HotSMS Mobily Privacy Policy

Privacy Policy - HotSMS Mobily

Last updated: April 20, 2026

This Privacy Policy explains how HotSMS Mobily ("we", "our", or "us") collects, uses, stores, and protects information when you use the HotSMS Mobily mobile application (the "App").

HotSMS Mobily is a restricted institutional communication application intended only for verified organizations and their authorized users. The App is not intended for public consumer use, public self-signup, unsolicited messaging, advertising campaigns, or promotional mass messaging.

By using the App, you agree to the practices described in this Privacy Policy.

1. Restricted Institutional Access

Access to the App is limited to approved institutional accounts. The App does not provide public self-signup or open account registration.

User accounts are created only by the service operator after reviewing the organization, its business activity, and the authorization required to use the service. We may request verification documents or written authorization before granting or maintaining account access.

2. Information We Collect

Depending on how you use the App, we may collect and process the following categories of information:

a. Account and login information

When you sign in to the App, we may process:

• Your username or login identifier
• Authentication token or secure session token
• Basic account information returned by the service

b. Contact data you choose to use

If you choose to import contacts from your device or from files, we may process:

• Contact names
• Mobile phone numbers
• Contact groups created or selected by you
• Contact data contained in files you choose to import, such as CSV or Excel files

The App does not access or import your contacts unless you actively use the relevant feature.

c. Messaging data

When you use the messaging features, we may process:

• Recipient phone numbers
• Sender name or sender ID
• Message content
• Sending results, delivery-related responses, and usage summaries

d. Notification data

If notifications are enabled, we may process:

• Device push notification token
• Platform information such as Android or iOS
• Notification content and related metadata delivered to the App

e. Technical and usage information

We may process limited technical information necessary to operate the App and communicate with our backend services, such as:

• API request and response data
• Error information
• Basic app/session state required for authentication and security

3. How We Use Information

We use the collected information to:

• Authenticate users and maintain secure sessions
• Review, activate, and manage approved institutional accounts
• Provide messaging, contact import, notification, and account-related features
• Sync data with the backend service used by the App
• Improve service reliability, troubleshoot problems, and protect the App against misuse
• Send operational notifications and relevant service updates

4. Permitted and Prohibited Use

The App is intended for legitimate institutional and operational communication, including directed communication by verified organizations to their employees or other authorized internal or business-related recipients.

The App is not intended for spam, unsolicited messaging, public mass marketing, promotional campaigns, or any unauthorized messaging activity.

Organizations using the App are responsible for ensuring that recipient data is used lawfully and that any required consent, authorization, opt-in, or other legal basis for messaging is obtained before messages are sent.

You may not use the App to:

• send unsolicited, deceptive, or unauthorized messages
• send random, promotional, advertising, or non-requested messages
• send messages containing political, sectarian, partisan, or similarly sensitive advocacy content
• conduct public advertising or promotional spam campaigns
• upload or use recipient data without proper authority
• use the service in violation of applicable telecom, privacy, data protection, or platform rules

4A. Sender Name Authorization

Each sender name or sender ID requested through the service is subject to separate review and may require written authorization or supporting documentation before activation and approval. Approval of account access does not automatically mean that all sender names are approved for use.

Where a written authorization letter is required for sender name activation, the requesting organization may be asked to complete, sign, and submit the authorization template made available by the service operator. The current authorization letter template is available here: https://hotsms.ps/privacy/authorization-letter.pdf. Completed and signed authorization letters may be submitted to support@hotsms.ps.

5. Geographic Scope and Service Context

The App and related service are intended for institutional use within Palestine. The service operates in the context of authorized local service arrangements and regulated business use, including cooperation with Palestinian mobile network operators such as Jawwal and Ooredoo where applicable to the service model.

6. Permissions

The App may request the following permissions only when needed for the related feature:

• Internet access, to connect to backend services
• Contacts access, if you choose to import contacts from your device
• Notification permission, to deliver push notifications

If you deny a permission, some features may not function as intended.

7. Local Storage and Security

The App may store certain information locally on your device, including:

• Authentication token
• Basic user profile/session data
• Selected app preferences such as language
• Acceptance of onboarding or access policy acknowledgements where applicable

Sensitive session data is intended to be stored using secure device storage mechanisms where supported.

8. Sharing of Information

We do not sell your personal information.

We may share or transmit information only as necessary to operate the App and provide the requested services, including:

• Our backend/API infrastructure
• Service providers involved in push notifications or technical delivery of app services
• Authorized operational or regulatory parties if required to verify service use, enforce compliance, or satisfy applicable law
• Legal or regulatory authorities if required by applicable law

9. Data Retention

We retain information only for as long as necessary to provide the App's services, maintain security, comply with legal obligations, resolve disputes, enforce our agreements, and investigate misuse or unauthorized activity.

Locally stored session information may remain on your device until you sign out, remove the App, or clear the app data, subject to platform behavior.

10. Your Choices

You may:

• Choose whether to import contacts
• Disable notifications through your device settings
• Stop using the App at any time
• Request updates or deletion of account-related information through the service operator, where applicable

If your account is no longer authorized for institutional use, access to the App or related services may be limited, suspended, or terminated.

11. Compliance and Account Control

We may restrict, suspend, or terminate access to the App or related services if we determine that an account is being used outside the authorized institutional purpose, without proper approval, or in a manner inconsistent with applicable law, service requirements, or platform requirements.

12. Children's Privacy

The App is not intended for children, and we do not knowingly collect personal information from children through the App.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any updated version will be posted with a revised "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or data handling practices related to HotSMS Mobily, please use the contact details made available through the App or visit https://hotsms.ps.