FMCSMS (KBRSMS) is committed to protecting your personal information in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 of the Philippines.
Effective Date: March 2026 | Last Updated: March 31, 2026
1. Information We Collect
When you register for and use FMCSMS, we collect the following categories of personal data:
- Account Information — Company/system name, contact person name, email address, and phone number provided during registration.
- Authentication Data — Hashed passwords, API keys, and email verification tokens necessary for account security.
- Message Data — Recipient mobile numbers and message content submitted through the SMS API for transmission and delivery tracking.
- Inbox / Reply Data — Incoming SMS replies received by the modem, stored to support 2-way messaging and webhook delivery features.
- Transaction Records — Subscription plan purchases, credit top-ups, and payment references for billing purposes.
- Technical Logs — IP addresses, browser information, and access timestamps collected automatically for security monitoring and rate limiting.
2. Purpose of Collection
We process your personal data for the following legitimate purposes:
- To create and manage your FMCSMS account.
- To process and deliver outbound SMS messages via the API.
- To store and forward incoming SMS replies for 2-way messaging.
- To manage billing, credit allocation, and subscription plans.
- To detect abuse, prevent fraud, and enforce usage limits (rate limiting).
- To send transactional emails (email verification, OTP, password reset).
- To provide technical support and maintain platform integrity.
3. Data Storage & Retention
- All data is stored on servers controlled and managed by the FMCSMS administrator.
- Passwords are stored using secure one-way hashing (bcrypt). Raw passwords are never stored or visible.
- Message logs (recipient numbers and content) are retained for delivery tracking and audit purposes. You may request deletion of your message history.
- Account data is retained for as long as your account is active. Upon deletion request, data is removed within a reasonable timeframe, subject to legal retention requirements.
- Temporary data (OTP codes, rate-limit counters) is automatically purged after expiration.
4. Security Measures
We implement the following safeguards to protect your personal information:
- Password hashing with bcrypt algorithm.
- CSRF (Cross-Site Request Forgery) token protection on all forms.
- Cloudflare Turnstile CAPTCHA to prevent bot abuse on registration.
- Email-based OTP verification for account registration.
- IP-based rate limiting on sensitive endpoints.
- Session-based authentication with secure cookie handling.
- API key authentication for programmatic access with admin approval workflow.
5. Data Sharing & Third Parties
- No sale of data — We do not sell, rent, or trade your personal information to any third party.
- Email service — Transactional emails (verification, OTP) are sent via Gmail SMTP. Your email address is shared with Google solely for delivery purposes.
- Cloudflare Turnstile — CAPTCHA verification data is processed by Cloudflare's infrastructure per their privacy policy.
- Webhooks (opt-in) — If you enable webhook forwarding, incoming SMS reply data is forwarded to the URL you configure. You are responsible for data handling at your endpoint.
- We may disclose data if required by Philippine law, court order, or lawful government request.
6. Your Rights Under RA 10173
As a data subject under the Philippine Data Privacy Act, you have the right to:
- Be Informed — Know what data we collect about you and how it is used.
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of any inaccurate or incomplete data.
- Erasure / Blocking — Request deletion or suspension of your personal data processing.
- Object — Object to specific data processing activities.
- Data Portability — Obtain your data in a structured, machine-readable format.
- Lodge a Complaint — File a complaint with the National Privacy Commission (NPC) if you believe your rights have been violated.
To exercise any of these rights, contact us at kbrsms.business@gmail.com. We will respond within a reasonable period, not exceeding 30 days.
7. Cookies & Local Storage
- We use PHP sessions for authentication (session cookies).
- We use localStorage to persist your theme preference (light/dark mode).
- No third-party tracking cookies or analytics are used.
8. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Updates will be posted on this page with a revised "Last Updated" date. Continued use of the platform after changes constitutes acceptance of the revised policy.
9. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
- Email: kbrsms.business@gmail.com
- Platform: FMCSMS (KBRSMS)