Privacy Policy

Plain English summary: Simba is a B2B API. We process phone numbers on behalf of the businesses that integrate our service. We do not sell personal data, we do not send marketing messages to end users, and we do not collect more information than we need to do our job.

1. Who we are

Simba ("Simba", "we", "us", "our") is a SIM-based authentication API operated by Simba Technologies, a business registered in Dubai, UAE. Our API enables fintech companies and mobile money operators to verify phone numbers and detect SIM swap fraud through carrier-level signals.

For questions about this policy, contact us at privacy@simbaauth.io.

2. How our service works

Simba operates as a B2B infrastructure provider. Our customers are businesses ("Operators") who integrate our API into their own products. End users interact with our customers' products — not directly with Simba.

When an Operator uses Simba's API to verify a phone number, Simba acts as a data processor on behalf of that Operator. The Operator is the data controller responsible for obtaining consent from their end users and for their own privacy practices.

3. Information we process

When Operators make API requests, Simba may process the following information:

Phone numbers — submitted by Operators for verification or SIM swap checking
API request metadata — timestamps, endpoint called, response codes, latency
IP addresses — of the Operator's servers making API calls
Carrier signals — SIM swap status and verification results returned from carrier APIs

We do not collect names, email addresses, financial data, or any other personal information about end users beyond the phone number submitted in an API request.

4. How we use information

Simba uses the information it processes solely to:

Deliver the API service requested by the Operator
Detect and prevent fraud, abuse, and misuse of our platform
Monitor service reliability, performance, and uptime
Comply with applicable legal obligations

We do not use end-user phone numbers for marketing, profiling, or any purpose beyond delivering the requested verification result.

5. Data retention

API request logs — including phone numbers submitted for verification — are retained for a maximum of 90 days for operational and debugging purposes, after which they are permanently deleted.

Aggregate, anonymised performance metrics may be retained indefinitely. These cannot be used to identify individual end users.

6. Data sharing

Simba shares data only in the following circumstances:

Carrier APIs — phone numbers are transmitted to carrier network APIs (e& UAE, MTN Chenosis, D7 Networks) to obtain verification results. These carriers have their own privacy policies and operate under applicable telecommunications regulations.
Infrastructure providers — we use cloud hosting and monitoring services to operate the API. These providers process data only under our instruction and are bound by data processing agreements.
Legal requirements — we may disclose information if required to do so by law, court order, or legitimate government authority.

We do not sell personal data to third parties under any circumstances.

7. Security

Simba implements industry-standard security measures to protect the data we process:

All API traffic is encrypted in transit via TLS 1.2 or higher
API keys are required for all authenticated endpoints
Server access is restricted and monitored
Credentials and secrets are stored as environment variables, never in source code

No system is perfectly secure. If you become aware of a security vulnerability, please report it to security@simbaauth.io.

8. Operator responsibilities

Operators who integrate Simba's API are responsible for:

Obtaining appropriate consent from their end users before submitting phone numbers to Simba
Maintaining their own privacy policy that accurately describes their use of verification services
Complying with applicable data protection laws in the jurisdictions where they operate
Only submitting phone numbers they have a legitimate right to process

9. International data transfers

Simba's infrastructure is hosted in the European Union (Helsinki, Finland). By using our API, Operators acknowledge that data may be processed outside their home jurisdiction in accordance with this policy.

10. Your rights

If you are an end user who believes your phone number has been processed through Simba's service, you should contact the Operator (the business whose product you are using) to exercise your data rights. As a data processor, Simba will assist Operators in responding to valid data subject requests.

Operators may contact privacy@simbaauth.io for assistance with data subject requests.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to Operators via email or through the Simba dashboard. Continued use of the API after changes are posted constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests, contact us at privacy@simbaauth.io or write to:

Simba Technologies
Dubai, UAE
simbaauth.io