TraffXchange

Data Policy

Last updated: June 2026

This Data Policy explains how TraffXchange handles the data flowing through the platform — message traffic, one-time passwords (OTPs), metadata and operational records. It complements our Privacy Policy, which covers personal data more broadly.

1. Categories of data

  • Message detail records (MDRs/CDRs) — sender, destination, timestamps, routing and billing fields.
  • Message content & OTPs — handled per the confidentiality rules below; masked where required.
  • Account & billing data — balances, rates, payouts, statements and credit notes.
  • Security & audit data — IP addresses, login history and administrative action logs.

2. OTP & message confidentiality

One-time passwords and message content are treated as confidential. On NCR traffic, OTPs and sender identifiers are masked by default. Full unmasked content and content-route (CR) fetch are available only to accounts explicitly authorized for the relevant bound sources, and only for the traffic those accounts are entitled to. Accessing, retaining or disclosing content beyond your entitlement is strictly prohibited.

3. Purpose & minimization

We process traffic data only to deliver, route, secure, bill and report on the Services, and to prevent fraud and abuse. We aim to collect and retain the minimum data necessary for these purposes.

4. Storage & security

Data is stored on managed infrastructure with encryption in transit, access controls and role-based permissions. The platform is protected by a web application firewall, rate limiting, IP allow-listing and audit logging. Access to traffic data is restricted to the minimum personnel and systems required to operate the Services.

5. Retention & deletion

Message detail records are retained for an operational window sufficient for delivery confirmation, billing, dispute resolution and compliance, then deleted or anonymized. Where message content is processed, it is retained only as long as necessary to provide the requested service. Backups are rotated on a defined schedule.

6. Sharing

Traffic data is shared with carriers, upstream providers and resellers only to the extent required to route and settle the relevant messages, and with authorities where required by law. We do not sell traffic data or message content.

7. Your responsibilities

If you process data obtained through the platform, you must comply with this Data Policy, our Acceptable Use Policy and applicable law, including honoring opt-out requests and protecting any content you are authorized to access.

8. Contact

For data-handling questions or requests, contact [email protected].