request via email |
| Objection | Object to certain processing activities | Adjust settings or submit request |
| Restriction | Request restriction of processing | Submit request via email |
| Withdraw Consent | Withdraw previously given consent | Adjust settings or submit request |
| Opt-Out | Opt-out of marketing communications | Use unsubscribe link or adjust settings |
6.2. Exercise Your Rights
To exercise your privacy rights:
- Email: [email protected] with "Privacy Rights Request" in subject
- Use platform privacy settings where available
- Contact us through our support channels
We respond to all legitimate requests within 30 days and may request verification of your identity before processing.
6.3. Complaint Procedures
If you have concerns about our data handling practices, you may:
- Contact us first to resolve the issue directly
- Lodge a complaint with your local data protection authority
- Seek legal remedies as provided by applicable law
7. Cookies & Tracking Technologies
7.1. Cookies Usage
We use cookies and similar technologies for the following purposes:
| Cookie Category | Purpose | Duration | Control Options |
|---|---|---|---|
| Essential | Platform functionality, security, authentication | Session to 1 year | Required for service |
| Performance | Analytics, service improvement | 24 hours to 2 years | Browser settings, opt-out |
| Functional | Preferences, personalization | 90 days to 1 year | Platform settings |
| Marketing | Advertising, retargeting | 90 days to 2 years | Opt-out, consent management |
7.2. Cookie Management
You can control cookies through:
- Browser settings to block or delete cookies
- Our cookie consent management platform
- Opt-out mechanisms for specific tracking technologies
- Platform privacy settings where available
8. International Data Transfers
8.1. Global Operations
As a global service provider, we may transfer and process data internationally:
- Primary data processing in the Singapore
- Backup and disaster recovery in multiple jurisdictions
- Third-party service providers located globally
8.2. Transfer Safeguards
All international data transfers are protected by appropriate safeguards:
- EU Standard Contractual Clauses (SCCs)
- UK International Data Transfer Agreement
- Adequacy decisions where applicable
- Binding Corporate Rules for intra-company transfers
- Additional technical and organizational measures
8.3. Legal Basis for Transfers
International data transfers are conducted under legal mechanisms that ensure adequate protection of your personal data in compliance with applicable privacy laws.
9. Data Retention
9.1. Retention Periods
We retain personal data only as long as necessary for legitimate business purposes:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account Data | 5 years after account closure | Legal obligation, business records |
| Financial Records | 7 years after transaction | Legal obligation, tax compliance |
| Service Data | 3 years after service completion | Business operations, support |
| Communication Data | 3 years after last contact | Business operations, quality assurance |
| Technical & Log Data | 2 years from collection | Security, analytics, improvement |
| Marketing Data | 2 years after last interaction | Business development, consent period |
9.2. Deletion Procedures
Upon expiration of retention periods, data is:
- Permanently deleted from active systems
- Removed from backup systems during routine cycles
- Anonymized for statistical purposes where appropriate
10. Children's Privacy
10.1. Age Restrictions
Our services are not intended for individuals under the age of 18:
- We do not knowingly collect data from children under 18
- Accounts may only be created by individuals 18 years or older
- Business accounts require proof of business registration
10.2. Parental Controls
If you believe we have collected data from a child under 18, please contact us immediately at [email protected] and we will promptly investigate and take appropriate action.
11. Policy Updates
11.1. Update Procedures
We may update this Privacy Policy to reflect:
- Changes in our data processing practices
- Legal or regulatory requirements
- Service enhancements or modifications
- User feedback and industry standards
11.2. Notification of Changes
For material changes, we provide:
- 30 days advance notice via email
- Platform notifications and announcements
- Updated effective date clearly displayed
- Summary of key changes
11.3. Continued Use
Continued use of our services after policy updates constitutes acceptance of the modified terms. Users who do not agree with changes should cease using our services and request account deletion.
15. Official Contact & Support
GSMXCODE
Email: [email protected]
Live Chat: Available via the Platform
Effective Date: October 24, 2025
Support Hours: Monday – Friday, 9:00 AM – 5:00 PM
(MST)
Response Time: We strive to respond to all
inquiries within 12 business hours.