telv
IntegrationsRegistrationComplianceOperationsContact

Legal

Data Processing and Security Policy

Last updated: June 9, 2026

1. Purpose and Scope

This Data Processing and Security Policy ("Data Policy") describes how Telv Communications ("Telv") processes data on behalf of clients in the course of providing managed SMS compliance operations services, and the security controls Telv maintains to protect that data.

This Policy applies to:

  • Data processed by Telv on behalf of clients ("Client Data")
  • Data submitted to messaging providers, carriers, and registries as part of registration and compliance work
  • Technical and operational data collected and maintained within Telv's service infrastructure

This Policy supplements the Telv Privacy Policy, which governs personal information collected directly from Site visitors and business contacts. Where this Policy and the Privacy Policy address the same subject, this Policy governs for Client Data processed under a service engagement.

2. Categories of Data Processed

In the course of managed compliance operations, Telv may process the following categories of data on behalf of clients:

2.1 Business Identity and Verification Data

  • Legal business name, DBA names, and entity type
  • State of incorporation and EIN or tax identification numbers
  • Business address, phone number, and website
  • Authorized signatory information

2.2 Messaging Program Data

  • Intended SMS use case and campaign description
  • Sample messages and message templates
  • Opt-in and opt-out language and disclosure text
  • Sender number types and requested numbers
  • Estimated monthly message volume and target audience description

2.3 Consent and Opt-In Evidence

  • Screenshots or recordings of opt-in flows
  • Privacy policy and terms of service URLs
  • Consent language and disclosures as presented to end users
  • Timestamps or records of consent mechanism review

Note: Telv does not collect, store, or process end user consent records on behalf of clients. The obligation to maintain records of individual end user consent remains entirely with the client.

2.4 Provider and Registry Correspondence

  • Submission confirmations and reference numbers
  • Provider feedback, revision requests, and approval records
  • Escalation correspondence and remediation documentation
  • Number status records and inventory notes

2.5 Operational Service Data

  • Internal project notes and task records
  • Client communication logs
  • Service delivery timelines and status records

3. Data Processing Principles

Telv processes Client Data in accordance with the following principles:

Purpose limitation. Client Data is processed only to deliver the services agreed upon and not for any other purpose, including the development of competing services or the sale of data to third parties.

Data minimization. Telv requests only the data necessary to perform the relevant service function. Telv does not retain copies of documents not needed for the service record.

Accuracy. Telv maintains records as provided by the client. Where errors or inconsistencies are identified, Telv flags them for client correction before submission.

Integrity and confidentiality. Client Data is handled with security controls appropriate to its sensitivity, as described in Section 5 of this Policy.

Client instruction. Telv submits information to providers, carriers, and registries only at the direction of and on behalf of the client. The client remains the data controller and program owner for all such submissions.

4. Data Retention and Deletion

4.1 Retention Schedule

Telv retains Client Data in accordance with the following schedule:

Data CategoryRetention Period
Registration evidence packages5 years from submission date
Provider approval records and correspondence5 years from program approval
Consent flow documentation5 years from review date
Number inventory and sender recordsDuration of active program + 5 years
Client communications and project notes3 years from end of engagement
Internal operational logs24 months

Retention periods begin from the date of the last relevant activity unless a longer period is required by law or legal hold.

4.2 Deletion and Return

Upon written request from a client following engagement termination, Telv will:

  • Return a copy of the client's registration evidence files and approval records in a standard format
  • Delete Telv's copies of Client Data within 60 days of the termination date, except as required by law or legal hold

Deletion requests should be submitted to: [email protected]

5. Security Controls

Telv implements the following security controls to protect Client Data:

5.1 Access Controls

  • Access to Client Data is limited to Telv personnel with a defined need to perform their job function
  • Personnel are assigned the minimum access level required for their role
  • Access privileges are reviewed quarterly and revoked upon role change or departure
  • Multi-factor authentication is required for all systems containing Client Data

