Contact Us
Help Center
Privacy Policy
Our Privacy Policy describes what personal information we may collect and how we may use and protect any personal information that is made available to us.
This policy was implemented on 10 September 2025.
1. Introduction
2. Commitment to Privacy
2.1 Data Privacy Principles
We are committed to maintaining the confidentiality, integrity and security of personal information and we will take all appropriate technical and organisational security measures to ensure that where any personal information is provided to us it will be protected against loss, destruction and damage, and against unauthorised or accidental access, processing, erasure, transfer, use, modification, disclosure or other misuse.
We shall not disclose to any person any personal data of a data subject that is processed or hosted by us where any such disclosure would not comply in all respects with the provisions of any applicable data protection legislation or regulations relating to the data subject concerned.
We will ensure that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, with further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes not considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which the personal data is processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by Applicable Law in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2.2 Application of the Principles
Within the context of the Services that we provide, our commitment to the above principles means that we recognise that a User’s phonebook, message content and MSISDNs indicating to whom messages were sent to or received from belong exclusively to that User and will not be disclosed by us to any third parties without the user’s written permission unless we are required to do so in terms of any law, regulation or order issued by any relevant court or tribunal.
We also recognise that any recipient of any message has the right to know the identity of the sender, and this will be disclosed on request to the recipient where known to us.
Where the personal data of any EU member state subject is transferred to Kero in a non-EU member state for processing, or where the personal data of a subject of any state or union of states whose laws prohibit the transfer of personal data for processing outside of such state or union of states unless minimum protection measures are in place as determined by the provisions of the relevant laws, is transferred to Kero for processing outside of such state or union of states Kero shall ensure that adequate technical and organizational security measures are in place so as to comply with such laws and so as to provide a level of protection appropriate to the risks represented by the processing of such data and in order to protect such data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access or any other unlawful form of processing.
2.3 Personal Data we may Collect and Process
Our Users may be required to submit limited personal information when accessing the Services including a username, email address and password for the purposes of protecting User accounts against unauthorized access. In addition, messages, files or other data contained in the Services may contain the personal information of third parties.
We only collect your personal information and company data that is necessary for us to provide you with our messaging services. Where you consent to provide us with your name, email address and mobile phone number via an electronic form, we may use your personal information to contact you via telephone call, email, SMS, RCS, WhatsApp or other messaging applications and provide you with information about our service and updates about developments and events pertaining to our service. We will NOT sell, rent, trade or otherwise disclose your information to a third party. Where we contact you via SMS, RCS and WhatsApp, message and data rates may apply and message frequency varies.
We may automatically record certain information about the use of our Services such as account activity (e.g. usage, log-ins, actions taken), data displayed or clicked on (e.g. GUI elements, links), and other log information (e.g. browser type, IP address, date and time of access).
We may use this information to provide authorized persons with usage reports and internally to deliver the best possible service to our clients and Users, such as improving software user interfaces and maintaining a consistent, reliable and secure user experience.
We may also detect and log a User’s location and IP address in order to identify the User’s geographic region or time zone for routing traffic to geographically based servers or for managing time-sensitive tasks like the sending of notifications.
Like many reputable online companies, our Services, including our website, other online services, applications, email messages and advertisements, if any, may use “cookies” and other technologies such as pixel tags and web beacons to collect information. A cookie is a small data file stored on the web browser on your computer’s hard drive. Cookies and other technologies allow us to count how many Users visited certain web pages within our web site, their personal preferences and to measure the effectiveness of our website and electronic advertisements for different computing devices and regions.
We use this information to understand and analyse trends, to administer our websites and to learn about user behaviour on our websites. If a User blocks cookies from being stored on a computer, the functionality of our Services may be negatively affected.
We may carry out and perform functional, statistical, textual, semantic and other forms of analysis of non-personally identifiable data that is hosted or processed by us in relation to our Services. We do this to improve the performance of our Services, to understand the way in which our Services are being utilised, to identify usage patterns, market trends, to gain insights and to formulate new products and service offerings. We may also process, aggregate and anonymize personal data such that it does not reveal any confidential, personal or sensitive data or any features from which confidential, personal or sensitive data may be ascertained. We will never disclose confidential, personal or sensitive data without the direct or indirect consent of the party to whom we owe the duty of confidentiality and/or the data subject concerned. We may process and transfer anonymized data in our reasonable discretion including within the Kero group of companies.
3. API's and Third-Party Processing
Where, for the purpose of providing the Services to you, any Kero Service acts as an Application Programming Interface (“API”) for the purpose of specifying how different software systems should interact with each other, or where for that same purpose any Kero Service interacts with other API’s, including third party API’s, you consent and agree that we may pass and retrieve data, including personal information, between the different software systems and third parties that interact via those API’s.
Where we make use of third-party service providers to help us provide the Services to you, including for the purposes of retrieving or delivering information, records, notifications or other messages to you or any User’s or for hosting or providing any component of our Services, we require such third parties to maintain the confidentiality of any personal information we provide to them for these purposes. Some of these third parties may be situated outside of your country and you consent to your personal data and that of any data subjects you provide to us being transferred cross-border so that we can provide the Services to you. In this regard, we engage only with reputed third-party service providers who have security and privacy policies and procedures providing at least the same level of protection as we do ourselves. You further consent and agree that Kero may process and share User or End-User data with third-party Network Operators and Platform Operators where the Applicable Laws and Additional Terms accepted by Users and End-Users as part of the Kero Terms of Service and Privacy Policy expressly contemplate and provide for such processing or sharing.
You warrant that you have all necessary permissions to accept the terms of this privacy policy and to give us the above consent. A list of third-party service providers who process data on behalf of Kero is available at List of Subprocessors.
We may share data, including Personal Data, collected from Users of our Services with third-party service providers or consultants who require access to that data to perform their work on our behalf for the purpose of helping us deliver our Services. These third-party service providers or consultants are limited to only accessing or using this data to provide the services to us and must provide reasonable assurances that they will appropriately safeguard the data. We may also share non-personal or non-identifiable information, including website visitor information and account usage data with third party analytics service providers.
Rich Communication Services (“RCS”) messages intended for display on mobile devices may be sent and received through Google’s RCS systems over the Internet. If RCS messages are provided by Google, but the message recipient’s RCS service is with another provider, messages may be routed through Google’s RCS backend and through the recipient’s RCS backend. To make sure messages are properly delivered, Google may use information like sender and recipient phone numbers, device identifiers and SIM card numbers. This data may be stored by Google in order to keep users connected to RCS and in cases where users temporarily go offline. When RCS messaging is used, Google may check the message sender’s contacts to find out if they can also use RCS chats. These checks may go through Google’s RCS backend and other service providers to reach the sender’s contacts. Users of RCS Business Messaging (“RBM”) services agree to be bound by the policies and terms of Google, available at Kero Applicable Laws and Additional Terms.
Where we provide the WhatsApp Business API service, messages intended for display on mobile devices may be sent and received through Meta’s WhatsApp systems over the Internet. WhatsApp messages may be routed through Meta’s backend and the through the recipient’s WhatsApp app. To make sure messages are properly delivered, Meta may use information like sender and recipient phone numbers, device identifiers and SIM card numbers. This data may be stored by Meta in order to keep users connected to WhatsApp and in cases where users temporarily go offline. Users of WhatsApp Business API services agree to be bound by the policies and terms of Meta, available at Kero Applicable Laws and Additional Terms.
4. Communications with You
We may communicate with User’s, resellers and other persons by email and other messaging applications, including SMS, RCS and WhatsApp. You may opt out from promotional communications from us that are not strictly related to the provision of the Services to you.