Security & Data Protection
SMS South Africa is committed to protecting customer data through robust security controls, encrypted communications, secure South African hosting, infrastructure redundancy, and ongoing security assessments. Our platform is designed to provide businesses with a reliable, secure, and trusted Bulk SMS solution.
We take a proactive approach to information security by implementing industry best practices, continuously monitoring our systems, and investing in technologies and processes that help safeguard customer information, maintain service availability, and support business continuity.
1. Redundancy, Availability & Uptime
We strive to maintain a highly available platform with minimal service interruptions. Through the use of redundant infrastructure, multiple failover mechanisms, and a Content Delivery Network (CDN), we ensure that critical services remain operational even in the event of hardware or network failures.
Our infrastructure is designed to eliminate single points of failure wherever possible, helping us deliver a reliable and resilient messaging platform for our customers.
2. Security Testing & Continuous Improvement
Security is an ongoing process. We regularly review, audit, assess, and test our systems to identify potential vulnerabilities and strengthen our security posture.
As part of our security programme, penetration testing is conducted at least annually by both internal teams and independent third-party security specialists. These assessments help identify and remediate potential vulnerabilities before they can be exploited.
We continually assess, test, review, and measure our security controls and operational processes as part of our commitment to information security management. This continuous improvement approach helps ensure that our security programme evolves alongside emerging threats, technologies, and industry best practices.
- Regular application security assessments
- Infrastructure and configuration reviews
- Vulnerability monitoring and remediation
- Penetration testing and security audits
- Continuous updates to security controls and best practices
These measures help us maintain a secure environment and protect customer information against emerging threats.
3. Industry Security Standards
Our security programme is informed by internationally recognised security frameworks and best practices, including guidance from the Open Web Application Security Project (OWASP), the National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS), and the Cloud Security Alliance (CSA).
These frameworks help guide our approach to application security, infrastructure protection, vulnerability management, access control, risk management, and continuous security improvement.
4. Physical Security
Our servers are hosted within Teraco’s secure South African data centres, with infrastructure deployed across both the CT1 and CT2 facilities to provide geographic redundancy and enhanced resilience.
By partnering with Teraco, we ensure that customer data remains securely hosted within South Africa while benefiting from world-class physical and operational security standards.
Teraco’s facilities are Tier III+ data centres and maintain internationally recognised certifications, including:
- ISO 27001 – Information Security Management
- ISO 9001 – Quality Management Systems
- SOC 2 Type II – Security, Availability and Confidentiality Controls
- PCI-DSS Compliance – Payment Card Industry Data Security Standards
These certifications demonstrate adherence to globally recognised standards for security, operational excellence, and risk management.
5. System Security
We implement multiple layers of security controls to safeguard our infrastructure from unauthorised access and malicious activity.
- Enterprise-grade firewalls
- Logical access controls and role-based permissions
- Strict authentication and authorisation procedures
- Server hardening and secure configuration standards
- Continuous monitoring and logging
- Regular operating system and security patch updates
Access to production systems is restricted to authorised personnel only and is granted on a least-privilege basis.
6. Application Security
We utilise strong encryption and modern security protocols to protect data transmitted across public networks.
Sensitive information such as passwords, API credentials, and messaging data are protected through industry-standard cryptographic technologies, helping to ensure confidentiality and integrity during transmission.
All communication between users and our platform is secured using HTTPS with Transport Layer Security (TLS), providing encrypted connections between your browser, applications, and our servers.
| TYPE OF COMMUNICATION | SECURE PROTOCOLS USED | OTHER PROTOCOLS USED |
|---|---|---|
| Between customers and MyMobileAPI APIs | HTTPS, SFTP | HTTP, FTP, SMTP, SMPP |
| MyMobileAPI Control Panel | HTTPS | |
| Between MyMobileAPI and carriers | HTTPS, SMPP-over-SSL, SMPP-over-IPsec | HTTP, SMPP, SIGTRAN |
7. Our Commitment to Security
We continuously invest in our infrastructure, security processes, and operational procedures to maintain a secure and reliable platform for businesses across South Africa. While no system can guarantee absolute security, we follow industry best practices and implement multiple layers of protection to minimise risk and safeguard customer data.
8. FAQ: Security and Data Protection
Is SMS South Africa secure?
Yes. SMS South Africa implements multiple layers of security, including encrypted communications, firewalls, access controls, server hardening, continuous monitoring, regular security updates, and ongoing security testing.
What security measures does SMS South Africa use?
We utilise HTTPS encryption, firewalls, role-based access controls, secure server configurations, system monitoring, vulnerability management, penetration testing, and infrastructure redundancy to help protect customer data and maintain service availability.
How is customer data protected?
Customer data is protected through encryption, logical access controls, firewalls, secure hosting environments, system monitoring, and ongoing security reviews designed to protect against unauthorised access, loss, and misuse.
Is my data stored in South Africa?
Yes. Our infrastructure is hosted within South Africa, helping businesses meet local data residency requirements while benefiting from world-class data centre facilities.
Where are SMS South Africa’s servers hosted?
Our servers are hosted within Teraco’s secure South African data centres, with infrastructure deployed across multiple locations to provide redundancy, resilience, and high availability.
What certifications do your data centres hold?
Our hosting partner, Teraco, operates Tier III+ facilities and maintains internationally recognised certifications including ISO 27001, ISO 9001, SOC 2 Type II, and PCI-DSS compliance.
Do you follow recognised security standards?
Yes. Our security programme is informed by recognised industry frameworks and best practices, including OWASP, NIST, CIS, and CSA guidance.
Do you use encrypted connections?
Yes. All communication between users and our platform is protected using HTTPS and TLS encryption to help safeguard passwords, API credentials, and transmitted data.
How do you protect against unauthorised access?
We use firewalls, logical access controls, role-based permissions, authentication controls, and strict access management procedures. Access to production systems is restricted to authorised personnel and granted on a least-privilege basis.
Who has access to customer data?
Access to customer data is restricted to authorised personnel who require access to perform operational responsibilities. Access permissions are managed according to security best practices and the principle of least privilege.
Do you perform penetration testing?
Yes. Penetration testing is conducted at least annually by both internal teams and independent third-party security specialists to help identify and remediate potential vulnerabilities.
Do you back up customer data?
Yes. We maintain backup and recovery procedures designed to protect critical data and support business continuity in the event of unexpected incidents.
What happens if a server or data centre experiences an outage?
Our infrastructure is designed with redundancy and failover mechanisms to minimise service disruptions and maximise uptime.
How does SMS South Africa help businesses comply with POPIA?
Our platform supports POPIA compliance through secure data handling, controlled access, encrypted communications, and South African data hosting. Customers remain responsible for their own legal compliance obligations.
How often do you review your security controls?
Security is an ongoing process. We continually assess, test, review, and measure our security controls and operational processes to ensure our platform remains aligned with evolving threats and industry best practices.
Discover our powerful Bulk SMS Software and explore our secure Business SMS Solutions trusted by businesses throughout South Africa.