5.2 Data in Transit

  • All data transmitted between clients and Telv (including email, file uploads, and web forms) is protected using TLS 1.2 or higher
  • Submissions to provider portals and registries are conducted over encrypted connections

5.3 Data at Rest

  • Client Data stored in cloud-based platforms is encrypted at rest using AES-256 or equivalent
  • Local copies of sensitive documents are stored in password-protected or encrypted containers

5.4 Vendor Security

  • Third-party service providers with access to Client Data are assessed for security practices prior to engagement
  • Vendors are contractually required to maintain security controls at least as protective as those described in this Policy
  • Vendor access is reviewed annually

5.5 Incident Response

In the event of a confirmed or reasonably suspected security incident affecting Client Data, Telv will:

  • Contain the incident and assess its scope
  • Notify affected clients within 72 hours of becoming aware of an incident that is likely to result in a risk to their interests
  • Provide a written incident summary within 30 days, including the nature of the incident, data categories affected, estimated number of records involved, and remediation steps taken

6. Sub-processors

Telv uses third-party service providers ("sub-processors") to support service delivery. Categories of sub-processors include:

  • Cloud storage and document management
  • Customer relationship and project management
  • Business email and communication tools
  • Website hosting and form processing

Telv maintains a list of current sub-processors and will make it available to clients upon written request. Telv will provide 30 days' advance notice of any new sub-processor addition that involves Client Data. Clients may object to a new sub-processor within that period; if the objection cannot be resolved, either party may terminate the affected services.

7. Cross-Border Data Transfers

Telv's primary operations and data infrastructure are located in the United States. Client Data is generally processed and stored within the United States.

Where Telv transfers data outside the United States (e.g., via sub-processors operating internationally), Telv ensures that such transfers are subject to appropriate safeguards, including standard contractual clauses or other mechanisms recognized by applicable law.

8. Client Obligations

Clients engaging Telv for data processing activities agree to:

  • Provide only data they are authorized to share with Telv and its sub-processors
  • Maintain their own lawful basis for processing any personal data included in materials submitted to Telv
  • Promptly inform Telv of any changes to the accuracy of previously submitted information
  • Notify Telv of any legal hold, litigation, or regulatory investigation that may affect data retention obligations

9. Updates to This Policy

Telv may revise this Data Policy from time to time to reflect changes in services, technology, or legal requirements. Material changes will be communicated to active clients with at least 14 days' advance notice before taking effect.

10. Contact

For questions about this Policy or to submit a data retention, deletion, or sub-processor inquiry:

Telv Communications Data Inquiries 800 N King Street Suite 304 - 1029 Wilmington, DE 19801 Email: [email protected]

telv
IntegrationsRegistrationComplianceOperationsContact

Legal

Data Processing and Security Policy

Last updated: June 9, 2026

1. Purpose and Scope

This Data Processing and Security Policy ("Data Policy") describes how Telv Communications ("Telv") processes data on behalf of clients in the course of providing managed SMS compliance operations services, and the security controls Telv maintains to protect that data.

This Policy applies to:

  • Data processed by Telv on behalf of clients ("Client Data")
  • Data submitted to messaging providers, carriers, and registries as part of registration and compliance work
  • Technical and operational data collected and maintained within Telv's service infrastructure

This Policy supplements the Telv Privacy Policy, which governs personal information collected directly from Site visitors and business contacts. Where this Policy and the Privacy Policy address the same subject, this Policy governs for Client Data processed under a service engagement.

2. Categories of Data Processed

In the course of managed compliance operations, Telv may process the following categories of data on behalf of clients:

2.1 Business Identity and Verification Data

  • Legal business name, DBA names, and entity type
  • State of incorporation and EIN or tax identification numbers
  • Business address, phone number, and website
  • Authorized signatory information

2.2 Messaging Program Data

  • Intended SMS use case and campaign description
  • Sample messages and message templates
  • Opt-in and opt-out language and disclosure text
  • Sender number types and requested numbers
  • Estimated monthly message volume and target audience description

2.3 Consent and Opt-In Evidence

  • Screenshots or recordings of opt-in flows
  • Privacy policy and terms of service URLs
  • Consent language and disclosures as presented to end users
  • Timestamps or records of consent mechanism review

Note: Telv does not collect, store, or process end user consent records on behalf of clients. The obligation to maintain records of individual end user consent remains entirely with the client.

