Privacy Policy

UPDATED: 28/10/2025

Company Name: MOBILEOCEAN BILISIM YAZILIM ANONIM SIRKETI
Company Address: NO:11/19 ATATEPE MAHALLESI 3511 SOKAK, ATAKUM 55200 Samsun Türkiye
Contact Info: [email protected]

1. Introduction
MobileOcean Bilişim Yazılım Anonim Şirketi, operating the 2nd Line+ brand, is committed to safeguarding your privacy. This Privacy Policy outlines our dedication to protecting your personal information in full compliance with applicable privacy, data protection, and telecommunications laws — including the General Data Protection Regulation (GDPR) and relevant international standards.
By accessing or using the 2nd Line+ application or its related services, you acknowledge that you have read, understood, and agreed to the terms set forth in this Privacy Policy.

1.1 Compliance with Twilio’s Policies and Guidelines

At 2nd Line+, operated by MobileOcean Bilişim Yazılım Anonim Şirketi, we ensure that all communications and data processing activities conducted through Twilio fully comply with Twilio’s security, privacy, and regulatory standards.
Twilio acts as our data processor, providing the underlying infrastructure for messaging and voice services, while MobileOcean remains the data controller responsible for determining how and why such data is processed.

We strictly follow Twilio’s Acceptable Use Policy, Data Protection Addendum (DPA), and Binding Corporate Rules (BCRs) to guarantee lawful and secure handling of all user data.
Our integration with Twilio is designed in accordance with GDPR principles, telecom regulatory obligations, and Twilio’s platform-specific compliance guidelines.

Data Sharing with Twilio
We may share limited and necessary data with Twilio solely for the following purposes:

• Delivering voice and messaging services.
• Ensuring communication routing accuracy and service reliability.
• Complying with lawful intercept or telecom traceability requirements, where applicable.
  No personal data is shared with Twilio beyond what is required to provide these communication services.

User Rights under Twilio-Integrated Services
Users retain all rights provided under GDPR, including the rights to access, rectify, restrict, and delete their personal data processed through Twilio’s infrastructure.
Requests related to Twilio-managed data can be made directly to [email protected], and MobileOcean will coordinate with Twilio to ensure timely and complete execution.

Twilio’s Compliance Framework
To guarantee global data protection standards, Twilio operates under the following internationally recognized mechanisms:

• Binding Corporate Rules (BCRs) – approved by the EU data protection authorities, governing cross-border data transfers.
• Data Protection Addendum (DPA) – outlining Twilio’s commitments as a data processor under GDPR.
• GDPR Overview – describing Twilio’s approach to privacy compliance and data subject rights.
• Data Transfer Safeguards – ensuring the legality of data transfers between the EU and the U.S.

Commitment to Joint Compliance
MobileOcean and Twilio both implement robust technical and organizational measures — including encryption, secure access control, and audit trails — to maintain the confidentiality, integrity, and availability of user data.

Data Sharing
We may share user data under the following circumstances, adhering to Twilio’s data sharing policies:

• With Twilio as our service provider for delivering communication services.
• With third-party vendors or partners involved in supporting Twilio-integrated functionalities.
• In response to legal obligations or requests, complying with Twilio’s legal and regulatory requirements.

User Rights
Users have the right to:

• Access: Request access to their personal data processed through Twilio’s services.
• Correction: Update or rectify inaccuracies in their data.
• Deletion: Request deletion of their data, subject to Twilio’s data retention policies.

Forbidden Message Categories and Codes Guidelines
We strictly adhere to Twilio’s guidelines on forbidden message categories and codes to prevent filtering or blocking of messages. Please refer to Twilio’s documentation for comprehensive details on the forbidden message categories and coding guidelines to ensure compliance.

2. Consent
By accessing, registering for, or using the 2nd Line+ application and its related services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, processing, and use of your personal data in accordance with its terms.

2.1 Right to Withdraw Consent
You may withdraw your consent at any time by adjusting your in-app privacy settings or by contacting us at [email protected].
Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
However, please note that certain features or services may become unavailable if processing essential data is no longer permitted.

2.2 Other Legal Bases for Processing
In addition to consent, some processing activities are performed under other lawful bases permitted by GDPR, including:

• Contractual necessity — to provide, maintain, and bill for the services you request.
• Legal obligation — to comply with telecom, tax, and anti-fraud regulations.
• Legitimate interest — to prevent abuse, improve service reliability, and ensure network security, provided such interests do not override your fundamental rights and freedoms.

2.3 Transparency of Choice
Before any optional data sharing or new feature requiring additional permissions (such as contacts access, analytics participation, or marketing communication), explicit opt-in consent will be requested within the app.
You will always have the ability to decline or later modify these permissions.

