Skip to main content
Legal

Privacy policy

How we collect, use, and protect personal data on the Teliea platform.

Last updated

1. About this policy

This Privacy Policy explains how Teliea, a service operated by Digexis (“we”, “us”, or “Teliea”), collects, uses, discloses, and protects personal data when you visit teliea.com, sign up for the Teliea platform, or otherwise interact with the Service.

Teliea operates across multiple jurisdictions in West Africa — including Burkina Faso, Côte d’Ivoire, Mali, Niger, and Senegal — and is designed to comply with the data protection laws of those countries, the ECOWAS Supplementary Act A/SA.1/01/10 on Personal Data Protection, and, where applicable, the EU General Data Protection Regulation (GDPR) for personal data of data subjects located in the European Economic Area.

2. Who we are

The data controller for the personal data processed on the public marketing site and in the Teliea customer-facing platform is Digexis SARL, a company registered in [[COUNTRY_OF_REGISTRATION]], with its registered office at [[REGISTERED_ADDRESS]]. You can reach us at info@digexis.com.

For personal data that you (as a Teliea customer, the “Tenant”) upload into the platform — typically contact lists of your own end recipients — Teliea acts as a data processor on your behalf, and you remain the data controller. The Data Processing Addendum (DPA) in our customer terms governs that relationship.

3. Information we collect

3.1 Information from marketing-site visitors

When you visit the Teliea marketing website, we collect:

  • Contact-form submissions — your name, email address, optional company name, and the message you write to us. You provide this directly.
  • Basic request metadata — your IP address, browser user-agent, and request timestamp. This is used only for anti-abuse purposes (rate-limiting, bot detection) and is not used to profile or track you across sites.

The marketing site does not set advertising cookies, does not embed third-party trackers, and does not load any analytics that requires consent.

3.2 Information from Tenants (account holders)

When you create a Teliea account or use the platform, we collect:

  • Account data — name, business name, email address, authentication credentials, billing contact details, and tax identification information where required.
  • Configuration data — sender IDs you register, contact group definitions, API keys, and integration settings you configure.
  • Billing data — prepaid credit balances, top-up records, invoices, and payment receipts. We do not store full payment-card numbers; payment processing is performed by our payment partner.

3.3 Information about End Recipients (contacts you upload)

As a Tenant, you may upload personal data about the individuals you want to message (“End Recipients”) — typically mobile phone numbers, names, and tag or segment fields you define. You remain the data controller for this data; Teliea processes it on your documented instructions, in accordance with the DPA.

You are responsible for having a lawful basis to send SMS to each End Recipient (consent, contract, or another basis recognised by applicable law), for honouring opt-out / STOP requests, and for ensuring the content of your messages complies with local telecommunication regulations.

3.4 Information generated by use of the Service

  • Message records — submitted, delivered, failed, and queued message metadata (timestamps, status, delivery report from the network).
  • Audit and security logs — sign-ins, API calls, sender-ID changes, and administrative actions.
  • Service telemetry — error traces and performance metrics needed to operate and improve the platform.

4. How we use your information

We use personal data to:

  • operate, secure, and maintain the Teliea platform and the marketing site;
  • process and deliver SMS messages you initiate, and surface delivery reports back to you;
  • send transactional emails about your account (billing, security, service notices);
  • respond to questions submitted through the contact form;
  • detect, prevent, and investigate fraud, abuse, and violations of our acceptable-use policy;
  • meet our legal and regulatory obligations, including responses to lawful requests from competent authorities;
  • improve the Service, based on aggregated and de-identified usage data.

5. Legal bases for processing

Where the GDPR or an equivalent regime applies, we rely on the following legal bases (Art. 6 GDPR or its national-law equivalent):

  • Performance of a contract — to provide the Service to Tenants and process their messages.
  • Legitimate interests — to secure the Service against abuse, to monitor performance, and to communicate operationally with our customers.
  • Consent — for any optional processing for which we ask you specifically (for example, when you submit the contact form to receive a reply).
  • Legal obligation — to retain records or disclose data when required by law.

6. Sharing and disclosure

We do not sell personal data. We share personal data only with the categories of recipients listed below, and only as needed:

  • Sub-processors we engage to host, deliver, and secure the Service (see section 7).
  • Competent authorities where we are legally required to disclose, or where disclosure is necessary to protect the safety or rights of users.
  • Professional advisers (auditors, lawyers, insurers) under appropriate confidentiality obligations.
  • Successors in connection with a corporate transaction (merger, acquisition, restructuring), in which case we will give Tenants notice and the same protections will continue to apply.

7. Sub-processors

We rely on a small set of trusted sub-processors to operate Teliea. Each is bound by a written agreement requiring confidentiality, security, and use limited to the purposes we authorise:

  • Microsoft Azure (Microsoft Ireland Operations Limited and affiliates) — cloud hosting, application runtime, storage, and the Azure Communication Services email channel we use to send transactional and contact-form replies.
  • Our SMS network operator partner — provides the SMS delivery connectivity into the destination mobile networks. Message metadata necessary to route and deliver each SMS (recipient MSISDN, message body, sender ID) is transmitted to this partner.
  • Email and customer-communication tools we may use for support replies to Tenants and for outbound transactional email.

A current list of sub-processors is available on request at info@digexis.com. We will notify Tenants of any planned material change to this list, and a Tenant may object to a new sub-processor on reasonable data-protection grounds.

8. International transfers

Personal data is processed on Microsoft Azure regions selected by us. Where personal data is transferred outside of the country of collection — for example, from West Africa to an Azure region in Europe — we rely on appropriate safeguards, including Standard Contractual Clauses or equivalent mechanisms recognised by applicable law, and on the contractual commitments of our sub-processors. You can request a copy of the safeguards in place at info@digexis.com.

9. Retention

We retain personal data only for as long as needed for the purposes described in this policy or as required by law. Default retention windows are:

  • Marketing-site contact-form submissions — up to [[12 months]] from receipt, then deleted.
  • Account and billing records — for the lifetime of your account and for up to [[10 years]] thereafter, where required by tax and accounting law.
  • Message metadata and delivery reports — up to [[18 months]] from the date of the send, unless a Tenant requests deletion earlier or a longer retention is required by law or regulator request.
  • Security and audit logs — up to [[24 months]].
  • Backups — overwritten on a rolling basis within [[35 days]].

10. Your rights

Subject to the applicable law of your jurisdiction, you may have the right to:

  • access the personal data we hold about you;
  • have inaccurate or incomplete personal data corrected;
  • have personal data erased, where the law allows;
  • object to or restrict certain processing;
  • portability of data you provided directly to us;
  • lodge a complaint with the competent supervisory authority — in West Africa this may be the data-protection authority in your country (CDP in Senegal, ARTCI in Côte d’Ivoire, CIL in Burkina Faso, APDP in Mali, HAPDP in Niger), and in the EEA the national data-protection authority.

To exercise a right, email info@digexis.com. We will respond within the timeframe required by law. If you are an End Recipient whose personal data was uploaded by one of our Tenants, please contact the Tenant directly — they are the controller of that data.

11. Cookies and similar technologies

The Teliea marketing site uses only strictly necessary technical storage — no advertising cookies, no analytics cookies, and no third-party tracking. We may set a small number of first-party preferences (for example, your language choice). The signed-in Teliea application uses session cookies that are strictly necessary to keep you authenticated.

12. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal data, including encryption in transit (TLS), encryption at rest where supported by the underlying storage, least-privilege access controls, audit logging, network isolation, and routine security review. No service is ever completely secure; if you have reason to believe an incident has affected your data, contact us immediately.

13. Children

The Teliea platform is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will publish the updated version on this page and adjust the “Last updated” date above. For material changes that affect Tenants, we will also send notice to the email address on file. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

15. Contact us

Questions, requests, or complaints about this Privacy Policy or about how we process your personal data:

  • Email: info@digexis.com
  • Postal: [[REGISTERED_ADDRESS]]
  • Data Protection Officer: [[DPO_NAME_OR_NA]]