Security & Compliance
Frequently Asked Questions

Yes. QuickSMS fully complies with the General Data Protection Regulation (GDPR), ensuring secure and lawful data handling across the UK and EU.
ISO 27001 is an international information security standard. QuickSMS is certified and follows strict controls to safeguard customer data.
Yes. All client data is stored in ISO-certified data centers within the UK or EU to ensure regional compliance.
Yes. 2FA can be enabled for all admin and user accounts to enhance access control security.
Yes. All message sending and opt-out processes follow PECR and EU ePrivacy rules regarding electronic communications.
Yes. Users can text keywords like STOP or UNSUBSCRIBE, and those numbers are automatically suppressed across all future campaigns.
Yes. We work with UAE carriers to comply with Personal Data Protection Law (PDPL) including sender ID registration and content approval.
We monitor for spam-like behavior, suspicious content, and failed delivery patterns using automated systems and manual reviews.
Message and log data is retained only as long as necessary—typically 12 months—unless otherwise requested by the client or required by law.
Yes. Under GDPR, customers may request that their data be deleted or anonymized. We provide this on request via support.
Yes. For billing, we process payments via PCI-DSS certified payment gateways to ensure transaction security.
Yes. Different permission levels ensure that users can only access the data and tools relevant to their role.
Access is restricted through firewalls, VPNs, 2FA, password policies, and IP allowlisting where configured.
Yes. For compliance, QuickSMS scans message content for forbidden terms (e.g., phishing, hate speech) in regulated regions.
Yes. We offer GDPR-compliant DPAs and will execute custom agreements where needed for enterprise clients.
Yes. We support compliance with the NHS Data Security and Protection Toolkit (DSPT) and Crown Commercial Service frameworks.
Yes. All activity is logged, including logins, changes, API calls, and sending events, for traceability and security audits.
Passwords must be strong (minimum 8 characters, alphanumeric), and automatic lockout is enabled after failed attempts.
Yes. Annual external pen-tests and regular internal vulnerability scans ensure platform security remains strong.
Yes. Enterprise clients can integrate SAML-based SSO to centralize authentication and improve access control.
We notify affected users and regulators within 72 hours, as required under GDPR, and provide full post-incident reports.
Yes. IPs are logged for every API request for security, audit trail, and rate limiting purposes.
Yes. You can configure IP filters to restrict access to your dashboard or API endpoints by country or region.
Yes. You can export contact records, message logs, and consent records in CSV or JSON format for your own storage or audits.
Yes. Our admin dashboard provides detailed audit trails of user actions, changes, and security events.
Yes. Our employees undergo regular security and data protection training in line with ISO and GDPR requirements.
Yes. All backups are encrypted and stored in secure, geo-redundant locations within the UK/EU zones.
Yes. We accommodate security reviews and provide documentation or evidence on request under NDA.
Yes. Our standard SLA includes a 72-hour breach notification commitment with full remediation support.

Yes. Under GDPR, customers may request that their data be deleted or anonymized. We provide this on request via support.
Yes. For billing, we process payments via PCI-DSS certified payment gateways to ensure transaction security.
Yes. Different permission levels ensure that users can only access the data and tools relevant to their role.
Access is restricted through firewalls, VPNs, 2FA, password policies, and IP allowlisting where configured.
Yes. For compliance, QuickSMS scans message content for forbidden terms (e.g., phishing, hate speech) in regulated regions.
Yes. We offer GDPR-compliant DPAs and will execute custom agreements where needed for enterprise clients.
Yes. We support compliance with the NHS Data Security and Protection Toolkit (DSPT) and Crown Commercial Service frameworks.
Yes. All activity is logged, including logins, changes, API calls, and sending events, for traceability and security audits.
Passwords must be strong (minimum 8 characters, alphanumeric), and automatic lockout is enabled after failed attempts.
Yes. Annual external pen-tests and regular internal vulnerability scans ensure platform security remains strong.
Yes. Enterprise clients can integrate SAML-based SSO to centralize authentication and improve access control.
We notify affected users and regulators within 72 hours, as required under GDPR, and provide full post-incident reports.
Yes. IPs are logged for every API request for security, audit trail, and rate limiting purposes.
Yes. You can configure IP filters to restrict access to your dashboard or API endpoints by country or region.
Yes. You can export contact records, message logs, and consent records in CSV or JSON format for your own storage or audits.
Yes. Our admin dashboard provides detailed audit trails of user actions, changes, and security events.
Yes. Our employees undergo regular security and data protection training in line with ISO and GDPR requirements.
Yes. All backups are encrypted and stored in secure, geo-redundant locations within the UK/EU zones.
Yes. We accommodate security reviews and provide documentation or evidence on request under NDA.
Yes. Our standard SLA includes a 72-hour breach notification commitment with full remediation support.
Yes. MFA is mandatory for all admin-level accounts and highly recommended for all users.
Yes. We apply fair-use rate limits to prevent abuse and ensure fair performance across clients.
Yes. All infrastructure is hosted in Tier 3+ or higher-rated data centers with redundancy and uptime SLAs.
Yes. With appropriate agreements in place, enterprise clients may conduct third-party audits or assessments.
We offer built-in consent tracking, opt-out logs, and preference centers to help you stay compliant with marketing laws.
Yes. We use carefully vetted sub-processors and maintain a public list available to clients under NDA.
We assist clients in fulfilling DSRs by providing data exports, rectifications, or deletions upon verified requests.
Yes. Our Data Protection Officer oversees compliance with all data privacy laws and acts as your main point of contact.
Yes. We offer CCPA-compliant processes including opt-out rights, data access, and deletion support for US residents.