Privacy Policy

SMS Zedekaa - Service provided by NGH CORP SARL

Last updated: December 31, 2025 · Effective date: December 31, 2025

About this document: This Privacy Policy describes how NGH CORP SARL collects, uses, stores, and protects your personal data in connection with the use of the SMS Zedekaa platform (hereinafter "the Platform"), including its SMS, WhatsApp Business, USSD, and API services.

1. Data Controller Identity

The data controller for personal data collected via the Platform is:

Company Name:
NGH CORP SARL
Head Office:
Lomé, Republic of Togo
Status:
Certified A2P Aggregator
Concerned Service:
SMS Zedekaa Platform
Contact Email:
info@nghcorp.info
Phone:
+228 92 47 08 47 / +228 22 20 46 64

2. Data Collected

In the course of using the Platform, we collect the following categories of data:

2.1 Identification and Account Data

  • First name, last name, company name
  • Email address and phone number
  • Login credentials (email address, hashed password)
  • Country and time zone
  • Identity verification information (KYC) when required

2.2 Billing and Financial Data

  • Top-up information: Mobile Money (Orange Money, MTN MoMo, Wave, Moov), credit card details (processed by PCI-DSS certified payment providers), PayPal account
  • History of transactions and wallet top-ups
  • Invoices and consumption statements

2.3 Platform Usage Data

  • Content of SMS, WhatsApp, or USSD messages sent via the Platform
  • Phone numbers of campaign recipients
  • Delivery statistics, open and engagement rates
  • Connection logs, IP addresses, browser type, operating system
  • API call logs (endpoint, timestamp, volume)

2.4 Data from WhatsApp Business / Meta Integration

  • WABA ID (WhatsApp Business Account ID)
  • Registered WhatsApp Business phone number
  • Information on message templates submitted to and approved by Meta
  • WhatsApp message delivery metadata

3. WhatsApp / Meta Integration

3.1 Role of NGH CORP SARL in the Meta Ecosystem

NGH CORP SARL acts as a Business Solution Provider (BSP) / technology partner enabling its clients (businesses and developers) to access the WhatsApp Business Platform via the SMS Zedekaa Platform. As such:

  • NGH CORP SARL is responsible for the compliance of API usage by its clients
  • Clients remain responsible for the content of messages sent to their own end-users
  • Any use of the WhatsApp API via the Platform is subject to the WhatsApp Business Terms of Service

3.2 Data Processed on Behalf of Meta / WhatsApp

As part of the WhatsApp Business API integration, we process the following data on behalf of our clients:

  • Phone numbers of end-recipients (WhatsApp users)
  • Content of messages sent via Meta-approved templates
  • Message delivery and read statuses (Meta webhooks)
  • WABA session and interaction identifiers

This data is processed exclusively for the purpose of delivering the messages ordered by the client. It is not used for profiling, targeted advertising, or resale.

3.3 Obligations of Our Clients (Platform Users)

Our clients using the WhatsApp channel via SMS Zedekaa agree to:

  • Obtain explicit and verifiable consent from end-recipients before sending any WhatsApp message
  • Only send WhatsApp messages using templates previously approved by Meta
  • Comply with WhatsApp's Commerce Policies and not contact recipients who have opted out
  • Not use the Platform to send content prohibited by the WhatsApp Commerce Policy
  • Maintain their own privacy policy accessible to their end-users

4. Purposes of Processing

We process your personal data for the following purposes:

  • Service Provision: creating and managing your account, sending your SMS, WhatsApp, and USSD campaigns, generating OTP codes
  • Financial Management: processing wallet top-ups, issuing invoices, monitoring consumption
  • Technical Support: assisting with Platform usage, resolving incidents
  • Security: detecting and preventing fraud, protecting accounts, logging access
  • Regulatory Compliance: respecting legal, tax, and requirements from telecom operators and Meta
  • Service Improvement: analyzing performance, developing new features (aggregated and anonymized data)
  • Commercial Communication: sending information about service updates (with the option to unsubscribe)

5. Legal Basis

Each processing activity is based on one of the following legal bases:

  • Contract Performance: processing necessary for the provision of the service (account, sends, billing)
  • Legal Obligation: retention of billing data, cooperation with competent authorities
  • Legitimate Interest: Platform security, fraud prevention, service improvement
  • Consent: marketing communications (you can withdraw your consent at any time)

