Privacy Policy

This Privacy Policy applies to personal information we process in two distinct roles. When we collect information about visitors, prospective customers, and account holders, we act as a controller and determine how that information is used. When our customers use the Services to send messages and manage their own contacts, we act as a processor on the customer's behalf, and the customer is responsible for the collection of and lawful basis for processing that contact data. If you are a recipient of messages sent through our platform, the business that messaged you is responsible for its own privacy practices, and you should contact that business with questions about its data use.

This policy does not apply to third-party websites, products, or services that may link to or integrate with the Services and that are governed by their own privacy policies.

We collect information in a few different ways depending on how you interact with us.

Account and profile information

• Your name, business email address, phone number, organization name, job title, and account credentials.
• Business and registration details required for messaging compliance, such as brand and 10DLC campaign information, business identifiers, and verification data.
• Billing and payment information, processed through our payment provider; we do not store full payment-card numbers.

Contacts and content you provide

• Contact records, recipient lists, and consent records that you upload or create to operate your messaging programs.
• Message content and metadata, including the body of messages, phone numbers, timestamps, delivery and read status, and reply content processed to deliver your communications.
• Support requests, survey responses, and other correspondence you send to us.

Information collected automatically

• Usage data such as pages visited, features used, actions taken, and timestamps.
• Device and connection details, including IP address, browser type, device identifiers, and operating system.
• Cookies, pixels, and similar technologies used to keep you signed in, remember preferences, and understand how the Services are used.

You should advise your contacts not to send, and you should not collect through the Services, protected health information (PHI) or other special-category data unless you have executed a Business Associate Agreement (BAA) with us and configured the Services accordingly.

We use the information we collect to:

• Provide, operate, maintain, and secure the Services.
• Deliver messages and calls on your behalf and route them through our Carrier partners.
• Process payments, manage subscriptions and Credits, and prevent fraud and abuse.
• Support messaging compliance, including 10DLC brand and campaign registration, consent verification, and opt-out management.
• Improve and personalize the Services, conduct analytics, troubleshoot issues, and develop new features.
• Communicate with you about service updates, security alerts, billing matters, and support requests.
• Comply with legal obligations and enforce our Terms of Service and other agreements.

We do not sell your personal information, and we do not use the content of your messages for advertising or to build advertising profiles. We may create aggregated or de-identified information that does not identify you or any individual and use it for any lawful business purpose.

Where the General Data Protection Regulation (GDPR) or similar laws apply, we rely on the following legal bases to process personal information:

• Contract. To provide the Services you or your organization have requested and to perform our obligations under our agreements.
• Legitimate interests. To operate, secure, and improve the Services, prevent fraud and abuse, and communicate with customers, where those interests are not overridden by your rights.
• Legal obligation. To comply with applicable laws, regulations, Carrier requirements, and lawful requests.
• Consent. Where required, such as for certain cookies or marketing communications; you may withdraw consent at any time.

When we act as a processor for our customers, our customers are responsible for establishing the appropriate legal basis for the processing of their contacts' data.

We share information only as needed to operate the Services or as required by law. We do not sell personal information.

• Service providers and Carriers. Telecommunications partners, messaging aggregators, cloud-hosting providers, analytics vendors, and payment processors that help us deliver messages and calls, store data, and operate the Services.
• Legal and safety. When required by law, subpoena, court order, or regulatory request, or to protect the rights, property, or safety of MSG MVP, our customers, recipients, or the public, and to investigate fraud or security issues.
• Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case personal information may be transferred subject to this Privacy Policy.
• With your direction. With third-party integrations you choose to connect, and otherwise at your direction or with your consent.

Every vendor with access to personal information is bound by contractual obligations to protect it and to use it only for the purposes we specify.

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this policy, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and the context in which it was collected.

Certain records, including consent records, opt-out (suppression) records, and message-delivery logs, may be retained for extended periods to demonstrate compliance with messaging regulations such as the TCPA and Carrier requirements, even after an account is closed. When information is no longer required, we delete it or de-identify it in accordance with our retention practices. When we process data on behalf of a customer, we retain and delete that data in accordance with our agreement with the customer.

Depending on where you live, you may have certain rights regarding your personal information, including the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal information, subject to legal exceptions.
• Receive a portable copy of your information or have it transferred.
• Object to or restrict certain processing, including processing based on legitimate interests.
• Withdraw consent where processing is based on consent.
• Opt out of marketing communications at any time.

GDPR (EEA/UK). If you are in the European Economic Area or the United Kingdom, you may exercise the rights above and have the right to lodge a complaint with your local supervisory authority.

CCPA/CPRA. If you are a California resident, you have the right to know what personal information we collect, to request deletion or correction, and to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.

To exercise any of these rights, contact us at privacy@msgmvp.com. We will verify your request and respond within the timeframe required by Applicable Law. If you are a recipient of messages and we process your information on behalf of a customer, we may direct your request to the relevant customer. If you are a message recipient, you can opt out at any time by replying STOP to any message.

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, network protections, and continuous monitoring. We restrict access to personal information to personnel who need it to operate, develop, or improve the Services and who are bound by confidentiality obligations.

While we work diligently to reduce risk and respond quickly to incidents, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for configuring the Services securely.

We are based in the United States, and we and our service providers may process and store personal information in the United States and other countries that may have data-protection laws different from those in your jurisdiction. Where we transfer personal information from the European Economic Area, the United Kingdom, or other regions with transfer restrictions, we rely on appropriate safeguards, such as Standard Contractual Clauses or other lawful transfer mechanisms, to protect that information.

The Services are intended for business use and are not directed to children under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without appropriate consent, we will take steps to delete it. If you believe a child has provided us with personal information, please contact us at privacy@msgmvp.com.

The Services may contain links to, or integrate with, third-party websites, products, and services that are not operated by us. We are not responsible for the privacy practices or content of those third parties, and this Privacy Policy does not apply to them. We encourage you to review the privacy policies of any third-party service before providing it with your information.

We and our service providers use cookies and similar technologies to operate and secure the Services, remember your preferences, keep you signed in, and understand how the Services are used. We use the following general categories:

• Strictly necessary cookies, required for core functionality such as authentication and security.
• Functional cookies, which remember your settings and preferences.
• Analytics cookies, which help us understand usage and improve the Services.

You can control cookies through your browser settings and, where available, through our cookie preferences tools. Disabling certain cookies may affect the functionality of the Services. We honor recognized opt-out and Global Privacy Control signals where required by Applicable Law.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or Applicable Law. When we make material changes, we will post the updated policy and revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Services after the changes take effect constitutes your acknowledgment of the updated policy.

If you have questions about this Privacy Policy or how we handle your information, or if you would like to exercise your privacy rights, please reach out: