Privacy Policy

    Last updated: February 2026

    1. Introduction

    This Privacy Policy explains how Remindlo ("we", "us", "our") collects, uses, and protects personal data in connection with our SMS reminder platform.

    Remindlo provides a software platform that enables businesses ("Business Customers") to send automated SMS and email reminders to their customers ("End Users"). This Privacy Policy covers two distinct categories of individuals:

    • Business Customers: Businesses and individuals who register for and use the Remindlo platform
    • End Users: Customers of our Business Customers who receive SMS reminders through our platform

    2. Our Role in Data Processing

    For Business Customer data: Remindlo acts as the data controller. We determine the purposes and means of processing your account information, billing data, and platform usage data.

    For End User data: Remindlo acts as a data processor on behalf of our Business Customers. The Business Customer is the data controller and determines why and how End User data is processed. We only process End User data according to our Business Customers' instructions and for the purpose of delivering SMS reminder services.

    3. Data We Collect from Business Customers

    When you register for and use Remindlo, we collect:

    • Account information: Email address, business name, phone number, password
    • Billing information: Payment details processed securely by Stripe (we do not store full card numbers)
    • Usage data: Platform activity, message logs, feature usage, login history
    • Communication data: Support requests, feedback, correspondence with us

    4. Data We Process on Behalf of Business Customers

    Business Customers upload or input End User data into our platform. This typically includes:

    • End User names
    • Mobile phone numbers
    • Appointment or service dates
    • Any additional information the Business Customer chooses to include in reminders

    We process this data solely to provide our SMS reminder services and do not use End User data for any other purpose. We do not sell, rent, or share End User phone numbers or personal data with third parties for marketing purposes.

    5. How We Use Business Customer Data

    We use Business Customer data for the following purposes:

    • Providing and maintaining the Remindlo platform
    • Processing payments and managing subscriptions
    • Communicating about your account, updates, and support
    • Improving our services and developing new features
    • Complying with legal obligations
    • Preventing fraud and ensuring platform security

    6. Legal Basis for Processing

    We process Business Customer data based on:

    • Contract performance (Art. 6(1)(b) GDPR): To provide services you've requested
    • Legitimate interests (Art. 6(1)(f) GDPR): To improve our services, ensure security, and communicate with you
    • Legal obligation (Art. 6(1)(c) GDPR): To comply with applicable laws
    • Consent (Art. 6(1)(a) GDPR): Where you have given specific consent

    We process End User data based on our contractual relationship with Business Customers (as their data processor) and their instructions.

    7. Data Sharing and Sub-processors

    We share data with the following categories of service providers:

    • SMS delivery providers (e.g., Twilio): To deliver text messages to End Users
    • Payment processors (Stripe): To process Business Customer payments
    • Cloud infrastructure providers: To host and operate our platform
    • Analytics providers: To understand platform usage and improve our services

    All sub-processors are contractually bound to protect data and only process it according to our instructions. We may also disclose data when required by law or to protect our legal rights.

    8. International Data Transfers

    Some of our sub-processors operate outside the UK/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK/EU, adequacy decisions, or other legally recognized transfer mechanisms.

    9. Data Retention

    Business Customer data: We retain your account data for as long as your account is active and for a reasonable period thereafter for legal, tax, and audit purposes.

    End User data: We retain End User data according to our Business Customers' instructions and our data processing agreement. When a Business Customer deletes data or terminates their account, we delete the associated End User data within 30 days, except where retention is required by law.

    10. Your Rights (Business Customers)

    Under GDPR and UK data protection law, you have the following rights regarding your personal data:

    • Right of access to your personal data
    • Right to rectification of inaccurate data
    • Right to erasure ("right to be forgotten")
    • Right to restriction of processing
    • Right to data portability
    • Right to object to processing
    • Right to withdraw consent at any time

    To exercise these rights, contact us at [email protected].

    11. End User Rights

    If you are an End User who has received SMS messages through our platform and wish to exercise your data protection rights, please contact the business that sent you the message directly. As a data processor, we act on our Business Customers' instructions regarding End User data.

    To stop receiving SMS messages, you can reply STOP to any message at any time. For more information about how your data is handled, please refer to our End User Messaging Policy.

    12. Cookies

    Our website uses cookies to ensure proper functioning, analyze traffic, and personalize content. You can manage cookie preferences in your browser settings. Essential cookies are required for the platform to function; analytics cookies help us improve our services.

    13. Data Security

    We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or modification. This includes encryption in transit and at rest, access controls, regular security assessments, and secure infrastructure.

    14. Changes to This Policy

    We may update this Privacy Policy or any part thereof at our discretion from time to time without prior notice to you. When updated the new version instantly replaces all previous versions and becomes immediately effective and binding once it's posted on our website. The "Last updated" date at the top indicates when this policy was last revised.

    15. Contact Us

    For questions about this Privacy Policy or our data practices, contact us at:

    Email: [email protected]