2.4 Restrictions and Limitations
2.1.1 Misuse of Services:
You agree not to misuse the Services provided by 2nd Line+. This includes but is not limited to:
(a) Copying, reverse engineering, disassembling, attempting to derive the source code of, modifying, or creating derivative works of the Licensed Application, Website, or Services, or any part thereof.
(b) Interfering with or disrupting any user, host, or network forming any part of the Services.
(c) Accessing or searching the Services by any means other than the supported interfaces made available to you.
(d) Exploiting the Services in any unauthorized way, such as trespassing or burdening network capacity.
(e) Engaging in unusually high usage of the Services from individual accounts or employing any automated programs such as bots or clones (non person-to-person communications) that may impair our ability to provide the Services.
(f) Performing unusual calling patterns inconsistent with normal, individual use, including regular calls of short duration or calls to multiple numbers in a short period of time.
(g) Using the Services for call-in lines, call centers, conference calling, trunking (to a PBX or otherwise), “spamming”, sending junk or bulk messages, or any other high volume multi-person calling or messaging purposes on Unlimited Subscription plans.

2.1.2 Prohibited Activities:
You shall not engage in any activities that are prohibited by law or that violate the rights of others. This includes but is not limited to:
(a) Using the Services for pornographic, indecent, obscene, defamatory, or other unlawful purposes.
(b) Engaging in Internet activities that would violate the privacy rights of others, including copying, storing, accessing, or using personally identifiable information about another registered user in a way that is inconsistent with our Privacy Policy or these Terms.
(c) Engaging in conduct that restricts or inhibits anyone’s use or enjoyment of the Services, or which may harm the Company or users of the Services.
(d) Sending harassing and/or threatening messages to others or engaging in abusive or disruptive behavior.
(e) Discriminating against or harassing anyone on the basis of race, national origin, religion, gender, sexual orientation, disability, medical condition, marital status, age, or gender identity.

2.1.3 Monitoring and Enforcement:
The Company reserves the right to monitor access to and use of the Services for purposes such as securing and improving the Services, fraud prevention, risk assessment, investigation, customer support, and ensuring compliance with these Terms. We may refuse service, terminate accounts, remove or edit content, and revoke your license if you fail to comply with these Terms or engage in illegal or criminal behavior.

2.1.4 Emergency Calling:
Please note that the Services provided by 2nd Line+ are not intended for emergency calling, including 911 or other emergency numbers. You must use your primary number or cell phone for emergency calls. By using the Services, you acknowledge and agree that the Company is not liable for any claims, damages, or losses arising from attempts to dial 911 or make emergency calls using the Services.

IMPORTANT: Usage of Contact List Data
We understand the importance of privacy and want to be transparent about how we handle your information. With your explicit permission, our application may request access to your device’s address book and contacts, if available (collectively referred to as “Contact Data”). It is crucial to note that this Contact Data is managed exclusively locally on your device and is not collected, transmitted, or stored by our service on any external servers, databases, or third-party platforms.

If you want to send a message or make a call to another number in addition to your contacts, you need to save this number in our application. While recording this number, we keep the name, surname and number information on our own servers. However, we would like to point out that this information is completely independent of your contacts data.

We want to assure you that your Contact Data remains within the confines of your device’s memory and is only utilized for the specific features and functionalities provided by our application. Importantly, our application does not engage in any form of data harvesting, and we do not transfer, share, or sell your Contact Data to any third parties. Furthermore, in the event that you choose to uninstall our application, all associated Contact Data stored on your device will be promptly and permanently deleted, ensuring a clean and complete removal of any information related to our app.

3.Information We Process

There are several categories of information that can be processed.
Functional Information and Information that you submit
We ask for and collect the following personal information about you when you use the App. This information is necessary for the adequate performance of the contract between you and us. Without such information it is impossible to provide complete functionality of the App and perform the requested services.

• Authorization and/or Account Information: email and other data (name, address) that is needed for compliance with applicable local laws. Please mind that in some countries due to specific local regulation, addresses are validated to ensure the integrity and accuracy of the data provided.
• Activity Information, e.g. your contacts created through the App, call logs and recordings of calls, logs and records of text messages, origination and termination points (i.e. to/from numbers), history of incoming and outgoing calls performed and messages sent/received with the help of the App, the list of second phone numbers you ever used through the App. Upon your permission we also may have technical access to the microphone and contact list on your device.

We collect information from various sources to provide and improve our services. The information collected includes, but is not limited to:

• Registration/Profile Information: Phone number, avatar name, and profile picture.
• Contact Information: Email address, communication history, and identity verification for specific countries.
• Usage Information: Interactions with the app, SMS/MMS content, call details, and greetings.
• Billing Information: Payment details processed by third-party providers (e.g., Apple, Google, Stripe).
• Information from Third Parties: Data shared with permission from third-party integrations (e.g., Dropbox, Slack).

