Privacy Policy
CHECKMOBI — a MOBITECH LABS S.R.L. company
Last Updated: April 21, 2026 | Effective Date: April 21, 2026
1. Introduction and Identity of the Data Controller
This Privacy Policy describes how MOBITECH LABS S.R.L. ('CheckMobi', 'we', 'us', or 'our') collects, uses, stores, transfers, and protects your personal data when you access or use our website at https://checkmobi.com and our cloud platform, APIs, and related services (collectively, the 'CheckMobi Platform').
MOBITECH LABS S.R.L. is the Data Controller for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation (GDPR)), and is registered as follows:
- Legal name: MOBITECH LABS S.R.L.
- Registered address: Soseaua Stefan Cel Mare Nr. 24, CAMERA 1, Bl. 24B, Scara A, Etaj 6, Ap. 35, Bucuresti Sector 2, Romania, Postal Code: 020143
- Registration No: RO53418684
- Trade Register No: J2026004635002
- Contact email: support@checkmobi.com
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@checkmobi.com.
2. Scope and Who This Policy Applies To
This Privacy Policy applies to:
- Visitors who browse our website at https://checkmobi.com;
- Registered account holders who use the CheckMobi Platform (developers, businesses, or individual users);
- End users whose phone numbers are processed through the CheckMobi Platform by our customers (e.g. when a business uses our SMS OTP service to verify one of their users).
If you are an end user whose phone number was submitted to CheckMobi by a third-party application or business, please also review that company's privacy policy. CheckMobi processes your phone number as a data processor on behalf of that business (the data controller) for the limited purpose of delivering the verification service.
3. Personal Data We Collect
3.1 Data You Provide Directly
When you register for or use the CheckMobi Platform, we may collect:
- Account information: name, company name, email address, phone number, address, country;
- Billing information: credit/debit card details (processed and stored securely by Stripe, Inc. — we do not store full card numbers), and any other billing details;
- Communications: messages you send us via support channels or contact forms;
- App and API configuration: webhook URLs, application names, and settings you configure in your dashboard.
3.2 Data Generated Through Your Use of the Platform
When you use the CheckMobi API and services, we automatically collect:
- API usage logs: timestamps, request/response metadata, API keys used, call durations, SMS delivery statuses;
- Notification logs: HTTP request and response data between CheckMobi and your server endpoints;
- Billing and transaction records: amounts charged, service tier, credit balance;
- Phone numbers submitted for verification (SMS OTP, IVR call, Caller ID, missed call, or HLR lookup), along with the verification outcome.
3.3 Technical and Device Data
When you visit our website or access the Platform, we automatically collect:
- IP address and approximate geographic location (country/city level);
- Browser type, version, and operating system;
- Pages visited, links clicked, time spent, and referring URL;
- Session identifiers and cookies (see Section 8 for details).
3.4 Data We Do Not Collect
We do not collect or retain the content of voice calls placed through our system beyond what is necessary for call routing and fraud protection. We do not collect sensitive personal data (as defined under GDPR Article 9) unless you choose to provide it to us voluntarily in support communications.
4. Legal Bases for Processing (GDPR)
We process your personal data only where we have a valid legal basis under GDPR Article 6. The legal bases we rely on are:
- Contract performance (Article 6(1)(b)): processing necessary to provide you with the services you have subscribed to, including account management, API access, billing, and support.
- Legitimate interests (Article 6(1)(f)): fraud prevention and security monitoring, improving our platform and services, and maintaining accurate API and billing logs. We have assessed that our legitimate interests are not overridden by your rights in these cases.
- Legal obligation (Article 6(1)(c)): where we are required to process or retain data to comply with EU or Romanian law (e.g. tax and accounting obligations).
- Consent (Article 6(1)(a)): where we send you optional marketing communications. You may withdraw your consent at any time by clicking 'Unsubscribe' in any marketing email or by contacting support@checkmobi.com.
5. How We Use Your Personal Data
We use your personal data for the following purposes:
- Providing and operating the CheckMobi Platform and its services (SMS OTP, IVR verification, Caller ID validation, missed call verification, HLR number lookup, and REST API access);
- Account registration, authentication, and management;
- Processing payments and managing subscriptions and prepaid credit balances;
- Sending transactional communications: account confirmations, receipts, usage alerts, and service notifications (these are mandatory and cannot be opted out of while you hold an active account);
- Sending promotional communications (only with your consent, and with easy opt-out);
- Responding to support requests, resolving disputes, and investigating complaints;
- Detecting and preventing fraud, abuse, spam, and security threats;
- Complying with legal and regulatory obligations;
- Improving the performance, reliability, and features of our Platform through anonymised analytics.