2.4 Provider and Registry Correspondence

  • Submission confirmations and reference numbers
  • Provider feedback, revision requests, and approval records
  • Escalation correspondence and remediation documentation
  • Number status records and inventory notes

2.5 Operational Service Data

  • Internal project notes and task records
  • Client communication logs
  • Service delivery timelines and status records

3. Data Processing Principles

Telv processes Client Data in accordance with the following principles:

Purpose limitation. Client Data is processed only to deliver the services agreed upon and not for any other purpose, including the development of competing services or the sale of data to third parties.

Data minimization. Telv requests only the data necessary to perform the relevant service function. Telv does not retain copies of documents not needed for the service record.

Accuracy. Telv maintains records as provided by the client. Where errors or inconsistencies are identified, Telv flags them for client correction before submission.

Integrity and confidentiality. Client Data is handled with security controls appropriate to its sensitivity, as described in Section 5 of this Policy.

Client instruction. Telv submits information to providers, carriers, and registries only at the direction of and on behalf of the client. The client remains the data controller and program owner for all such submissions.

4. Data Retention and Deletion

4.1 Retention Schedule

Telv retains Client Data in accordance with the following schedule:

Data CategoryRetention Period
Registration evidence packages5 years from submission date
Provider approval records and correspondence5 years from program approval
Consent flow documentation5 years from review date
Number inventory and sender recordsDuration of active program + 5 years
Client communications and project notes3 years from end of engagement
Internal operational logs24 months

Retention periods begin from the date of the last relevant activity unless a longer period is required by law or legal hold.

4.2 Deletion and Return

Upon written request from a client following engagement termination, Telv will:

  • Return a copy of the client's registration evidence files and approval records in a standard format
  • Delete Telv's copies of Client Data within 60 days of the termination date, except as required by law or legal hold

Deletion requests should be submitted to: [email protected]

5. Security Controls

Telv implements the following security controls to protect Client Data:

5.1 Access Controls

  • Access to Client Data is limited to Telv personnel with a defined need to perform their job function
  • Personnel are assigned the minimum access level required for their role
  • Access privileges are reviewed quarterly and revoked upon role change or departure
  • Multi-factor authentication is required for all systems containing Client Data

5.2 Data in Transit

  • All data transmitted between clients and Telv (including email, file uploads, and web forms) is protected using TLS 1.2 or higher
  • Submissions to provider portals and registries are conducted over encrypted connections

5.3 Data at Rest

  • Client Data stored in cloud-based platforms is encrypted at rest using AES-256 or equivalent
  • Local copies of sensitive documents are stored in password-protected or encrypted containers

5.4 Vendor Security

  • Third-party service providers with access to Client Data are assessed for security practices prior to engagement
  • Vendors are contractually required to maintain security controls at least as protective as those described in this Policy
  • Vendor access is reviewed annually

5.5 Incident Response

In the event of a confirmed or reasonably suspected security incident affecting Client Data, Telv will:

  • Contain the incident and assess its scope
  • Notify affected clients within 72 hours of becoming aware of an incident that is likely to result in a risk to their interests
  • Provide a written incident summary within 30 days, including the nature of the incident, data categories affected, estimated number of records involved, and remediation steps taken

6. Sub-processors

Telv uses third-party service providers ("sub-processors") to support service delivery. Categories of sub-processors include:

  • Cloud storage and document management
  • Customer relationship and project management
  • Business email and communication tools
  • Website hosting and form processing

Telv maintains a list of current sub-processors and will make it available to clients upon written request. Telv will provide 30 days' advance notice of any new sub-processor addition that involves Client Data. Clients may object to a new sub-processor within that period; if the objection cannot be resolved, either party may terminate the affected services.

