Compliance — ZhuMobile

← Return to ZhuMobile

At ZhuMobile, compliance is not an afterthought — it is an engineering principle. Our platform is designed from the ground up to enable enterprise clients to operate within the boundaries of global telecommunications regulations, data protection law, and sector-specific requirements. We maintain a dedicated compliance team and continuously monitor the regulatory landscape across our 45+ active markets.

Regulatory Frameworks

Data Protection

GDPR

General Data Protection Regulation — EU/EEA. We act as a data processor on behalf of clients who are data controllers. We provide Data Processing Addenda (DPA), maintain records of processing activities, and support data subject rights workflows.

Anti-Spam

CASL

Canada's Anti-Spam Legislation. All messaging flows support express and implied consent tracking, mandatory identification elements, and compliant unsubscribe mechanisms within the required timeframe.

Anti-Spam

CAN-SPAM / TCPA

US federal law governing commercial email and SMS. Our platform enforces opt-out honouring, sender identification, and messaging-hour restrictions for US-originated campaigns across all channels.

Data Protection

CCPA / CPRA

California Consumer Privacy Act and California Privacy Rights Act. We support consumer rights requests, data sale opt-outs, and privacy notice requirements for clients serving California residents.

Healthcare

HIPAA

Health Insurance Portability and Accountability Act (US). We sign Business Associate Agreements (BAA) with healthcare clients and implement technical safeguards for handling Protected Health Information (PHI) in messaging workflows.

Financial

PCI DSS

Payment Card Industry Data Security Standard. Our platform does not store or transmit raw cardholder data. Payment-related messaging campaigns follow PCI DSS guidelines for tokenised references and secure communication.

Regional

LGPD (Brazil)

Lei Geral de Proteção de Dados. We support Brazilian data subject rights, consent management, and the appointment of a Data Protection Officer (DPO) for clients operating in Brazil.

Telecom

Carrier Regulations

We maintain direct relationships with licensed carriers across 45+ countries and comply with national telecommunications authority regulations governing A2P SMS, WhatsApp Business messaging, and RCS delivery.

Security Standards

ZhuMobile's security programme is built on internationally recognised frameworks and best practices:

Encryption: all data in transit is encrypted using TLS 1.2+ (TLS 1.3 preferred); data at rest is encrypted using AES-256
Access controls: role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege across all internal systems
Vulnerability management: regular penetration testing, automated vulnerability scanning, and a responsible disclosure programme
Incident response: documented incident response plan with 72-hour breach notification capability aligned to GDPR Article 33 requirements
Audit logging: comprehensive, tamper-evident audit logs for all platform actions, message sends, and administrative changes
Business continuity: geo-redundant infrastructure with automated failover and 99.99% uptime SLA for enterprise plans
Vendor management: all sub-processors are evaluated for security and compliance prior to engagement and on an annual basis

Consent Management

ZhuMobile's platform provides built-in tools to help clients manage messaging consent at scale:

Opt-in consent capture and timestamped record storage
Automatic suppression of opted-out numbers across all campaign types
Dual opt-in workflows for jurisdictions requiring confirmed consent
Consent audit trails exportable for regulatory review
Multi-language opt-out keyword support (STOP, ARRET, BAJA, etc.)
Configurable quiet hours and frequency capping per jurisdiction

Data Processing and Sub-processors

ZhuMobile uses a limited number of vetted sub-processors to deliver its services, including cloud infrastructure providers, analytics tools, and carrier aggregation partners. A current list of sub-processors is available to enterprise clients upon request and is maintained in your Data Processing Addendum. Clients are notified of material sub-processor changes with at least 30 days advance notice.

Compliance Documentation Available to Clients

Data Processing Addendum (DPA)
Business Associate Agreement (BAA) — healthcare clients
Security overview and technical controls summary
Sub-processor list
Penetration test executive summary (under NDA)
Incident response policy summary

To request compliance documentation, contact your account manager or our compliance team directly.

Responsible Messaging Commitment

ZhuMobile is committed to responsible mobile marketing. We reserve the right to refuse service to, or immediately terminate accounts of, any client transmitting content that violates applicable law, our acceptable use policy, or the spirit of responsible communication — including spam, deceptive content, phishing, or content that exploits or harms recipients.

Contact Our Compliance Team

For compliance enquiries, DPA requests, or to report a potential issue:
ZhuMobile — Compliance & Privacy
A Parlee Conseiller company
Email: [email protected]
Privacy: [email protected]
General: [email protected]