6. Sharing and Disclosure of Personal Data
We do not sell your personal data. We share it only in the following circumstances:
6.1 Service Providers (Data Processors)
We engage trusted third-party companies to process data on our behalf, under written data processing agreements that comply with GDPR. These include:
- Stripe, Inc. — payment processing (see https://stripe.com/privacy);
- Telecommunications carriers and aggregators — for routing SMS, IVR calls, and number lookup queries;
- Cloud infrastructure and hosting providers — for platform operation and data storage;
- Analytics and monitoring providers — for platform performance and error tracking (using anonymised or pseudonymised data where possible).
6.2 Legal Requirements
We may disclose your data where required to do so by law, court order, or competent regulatory or law enforcement authority, including the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), or as otherwise required to comply with our legal obligations.
6.3 Business Transfers
If MOBITECH LABS S.R.L. is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before any such transfer takes effect and a different privacy policy applies.
6.4 Aggregate and Anonymised Data
We may publish or share aggregated, anonymised statistics about platform usage (e.g. total verifications processed per month) which do not identify any individual user.
7. International Data Transfers
CheckMobi is established in Romania and your data is primarily stored and processed within the European Economic Area (EEA). Where we engage service providers located outside the EEA (such as Stripe, Inc. in the United States), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Adequacy decisions where applicable.
You may request information about the specific safeguards applicable to any such transfer by contacting support@checkmobi.com.
8. Cookies and Tracking Technologies
We use cookies and similar technologies (such as pixel tags and web beacons) on our website. Cookies are small text files stored on your device that help us operate and improve the website.
Types of cookies we use:
- Essential cookies: required for the website and platform to function (e.g. session management, authentication). These cannot be disabled.
- Analytics cookies: help us understand how visitors use our website so we can improve it. These are set only with your consent where required by applicable law.
- Preference cookies: remember your settings and choices.
You can manage or disable non-essential cookies through your browser settings or our cookie consent mechanism. Please note that disabling certain cookies may affect the functionality of the website or platform. Third-party advertisers may set their own cookies; we have no control over these.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our general retention periods are:
- Account data: retained for the duration of your account plus 3 years after closure, to comply with legal obligations and resolve disputes;
- API and call logs: retained for up to 12 months from generation;
- Billing records: retained for 10 years as required by Romanian tax and accounting law (Legea contabilitatii nr. 82/1991);
- Marketing consent records: retained for 3 years from the date of consent.
Where data is no longer needed, we delete or anonymise it securely.
10. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
- Right of access (Article 15): you may request a copy of the personal data we hold about you.
- Right to rectification (Article 16): you may ask us to correct inaccurate or incomplete personal data.
- Right to erasure / 'right to be forgotten' (Article 17): you may request deletion of your personal data where there is no compelling reason for us to continue processing it.
- Right to restriction of processing (Article 18): you may ask us to limit how we use your data in certain circumstances.
- Right to data portability (Article 20): you may request a copy of data you provided to us in a structured, machine-readable format.
- Right to object (Article 21): you may object to processing based on our legitimate interests.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: you have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at https://www.dataprotection.ro, or with the supervisory authority in your EU member state of residence.
To exercise any of these rights, please contact us at support@checkmobi.com. We will respond within 30 days of receiving your request. We may need to verify your identity before processing the request.
11. Security of Your Data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL;
- Encrypted storage of passwords and API credentials;
- Access controls restricting access to personal data to authorised personnel only;
- Regular security reviews and monitoring.
Despite these safeguards, no system is completely secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you as required by GDPR Article 34.
12. Children
The CheckMobi Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us at support@checkmobi.com and we will take steps to delete such data promptly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The 'Last Updated' date at the top of this page indicates when the most recent changes were made. Where changes are material, we will notify you by email or by a prominent notice on our website at least 14 days before the changes take effect. We encourage you to review this policy periodically.
14. Contact Us
For any questions, concerns, or to exercise your data rights, please contact:
- Email: support@checkmobi.com
- Postal address: MOBITECH LABS S.R.L., Soseaua Stefan Cel Mare Nr. 24, CAMERA 1, Bl. 24B, Scara A, Etaj 6, Ap. 35, Bucuresti Sector 2, Romania, Postal Code: 020143
You also have the right to contact the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP): website https://www.dataprotection.ro, telephone +40 318 059 211.