7. Cross-Border Data Transfers

Telv's primary operations and data infrastructure are located in the United States. Client Data is generally processed and stored within the United States.

Where Telv transfers data outside the United States (e.g., via sub-processors operating internationally), Telv ensures that such transfers are subject to appropriate safeguards, including standard contractual clauses or other mechanisms recognized by applicable law.

8. Client Obligations

Clients engaging Telv for data processing activities agree to:

  • Provide only data they are authorized to share with Telv and its sub-processors
  • Maintain their own lawful basis for processing any personal data included in materials submitted to Telv
  • Promptly inform Telv of any changes to the accuracy of previously submitted information
  • Notify Telv of any legal hold, litigation, or regulatory investigation that may affect data retention obligations

9. Updates to This Policy

Telv may revise this Data Policy from time to time to reflect changes in services, technology, or legal requirements. Material changes will be communicated to active clients with at least 14 days' advance notice before taking effect.

10. Contact

For questions about this Policy or to submit a data retention, deletion, or sub-processor inquiry:

Telv Communications Data Inquiries 800 N King Street Suite 304 - 1029 Wilmington, DE 19801 Email: [email protected]

telv
IntegrationsRegistrationComplianceOperationsContact

Legal

Data Processing and Security Policy

Last updated: June 9, 2026

1. Purpose and Scope

This Data Processing and Security Policy ("Data Policy") describes how Telv Communications ("Telv") processes data on behalf of clients in the course of providing managed SMS compliance operations services, and the security controls Telv maintains to protect that data.

This Policy applies to:

  • Data processed by Telv on behalf of clients ("Client Data")
  • Data submitted to messaging providers, carriers, and registries as part of registration and compliance work
  • Technical and operational data collected and maintained within Telv's service infrastructure

This Policy supplements the Telv Privacy Policy, which governs personal information collected directly from Site visitors and business contacts. Where this Policy and the Privacy Policy address the same subject, this Policy governs for Client Data processed under a service engagement.

2. Categories of Data Processed

In the course of managed compliance operations, Telv may process the following categories of data on behalf of clients:

2.1 Business Identity and Verification Data

  • Legal business name, DBA names, and entity type
  • State of incorporation and EIN or tax identification numbers
  • Business address, phone number, and website
  • Authorized signatory information

2.2 Messaging Program Data

  • Intended SMS use case and campaign description
  • Sample messages and message templates
  • Opt-in and opt-out language and disclosure text
  • Sender number types and requested numbers
  • Estimated monthly message volume and target audience description

2.3 Consent and Opt-In Evidence

  • Screenshots or recordings of opt-in flows
  • Privacy policy and terms of service URLs
  • Consent language and disclosures as presented to end users
  • Timestamps or records of consent mechanism review

Note: Telv does not collect, store, or process end user consent records on behalf of clients. The obligation to maintain records of individual end user consent remains entirely with the client.

2.4 Provider and Registry Correspondence

  • Submission confirmations and reference numbers
  • Provider feedback, revision requests, and approval records
  • Escalation correspondence and remediation documentation
  • Number status records and inventory notes

2.5 Operational Service Data

  • Internal project notes and task records
  • Client communication logs
  • Service delivery timelines and status records

3. Data Processing Principles

Telv processes Client Data in accordance with the following principles:

Purpose limitation. Client Data is processed only to deliver the services agreed upon and not for any other purpose, including the development of competing services or the sale of data to third parties.

Data minimization. Telv requests only the data necessary to perform the relevant service function. Telv does not retain copies of documents not needed for the service record.

Accuracy. Telv maintains records as provided by the client. Where errors or inconsistencies are identified, Telv flags them for client correction before submission.

Integrity and confidentiality. Client Data is handled with security controls appropriate to its sensitivity, as described in Section 5 of this Policy.

