How SMSLite meets its regulatory obligations and how we help you meet yours.
SMSLite operates as a South African SMS service provider and is subject to several regulatory frameworks. We take compliance seriously — both for ourselves and for the businesses that use our platform.
We are fully aligned with POPIA (Act 4 of 2013). We have appointed an Information Officer, maintain a data processing register, and adhere to all eight conditions of lawful data processing.
We comply with ICASA regulations governing commercial electronic communications, including opt-out mechanisms, sender identification, and prohibitions on sending to Do Not Contact lists.
Our platform complies with the Electronic Communications and Transactions Act 25 of 2002, including requirements for unsolicited commercial communications.
We do not store cardholder data. All payments are processed through PCI DSS-compliant gateways (Yoco and PayFast). We are not in scope for PCI DSS ourselves as a result.
For customers sending to international numbers, we apply the stricter of SA regulations and international anti-spam standards, including opt-out honouring and sender identification.
SMSLite (Pty) Ltd is a registered company in South Africa with the Companies and Intellectual Property Commission (CIPC). We maintain all required statutory filings.
When you use SMSLite to send SMS messages, you also take on certain compliance responsibilities. Here is what you must do as a sender:
You must have documented, verifiable consent from each recipient before sending marketing messages. Consent must be specific, voluntary, and informed.
Every marketing SMS must clearly identify the sender. Do not send messages that obscure your identity or appear to come from a different company.
If a recipient replies STOP or requests removal, you must immediately cease sending to that number. SMSLite provides opt-out tools to help you manage this.
Keep records of consent for all contacts. Under POPIA, you must be able to demonstrate lawful basis for processing if audited by the Information Regulator.
Sending to numbers obtained from purchased or scraped lists is prohibited on SMSLite and illegal under POPIA. Use only lists built with genuine opt-in consent.
ICASA regulations restrict sending commercial SMS messages between 20:00 and 08:00 on weekdays, and between 20:00 and 09:00 on weekends.
If you believe someone is misusing SMSLite to send spam, phishing messages, or other non-compliant communications, please report it to us. We investigate all reports and take action where violations are confirmed.
Our team can help you set up compliant SMS campaigns and ensure your processes meet POPIA and ICASA requirements.
Contact our Compliance Team