The Relationship Between Secret Class and Data Processing
In this blog post, we will dive into what our message class Secret Class precisely does, as well as what influence this has on data processing on behalf of our customers.
Distinguishing between platform services and messaging services
First of all, we want to reference our personal data policy, which gives you insight into what the data processing roles are in regards to GatewayAPI. In short, there is made a distinction between platform services and messaging services.
Messaging services are the core of our business. We deliver everything in relation to sending a message from our platform towards the receiver, as this is what our main agreements (or general Terms and Conditions) entails. In that part, we act as a data controller in the same way as telecommunication operators, SMS aggregators or other messaging services do.
Meanwhile, we also offer platform services, which in and of themselves are not elementary and essential to the messaging services, meaning that the messaging services could work without the platform services. Those platform services consist solely of storage of SMS records for the traffic log, which you have access to via our platform at GatewayAPI.com.
Data processing and the traffic log
When storing your traffic log with the personal data of your contacts (i.e. the data subjects), we act as a data processor on behalf of you, the data controller. This is where you as a data controller enter into a Data Processing Agreement (DPA) with us.
When entering into a DPA with us, we agree on storing a traffic log of the last 30 days of your sent messages for you. Any message older than 30 days is anonymized, meaning that it will permanently have deleted both the last half of the receiving number, the full sender number, as well as the complete message content.
But what happens, if the traffic log function is taken away from the main messaging services? This is exactly the case when using the message class Secret Class to send messages.
Using our SMS gateway without data processing
If you use Secret Class, your messages will not be saved in the traffic log, meaning message content, sender, and receiver will not be saved in our system. This way, we ensure confidentiality of certain types of messages. But one of the consequences of using Secret Class is that we no longer can offer storage of SMS records in the traffic log, which in essence is what our DPA and general data processing is about. This means that messages sent with Secret Class are not covered by any DPA. Instead, the Personal Data Policy takes effect, which you can find on our website. For you, this means that you can send messages via our gateway without having to enter into a DPA.
Other use cases for Secret Class, besides avoiding to enter into another DPA with yet another subprocessor, is the ability to keep data away from the platform so as to avoid that other users on a GatewayAPI account can see what has been sent in the last 30 days.
This may be practical for the public sector or other companies with strict policies and compliance requirements like separation of duties, access restrictions, or to limit the exposure of personal data to employees who have no use or reason to see personal data contained in the traffic log (mobile phone numbers, message content, etc).
Global SMS gateway
GatewayAPI has some of the lowest prices in the majority of the world combined with an intuitive interface, world class support and a rock-solid uptime of over 99.99 % on average. If you don’t have an account yet, you can create a free account in less than two minutes here: Go to GatewayAPI or contact firstname.lastname@example.org.
If you have a concept or business that could benefit from employing SMS communication, contact us. We will help you get started, contact us today!