1. Introduction
The purpose of this Privacy Policy is to inform users about how LightningMSG collects, processes, stores, and protects personal data during the use of the Service.
Data Controller:
SC Saker Soft SRL-D
Tax ID: RO41417987
Registration Number: J26/150/2014
Registered office:
17/32 Infratirii Street
540559 Târgu Mureș
Mureș County
Romania
Website:
lightningmsg.com
Contact:
contact@lightningmsg.com
The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679).
2. Role of the Data Controller
During the operation of the LightningMSG service, SC Saker Soft SRL-D acts as the Data Controller for personal data related to user accounts.
In certain situations, LightningMSG may act as a technical service provider when the User sends SMS messages through their own systems using the LightningMSG platform.
In such cases, the User is responsible for ensuring that the processing of personal data transmitted through the Service has an appropriate legal basis.
3. What Data Do We Collect?
LightningMSG may collect and process the following categories of data:
3.1. Registration Data
When creating a user account, we may collect:
name;
email address;
encrypted password;
country;
city;
gender (if provided by the User).
User passwords are not stored in a reversible format and cannot be retrieved by LightningMSG.
3.2. Purchase and Billing Data
When the User purchases a paid package, we may process:
name;
email address;
billing information;
company name;
tax identification information;
company-related details;
transaction information.
These data are processed for:
providing the Service;
issuing invoices;
fulfilling legal obligations.
3.3. SMS Sending Data
When sending SMS messages, the system may store:
recipient phone number;
SMS content;
sending date and time;
SMS status;
delivery status;
technical error information.
These data are required for:
operating the Service;
verifying sent messages;
displaying message history;
troubleshooting technical issues.
3.4. API Data
When using the LightningMSG API, we may process:
API key information;
API request timestamps;
technical request information;
system responses;
error codes;
usage statistics.
The User is responsible for maintaining the confidentiality of API keys.
3.5. Webhook Data
When using Webhook notifications, we may process:
configured Webhook URLs;
configured Header parameters;
sent notification data;
received responses;
HTTP status codes;
error information.
These data are necessary for operating, monitoring, and troubleshooting the Webhook service.
3.6. Android Application Data
For the “Own Android SMS” service, we may process:
application connection status;
technical device identifiers;
application version;
communication status;
last connection time.
LightningMSG does not access:
personal photos;
personal files;
private contacts;
other information not required for the operation of the Service.
4. Purposes of Data Processing
LightningMSG processes personal data only for clear, lawful, and necessary purposes related to the operation of the Service.
The main purposes of data processing include:
4.1. Providing the Service
Data processing is necessary for LightningMSG to:
create and manage user accounts;
provide SMS sending functionality;
provide API integration;
manage purchased packages;
enable the Android SMS service;
display message history;
ensure proper operation of the platform.
4.2. User Identification and Security
Data may be used for:
identifying users;
preventing unauthorized access;
protecting user accounts;
investigating security incidents;
preventing misuse of the Service.
4.3. SMS Sending and Status Tracking
SMS-related data is processed for:
transmitting SMS messages;
monitoring message status;
displaying message history;
detecting technical errors;
providing delivery information to the User.
4.4. Technical Support and Troubleshooting
Technical data and system logs may be used for:
identifying errors;
improving the Service;
analyzing technical problems;
maintaining platform security.
4.5. Compliance with Legal Obligations
Certain data may be processed for:
accounting and tax obligations;
issuing invoices;
responding to official requests;
protecting legal rights and interests of the Operator.
5. Legal Basis for Processing
LightningMSG processes personal data based on the following legal grounds:
5.1. Performance of a Contract
Processing is necessary to provide the services requested by the User, including:
account creation;
SMS service delivery;
API usage;
management of purchased packages.
5.2. Compliance with Legal Obligations
Certain data are processed to comply with legal requirements, including:
tax documentation;
accounting records;
legal obligations.
5.3. Legitimate Interest
LightningMSG may process data based on legitimate interest for:
protecting infrastructure;
preventing fraud;
preventing abuse;
improving the Service;
analyzing technical issues;
maintaining cybersecurity.
5.4. Consent
In certain cases, processing may be based on the User’s consent.
The User has the right to withdraw consent when processing is based exclusively on consent.
6. Data Retention Periods
LightningMSG stores personal data only for the period necessary to fulfill the purposes for which the data was collected.
User Account Data
Account-related data are stored while the account remains active or until deletion is requested, except where legal retention obligations apply.
SMS Data
SMS-related data may be stored for:
Service operation;
message history;
transmission verification;
troubleshooting;
security purposes.
The exact retention period may vary depending on technical, operational, and legal requirements.