Client instruction. Telv submits information to providers, carriers, and registries only at the direction of and on behalf of the client. The client remains the data controller and program owner for all such submissions.

4. Data Retention and Deletion

4.1 Retention Schedule

Telv retains Client Data in accordance with the following schedule:

Data CategoryRetention Period
Registration evidence packages5 years from submission date
Provider approval records and correspondence5 years from program approval
Consent flow documentation5 years from review date
Number inventory and sender recordsDuration of active program + 5 years
Client communications and project notes3 years from end of engagement
Internal operational logs24 months

Retention periods begin from the date of the last relevant activity unless a longer period is required by law or legal hold.

4.2 Deletion and Return

Upon written request from a client following engagement termination, Telv will:

  • Return a copy of the client's registration evidence files and approval records in a standard format
  • Delete Telv's copies of Client Data within 60 days of the termination date, except as required by law or legal hold

Deletion requests should be submitted to: [email protected]

5. Security Controls

Telv implements the following security controls to protect Client Data:

5.1 Access Controls

  • Access to Client Data is limited to Telv personnel with a defined need to perform their job function
  • Personnel are assigned the minimum access level required for their role
  • Access privileges are reviewed quarterly and revoked upon role change or departure
  • Multi-factor authentication is required for all systems containing Client Data

5.2 Data in Transit

  • All data transmitted between clients and Telv (including email, file uploads, and web forms) is protected using TLS 1.2 or higher
  • Submissions to provider portals and registries are conducted over encrypted connections

5.3 Data at Rest

  • Client Data stored in cloud-based platforms is encrypted at rest using AES-256 or equivalent
  • Local copies of sensitive documents are stored in password-protected or encrypted containers

5.4 Vendor Security

  • Third-party service providers with access to Client Data are assessed for security practices prior to engagement
  • Vendors are contractually required to maintain security controls at least as protective as those described in this Policy
  • Vendor access is reviewed annually

5.5 Incident Response

In the event of a confirmed or reasonably suspected security incident affecting Client Data, Telv will:

  • Contain the incident and assess its scope
  • Notify affected clients within 72 hours of becoming aware of an incident that is likely to result in a risk to their interests
  • Provide a written incident summary within 30 days, including the nature of the incident, data categories affected, estimated number of records involved, and remediation steps taken

6. Sub-processors

Telv uses third-party service providers ("sub-processors") to support service delivery. Categories of sub-processors include:

  • Cloud storage and document management
  • Customer relationship and project management
  • Business email and communication tools
  • Website hosting and form processing

Telv maintains a list of current sub-processors and will make it available to clients upon written request. Telv will provide 30 days' advance notice of any new sub-processor addition that involves Client Data. Clients may object to a new sub-processor within that period; if the objection cannot be resolved, either party may terminate the affected services.

7. Cross-Border Data Transfers

Telv's primary operations and data infrastructure are located in the United States. Client Data is generally processed and stored within the United States.

Where Telv transfers data outside the United States (e.g., via sub-processors operating internationally), Telv ensures that such transfers are subject to appropriate safeguards, including standard contractual clauses or other mechanisms recognized by applicable law.

8. Client Obligations

Clients engaging Telv for data processing activities agree to:

  • Provide only data they are authorized to share with Telv and its sub-processors
  • Maintain their own lawful basis for processing any personal data included in materials submitted to Telv
  • Promptly inform Telv of any changes to the accuracy of previously submitted information
  • Notify Telv of any legal hold, litigation, or regulatory investigation that may affect data retention obligations

9. Updates to This Policy

Telv may revise this Data Policy from time to time to reflect changes in services, technology, or legal requirements. Material changes will be communicated to active clients with at least 14 days' advance notice before taking effect.

10. Contact

For questions about this Policy or to submit a data retention, deletion, or sub-processor inquiry:

Telv Communications Data Inquiries 800 N King Street, Suite 304-1029 Wilmington, DE 18612-1409 Email: [email protected]