6. Data Sharing

We never sell your personal data to third parties. We may share it with:

6.1 Technical Sub-processors

  • Telecom Operators: Yas, Moov Togo, MTN, Orange, Airtel, Telecel, Free, Expresso, and other partner operators - only the data necessary for message delivery (phone number, content, Sender ID)
  • Meta Platforms, Inc.: for the WhatsApp Business API integration (delivery data, WABA ID, template content)
  • Payment Providers: for the secure processing of Mobile Money, credit card, and PayPal top-ups
  • Hosting and Managed Service Providers: for hosting the Platform and data under secure conditions

6.2 Competent Authorities

We may disclose your data to judicial, tax, or regulatory authorities in Togo or internationally when legally required to do so.

6.3 Business Partners

In the context of distribution or resale partnerships (white-label agreements), partners only access the data strictly necessary for the execution of the partnership and are bound by equivalent contractual confidentiality obligations.

7. Data Retention

  • Account Data: for the entire duration of the contract, then 3 years after account closure
  • Billing Data: 10 years from the invoice date (accounting obligation)
  • Message Logs (SMS, WhatsApp, USSD): 12 months for traceability and support purposes
  • Connection and Security Logs: 12 months
  • KYC Data: in accordance with applicable regulatory obligations, generally 5 years
  • Cookies: 13 months maximum (see section 10)

8. Security

NGH CORP SARL implements appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Password hashing (bcrypt algorithm)
  • Two-factor authentication (2FA) available for accounts
  • Data access restricted on a least-privilege basis
  • Logging of all access to sensitive data
  • Regular security audits
  • API keys generated per account and revocable at any time

In the event of a data breach likely to create a risk to your rights and freedoms, we will inform you as soon as possible in accordance with applicable legal obligations.

9. Your Rights

In accordance with applicable data protection regulations, you have the following rights:

  • Right of access: to obtain a copy of the personal data we hold about you
  • Right to rectification: to have inaccurate or incomplete data corrected
  • Right to erasure: to request the deletion of your data, subject to our legal retention obligations
  • Right to restriction: to request the temporary suspension of the processing of your data
  • Right to portability: to receive your data in a structured, machine-readable format
  • Right to object: to object to certain processing, particularly for direct marketing purposes
  • Right to withdraw consent: to withdraw your consent at any time when processing is based on it

To exercise these rights, contact us at info@nghcorp.info, indicating your name, the email address associated with your account, and the nature of your request. We will respond within a maximum of 30 days.

10. Cookies

The Platform uses cookies and similar technologies to:

  • Essential Cookies: maintain login sessions, CSRF security - cannot be disabled
  • Analytical Cookies: measure audience and performance (aggregated and anonymized data) - subject to your consent
  • Preference Cookies: remember your language and interface preferences

You can manage your cookie preferences from your browser settings or via our consent banner displayed on your first visit. The maximum retention period for cookies is 13 months.

11. Minors

The SMS Zedekaa Platform is intended exclusively for professionals and businesses. It is not intended for persons under the age of 18. We do not knowingly collect personal data relating to minors. If you are a parent or guardian and are aware that a minor has provided us with personal data, please contact us at info@nghcorp.info so that we can delete it.

12. International Transfers

In providing its services, NGH CORP SARL may transfer your data to third countries, including:

  • United States - Meta Platforms, Inc. (WhatsApp Business API): transfer governed by Standard Contractual Clauses (SCCs) and Meta's privacy policy
  • Covered African countries - for routing messages to local telecom operators (minimum data: phone number, message content)

We take appropriate contractual measures to ensure an adequate level of protection during these transfers.

13. Modifications

NGH CORP SARL reserves the right to modify this Privacy Policy at any time to reflect legal or regulatory developments or changes in our practices. In the event of a substantial modification, we will inform you by email or via a notification on the Platform, with a minimum notice of 15 days before the changes take effect. The current version is always accessible at the permanent URL of this document.

14. Contact Us

For any questions regarding this Privacy Policy or to exercise your rights, please contact us:

Email:info@nghcorp.info
Phone:+228 92 47 08 47 / +228 22 20 46 64
Mail:NGH CORP SARL, Lomé, Republic of Togo