Security and compliance you can trust
Enterprise-grade security is not optional -- it is the foundation of everything we build. Your data and your customers' data are protected by encryption, access controls, and full regulatory compliance.
Built with security at every layer
From network infrastructure to application logic, every component of Sakura SMS is designed to protect your data.
TLS/SSL Encryption
All data in transit is encrypted with TLS 1.3. Every API request, webhook callback, and dashboard session uses HTTPS with modern cipher suites.
Data at Rest Encryption
Message logs, customer data, and API keys are encrypted at rest using AES-256. Encryption keys are managed through a dedicated key management service.
Role-Based Access
Define granular permissions for every team member. Administrators, developers, and marketers each see only what they need. Custom roles are supported.
API Key Management
Generate, rotate, and revoke API keys from your dashboard. Restrict keys by IP address, set expiration dates, and monitor usage in real time.
Audit Logging
Every action on your account is logged with timestamps, IP addresses, and user identifiers. Logs are retained for 12 months and exportable on demand.
DDoS Protection
Our infrastructure is protected by multi-layer DDoS mitigation. Rate limiting, traffic analysis, and automatic blocking ensure platform availability.
Regulatory compliance, handled
We stay on top of regulations so you do not have to. Every message sent through Sakura SMS meets local and international compliance standards.
TCRA Licensed
Sakura SMS is fully licensed by the Tanzania Communications Regulatory Authority. We handle Sender ID registration, content compliance checks, and time-of-day sending restrictions automatically so that every message you send meets TCRA requirements.
Tanzania Data Protection Act 2022
We comply with the Tanzania Personal Data Protection Act. Customer data is processed lawfully, stored securely, and never shared with third parties without explicit consent. Data subjects can exercise their rights to access, correction, and deletion.
GDPR Compliance
For customers with European operations or end-users, we provide GDPR-compliant data processing. This includes data processing agreements, lawful basis documentation, data portability, and the right to erasure.
Your data, your control
We believe you should always know where your data is, how long it is kept, and how to get it back.
Data Storage Location
All customer data is stored in secure data centers with physical access controls, redundant power, and environmental monitoring. Message content is stored only for the duration needed for delivery and reporting.
Retention Policies
Message logs are retained for 90 days by default. Delivery reports are available for 12 months. You can configure custom retention periods to match your regulatory requirements or internal policies.
Right to Deletion
Request deletion of your account data at any time. We process deletion requests within 30 days, removing all personal data, message logs, and analytics from our systems permanently.
Data Export
Export your data in standard formats (CSV, JSON) from the dashboard or via the API. This includes message logs, delivery reports, contact lists, and account activity.
Frequently asked questions
Common questions about our security practices, compliance, and data handling.
All customer data is stored in secure, access-controlled data centers. Message content is retained only for the duration necessary for delivery and reporting. We do not transfer your data to jurisdictions outside of what is required for message delivery to the intended recipient's mobile network.
All data in transit is protected with TLS 1.3 encryption. Data at rest -- including message logs, API keys, and customer information -- is encrypted using AES-256. Encryption keys are managed through a dedicated key management service with automatic rotation.
Sakura SMS is TCRA licensed and compliant with the Tanzania Data Protection Act 2022. Our payment infrastructure is PCI DSS Level 1 compliant. We are actively pursuing SOC 2 Type II and ISO 27001 certifications. For customers with European operations, we provide GDPR-compliant data processing agreements.
You can request data deletion by contacting our support team or through your account settings. We process deletion requests within 30 days, removing all personal data, message logs, and analytics from our systems. You will receive confirmation once the deletion is complete.
Yes. Every action on your account is logged, including API calls, dashboard actions, configuration changes, and user management events. Logs include timestamps, IP addresses, and user identifiers. They are retained for 12 months and can be exported in CSV or JSON format from your dashboard.
We maintain a documented incident response plan that covers detection, containment, eradication, recovery, and post-incident review. Security incidents are classified by severity and communicated to affected customers within 24 hours. Our engineering team is on-call 24/7 to respond to platform issues. Post-incident reports are shared with affected customers within 5 business days.
Ready to build on a platform you can trust?
Create your account and start sending messages with enterprise-grade security from day one.