4. Use of Information
We utilize the collected information for purposes including:

• Identity verification and authentication.
• Registration and payment processing.
• Providing, optimizing, and operating our services.
• Responding to customer requests and complaints.
• Sending newsletters, marketing information, and email notifications.
• Analyzing user behavior for research and improvement.
• Investigating fraud, security breaches, and harmful activities.

4.1 Identity Verification
In order to comply with applicable laws and prevent fraud, we may verify your identity using a third-party service provider, Persona, which may collect and process your personal information (e.g., government-issued ID, facial biometrics, etc.) on our behalf. Your data is handled securely and only used for verification purposes. Persona is fully GDPR-compliant and SOC 2 Type II certified, ensuring the secure handling of all sensitive identification data. Persona’s framework aligns with ISO 27001 standards for information security management. All verification data is processed within the scope of these certifications and automatically deleted once the verification process is complete.
Users may view Persona’s certification details and policies here:

Persona Compliance Overview

Persona Privacy Policy

5. Information Sharing
At 2nd Line+, we are committed to full transparency regarding how and when your information may be shared.
We share personal information only when it is necessary, lawful, and proportionate to provide our services, comply with regulations, or protect users and our platform.
We never sell, rent, or trade personal data to third parties for marketing purposes.

We may disclose information under the following circumstances:

1. Within Our Organization
   Your information may be shared internally within MOBILEOCEAN BİLİŞİM YAZILIM ANONİM ŞİRKETİ and its authorized departments (engineering, compliance, customer support, and billing) solely for legitimate operational and service-improvement purposes.
   Access to user data is strictly limited to trained personnel under confidentiality agreements and role-based permissions.
2. To Trusted Third-Party Service Providers
   We collaborate with carefully selected third-party providers that support the operation, security, and performance of the 2nd Line+ platform.
   These partners are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) to ensure lawful processing and cross-border data protection.
   Key providers include:
   • Twilio – Provides voice and messaging infrastructure under Binding Corporate Rules (BCRs) and a signed Data Protection Addendum (DPA).
   • Persona – Handles KYC and identity verification, operating under SOC 2 Type II and ISO 27001 certifications.
   • Firebase (Google) – Delivers analytics, crash reporting, and push notifications under Google’s EU Model Clauses.
   • Airalo – Manages eSIM services under GSMA SAS-SM compliance standards.
   • OnlineSim may be used as a secondary technical provider to improve the delivery of one-time passwords (OTP) when primary channels are restricted. No personal, identity, or KYC data is ever shared with OnlineSim. The provider’s role is limited solely to the assignment and routing of virtual numbers, and only non-personal metadata (e.g., number allocation history) is stored within our systems for troubleshooting and delivery tracking purposes.
3. For Legal and Regulatory Compliance
   We may disclose data when required by applicable laws, lawful government requests, or court orders.
   This includes cooperation with telecom, data protection, or financial regulators to fulfill legal obligations such as fraud prevention, number allocation rules, or emergency service reporting.
4. With Your Explicit Consent
   Certain optional integrations or features (e.g., third-party backups or linked services) may require explicit consent before data sharing.
   Such consent is collected transparently within the app, and users can withdraw it at any time by contacting us or adjusting in-app settings.
5. For Business Continuity or Corporate Transactions
   In the event of a merger, acquisition, restructuring, or transfer of assets, your information may be securely transferred as part of the transaction.
   In all cases, we ensure continued adherence to this Privacy Policy, and users will be informed in advance of any significant changes to data management practices.
6. Cross-Border Data Transfer Safeguards
   All international data transfers are carried out under GDPR-compliant mechanisms, including Twilio’s Binding Corporate Rules (BCRs) and signed Standard Contractual Clauses (SCCs).
   These measures guarantee that your data remains protected and subject to the same high level of privacy safeguards, regardless of where processing occurs.

6. Retention and Access
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal and regulatory requirements, resolve disputes, and maintain the integrity of our services.
All retention practices are guided by the principles of data minimization, purpose limitation, and storage limitation as defined under the General Data Protection Regulation (GDPR).

7. Security
We prioritize the security of your personal information and employ measures to prevent unauthorized access, use, or disclosure. While we strive for security, complete protection cannot be guaranteed due to the inherent nature of the internet.

8. Accuracy
We make efforts to ensure the accuracy of your personal information. You can update, correct, or delete your information by contacting [email protected].

9. Minors’ Safety
We do not knowingly collect personal information from individuals under the age of 16. If you are a parent or guardian and discover your Minor has provided us with information, please contact us at [email protected].

10. Questions and Complaints
For questions or concerns regarding our Privacy Policy, contact us at [email protected].

11. Changes to the Privacy Policy
This Privacy Policy may be updated periodically. We encourage you to review this page for any changes. Your continued use of the 2nd Line+ app after modifications constitutes acceptance of the updated Privacy Policy.