Privacy policy.
How Fivra handles your data — and the data of the contacts you reach through the platform.
Fivra provides compliant SMS broadcasting and power dialing for high-volume outreach teams. This policy explains what we collect, why, how long we keep it, and the choices you have. It covers both the personal data we hold about you as an account holder and the contact data you bring to the platform to reach others.
This policy is provided for transparency and is not legal advice. It is a draft template using placeholder details shown like [this]. Replace each placeholder with your registered entity and contact details, and have counsel review before publication.
1Scope & our two roles
This policy applies to the Fivra website, dashboard, APIs, and related services (the “Service”), operated by [Company Legal Name] (“Fivra,” “we,” “us”). Fivra handles personal data in two distinct capacities, and your rights differ depending on which applies:
- As a controller — for data about our own customers and prospects: account, billing, support, and website-usage data. We decide why and how this data is processed.
- As a processor — for the contact lists, message content, and call data you upload or generate to run your own campaigns (your “Customer Content”). You are the controller of that data; we process it only on your documented instructions under our Terms of Service and any Data Processing Addendum.
If you are an individual who received a message or call sent through Fivra by one of our customers, that customer — not Fivra — is responsible for how your data was obtained and used. Requests about that data are described in Section 6.
2Information we collect
Information you provide
- Account & profile — name, business name, email, phone number, password, and role.
- Billing — plan, billing address, and the last four digits / card brand. Full card numbers are handled by our payment processor and never stored on Fivra servers.
- Support & communications — messages you send to us, including attachments and the contents of support tickets.
- Compliance records — sender registration details (e.g. 10DLC brand/campaign registration, business identity documents) you submit to enable messaging.
Information we collect automatically
- Usage & log data — pages and features used, actions taken, timestamps, and referring URLs.
- Device & connection — IP address, browser type, operating system, and approximate location derived from IP.
- Cookies & similar technologies — used for authentication, preferences, security, and aggregate analytics. You can manage non-essential cookies through your browser; essential cookies are required for the Service to function.
3Contact data you upload (Customer Content)
To run campaigns, you upload and generate data about the people you contact. We process this on your behalf, as your processor:
- Contact records — phone numbers, names, and any custom fields or merge tags you import.
- Message & call content — the body of SMS broadcasts, two-way reply threads, call dispositions, notes, and call recordings where enabled.
- Consent & suppression signals — opt-in evidence you provide, plus STOP/unsubscribe and Do-Not-Call (DNC) flags we capture and maintain on your account.
- Engagement metadata — delivery status, replies, opt-outs, and timestamps used for reporting and compliance audit logs.
You are responsible for having a lawful basis and the required consent to contact each person on your lists. See your obligations in the Terms of Service and Acceptable Use Policy.
4How we use information
As a controller of account data, we use it to:
- Provide, maintain, and secure the Service and authenticate your account.
- Process payments, send invoices, and manage your subscription.
- Provide support, respond to inquiries, and send service and security notices.
- Monitor for fraud, abuse, and violations of our Terms and Acceptable Use Policy.
- Improve features, measure performance, and develop new functionality using aggregated or de-identified data.
- Comply with legal obligations, including telecom and messaging regulations.
We do not sell your personal data, and we do not use your Customer Content for our own marketing or to train models for unrelated purposes.
5Legal bases (EEA/UK users)
Where the GDPR or UK GDPR applies, we rely on these legal bases:
- Contract — to deliver the Service you’ve signed up for.
- Legitimate interests — to secure, improve, and operate the Service, and to prevent abuse, balanced against your rights.
- Legal obligation — to meet tax, accounting, and telecommunications requirements.
- Consent — for non-essential cookies and optional marketing, which you may withdraw at any time.
6SMS, calls & recordings
Because Fivra is a messaging and dialing platform, some categories warrant specific notice:
- Carrier transmission — to deliver SMS and connect calls, phone numbers and message content are necessarily transmitted to telecom carriers and our telephony providers, who process them under their own terms.
- Opt-out enforcement — when a recipient replies STOP (or an equivalent keyword) or is added to a DNC list, we record and enforce that suppression on the relevant account. We retain a record of opt-outs to honor them.
- Call recording — recording is a per-customer, per-campaign setting controlled by you. Where you enable it, you are responsible for providing any legally required disclosures and obtaining consent under applicable one- or two-party consent laws.
- Recipient requests — if you received a message or call through Fivra and want to access, correct, or delete your data, contact the business that messaged you. If you don’t know who that is, contact us at [privacy@fivrasms.com] and we’ll help route your request to the responsible customer.
7How we share data
We share data only as needed to run the Service:
- Subprocessors — vetted vendors for hosting, telephony, payment processing, email, analytics, and support. A current list of subprocessors is available on request at [privacy@fivrasms.com].
- Carriers & telephony providers — to deliver your messages and calls.
- Legal & safety — when required by law, subpoena, or to protect the rights, safety, and property of Fivra, our customers, or the public.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.
We do not sell or rent personal data, and we do not share Customer Content except to provide the Service or on your instruction.
8Data retention
- Account data — kept for the life of your account and for a reasonable period afterward to meet legal, tax, and audit obligations.
- Customer Content — retained while your account is active. After termination, it is deleted or returned per the Terms of Service, typically within [30] days, unless a longer period is legally required.
- Suppression & opt-out records — retained as long as necessary to keep honoring opt-outs, even after other data is deleted.
- Logs & backups — kept on a rolling basis and purged on a defined schedule.
9Security
We protect data with encryption in transit and at rest, role-based access controls, network isolation, audit logging, and regular review of our vendors and infrastructure. No system is perfectly secure, but we maintain an incident-response process and will notify affected parties and regulators where required by law. Learn more on our Security page.
10Your privacy rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. Residents of California (CCPA/CPRA), the EEA/UK (GDPR), and other jurisdictions have specific rights, including the right not to be discriminated against for exercising them.
To exercise your rights regarding data Fivra controls, email [privacy@fivrasms.com]. We will verify your identity and respond within the timeframe required by applicable law. For data Fivra processes on a customer’s behalf, we will refer your request to that customer.
11International transfers
We operate primarily in [jurisdiction/region]. Where we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.
12Children
The Service is intended for businesses and is not directed to anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact [privacy@fivrasms.com] and we will delete it.
13Changes to this policy
We may update this policy as the Service, laws, or our practices evolve. We will post the new version here with an updated “Last updated” date and, for material changes, provide additional notice (for example, by email or in the dashboard). Continued use after changes take effect means you accept the revised policy.
14Contact us
Questions, requests, or complaints about this policy or your data:
- Privacy: [privacy@fivrasms.com]
- Mailing address: [Company Legal Name] · 44 Wall Street, Suite 905, New York, NY 10005
- Data Protection Officer / EU representative: [name + contact, if applicable]