SveaSMSSveaSMS
Legal

GDPR & Data Processing Agreement (DPA)

Updated: 2026-07-01

When you send SMS through SveaSMS we act as data processor for the recipients' phone numbers. A DPA governs the processing.

Standard DPA

Our DPA follows the EU Commission's SCCs and can be requested via support@sveasms.se. Enterprise agreements are signed electronically.

Sub-processors

  • Cloud hosting: EU region.
  • SMS routing: Tier-1 Swedish and Nordic operators.
  • Payment: Banxa (card), NOWPayments (crypto).

Data retention

Content: 90 days encrypted. Metadata: 24 months. All data within the EU.

Data breach

You are notified within 72 hours of an incident that affects your data.