Privacy Policy for SMS Operational Alerts
This Policy explains how Penelope Inc. (“Penelope,” “we,” “us”) collects, uses, and protects personal information for the Penelope Ops Alerts SMS program. This program sends non-marketing, operational notifications (e.g., system alarms, incident updates) to Penelope employees and approved contractors who opt in.
1) Scope
This Policy covers data collected through:
- Our internal alerts page (e.g., https://www.penelope.com/alerts);
- SMS messages sent/received via our messaging providers and carriers;
- Related verification flows (e.g., one-time passcodes).
2) Information We Collect
- Identification & Contact: name, work email, mobile phone number.
- Employment context: role, team, eligibility status (employee/contractor).
- Messaging metadata: timestamps, delivery status, carrier information, message routing data.
- Message content: text you send to us (e.g., “HELP,” “STOP,” acknowledgements).
- Technical data (web): IP address and basic device/browser data for the alerts page.
We collect information from you directly (opt-in forms, SMS replies) and automatically from our providers (delivery receipts, carrier data).
3) How We Use Your Information
- Send operational alerts you have requested/consented to receive;
- Verify phone ownership and manage opt-in/opt-out status;
- Troubleshoot delivery and improve reliability;
- Maintain compliance and security audit trails;
- Protect our services against abuse, fraud, or security threats.
We do not use this program for marketing and we do not sell or share your personal information for cross-context behavioral advertising.
4) Legal Bases (where applicable)
- Legitimate interests: operational notifications necessary for business continuity and security.
- Consent: when you opt in to receive SMS alerts (you can opt out at any time).
6) International Transfers
SMS delivery and cloud processing may occur outside your home jurisdiction. Where required, we use appropriate safeguards for international transfers (e.g., contractual clauses).
7) Data Retention
- Opt-in/opt-out records & phone number: retained while enrolled and up to 24 months after opt-out for compliance and audit.
- Message content & metadata: typically retained 12–24 months for troubleshooting and compliance, unless longer is required by law or security needs.
We periodically review and minimize retained data.
8) Your Choices & Rights
- Opt-in: enroll via our internal alerts page and verify your number.
- Opt-out: text STOP at any time; or remove your number on the alerts page; or email ops-sms@penelope.com.
- Help: text HELP for help or contact ops-sms@penelope.com.
- Access/Deletion (where applicable): request access, correction, or deletion via ops-sms@penelope.com. We’ll honor requests consistent with law and security obligations.
Message frequency varies with incident volume (typically 0–5 msgs/day; may spike during incidents). Msg & Data rates may apply.
9) Security
We apply administrative, technical, and physical safeguards appropriate to the data, including access controls, logging, and encryption in transit where supported. No method is 100% secure, but we continuously work to protect your information.
10) Children’s Data
This program is for Penelope employees and approved contractors and is not intended for children.
11) Do Not Track / Preferences
Our SMS program does not track users across third-party websites. Any web interactions (e.g., acknowledgment links) follow our general website practices.
12) California Privacy (CCPA/CPRA) Notice
We do not sell or share personal information for cross-context behavioral advertising. We collect the categories listed in Section 2 for the business purposes in Section 3. California residents may exercise rights to know, correct, or delete (subject to legal exceptions) by contacting ops-sms@penelope.com.
13) Changes to This Policy
We may update this Policy from time to time. The “Effective date” above shows the latest revision. Material changes will be posted on this page and, where appropriate, communicated via internal channels.