API and Webhook Logs
Technical logs may be stored for:
security monitoring;
troubleshooting;
service reliability;
auditing purposes.
Billing Data
Billing and accounting data are stored for the period required by applicable laws.
7. Data Security
LightningMSG applies appropriate technical and organizational measures to protect personal data.
These measures may include:
secure data storage;
password protection;
access control;
permission management;
system monitoring;
activity logging;
protection against unauthorized access.
The User is responsible for protecting their own access credentials, including:
account password;
API keys;
access tokens.
LightningMSG is not responsible for security incidents resulting from improper protection or disclosure of these credentials by the User.
8. Third-Party Service Providers
To operate the Service, LightningMSG may use third-party providers that supply necessary technical infrastructure.
These may include:
hosting providers;
infrastructure providers;
payment processors;
email service providers;
technical partners.
LightningMSG takes reasonable measures to ensure that such providers maintain appropriate security and data protection standards.
9. User Rights Under GDPR
Under GDPR, Users have the following rights:
9.1. Right to Information
The User has the right to request information regarding how their personal data is processed.
9.2. Right of Access
The User may request access to the personal data stored about them.
9.3. Right to Rectification
The User may request correction of inaccurate or incomplete personal data.
9.4. Right to Erasure
The User may request deletion of personal data where no legal reason exists for continued storage.
9.5. Right to Restriction of Processing
In certain situations, the User may request limitation of the processing of their personal data.
9.6. Right to Data Portability
The User may request their personal data in a structured, commonly used, and machine-readable format where applicable.
10. Data Deletion and Account Closure
The User has the right to request deletion of their personal data.
Before processing a deletion request, LightningMSG may verify the identity of the requester in order to prevent unauthorized deletion of personal information.
Data deletion may not be performed immediately in all cases, especially where:
legal obligations require data retention;
legal proceedings are ongoing;
data is required for establishing, exercising, or defending legal claims;
data is required for security or auditing purposes.
When an account is deleted:
user access may be disabled;
active services may be terminated;
personal data that is not subject to mandatory retention may be removed.
Data that must be retained according to applicable law (such as billing and accounting records) will be stored for the legally required period.
11. Cookies and Similar Technologies
The LightningMSG website may use cookies and similar technologies to ensure proper operation of the platform.
Cookies may be used for:
maintaining user sessions;
improving security;
remembering user preferences;
improving website functionality;
analyzing service performance.
The User may manage or disable cookies through their browser settings.
Disabling certain cookies may affect the functionality of some features of the website.
12. Security Incidents and Personal Data Breaches
LightningMSG applies reasonable security measures to prevent incidents affecting personal data.
If an incident occurs that may result in unauthorized access, loss, or disclosure of personal data, LightningMSG will:
investigate the incident;
identify the cause;
take appropriate measures to reduce possible impact;
notify affected parties when required;
comply with applicable legal obligations.
LightningMSG is not responsible for security incidents caused by:
improper use of the User’s device;
disclosed passwords;
exposed API keys;
failure of the User to apply appropriate security measures.
13. International Data Transfers
To provide the Service, certain data may be processed by external providers that support the technical infrastructure of LightningMSG.
These may include:
server providers;
storage providers;
payment processors;
communication providers;
technical service providers.
LightningMSG takes reasonable steps to ensure that all data transfers comply with GDPR requirements and are performed with appropriate safeguards.
If personal data is transferred outside the European Economic Area (EEA), such transfers will be performed using mechanisms permitted under applicable data protection laws.
14. Children's Data
The LightningMSG Service is primarily intended for businesses, developers, and organizations.
Users must have the necessary legal capacity to use the Service.
LightningMSG does not intentionally collect personal data from individuals who do not meet the applicable legal age requirements.
If such data is provided unintentionally, the legal representative may request deletion of the data.
15. Contact and Data Protection Requests
For questions, requests, or complaints regarding personal data processing, Users may contact:
SC Saker Soft SRL-D
Email:
contact@lightningmsg.com
or:
contact@sakersoft.ro
LightningMSG will handle all data protection requests according to applicable legal requirements.
If the User believes that their personal data has been processed unlawfully, they have the right to submit a complaint to the competent data protection authority.
In Romania:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
16. Changes to the Privacy Policy
LightningMSG reserves the right to modify this Privacy Policy when necessary.
Changes will be published on the website.
The updated version becomes effective from the date of publication unless another effective date is specified.
Continued use of the Service after changes have been published constitutes acceptance of the updated Privacy Policy.
17. Effective Date
This Privacy Policy becomes effective on the date of publication on the website.
Version:
1.0
Last updated: 2026.06.29