Contrast Collective

Privacy Notice for SMS Messaging Services

Go Beyond SAPI de C.V.

Calle Nak Be, lote 16, Aldea Zama, Tulum, Quintana Roo 77760, Mexico

Contact: hq@contrast-collective.com

Date of Last Update: January 11, 2026

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, "LFPDPPP") and its Regulations, Go Beyond SAPI de C.V. ("Go Beyond," "we," "us," or "our"), as the data controller, provides this Privacy Notice to inform you about how we collect, use, disclose, and protect your personal data in connection with our SMS messaging services. This Notice applies to personal data collected when you opt-in to receive SMS messages from us, such as marketing promotions, alerts, or notifications.

We are committed to processing your personal data lawfully, fairly, and transparently, in accordance with the principles of lawfulness, consent, information, quality, purpose, loyalty, proportionality, and responsibility established under the LFPDPPP. By providing your consent to receive SMS messages (e.g., via website signup, verbal agreement, or other opt-in methods), you acknowledge that you have read and understood this Privacy Notice.

1. Personal Data We Collect

We collect the following personal data for our SMS services:

  • Your mobile phone number.
  • Any information you voluntarily provide in SMS responses, such as preferences or feedback.
  • Metadata related to your interactions, including timestamps, IP addresses (if applicable during opt-in), and opt-in/opt-out records.

We do not collect sensitive personal data (e.g., data revealing racial or ethnic origin, health status, or religious beliefs) through our SMS services unless explicitly stated otherwise in a separate notice.

Personal data is collected directly from you at the time of opt-in or through your interactions with our messages. We do not collect data from third parties for these purposes without your prior consent.

2. Purposes of Processing Your Personal Data

We process your personal data for the following primary purposes, which require your consent:

  • Sending SMS messages for marketing, promotions, product updates, or event notifications.
  • Managing your subscription preferences, including confirming opt-ins and processing opt-outs.
  • Improving our services by analyzing engagement metrics (e.g., open rates or responses).

Secondary purposes that do not require separate consent (but for which we still provide transparency):

  • Complying with legal obligations, such as retaining records for audits or responding to authorities.
  • Defending our rights in legal proceedings.

If we intend to use your data for a new purpose not listed here, we will obtain your prior consent or provide an updated Privacy Notice.

3. Consent and Opt-In

Your explicit consent is required for processing personal data for marketing and SMS delivery purposes. Consent is obtained through clear opt-in methods, such as:

  • Checking a box on our website or app.
  • Replying "YES" or a similar affirmative keyword to an initial SMS.
  • Verbal or written agreement during in-person interactions.

We retain proof of consent, including timestamps and details of the opt-in process, as required by law. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal (see Section 7 for details).

Under Mexican consumer protection laws (administered by PROFECO), we respect the Public Registry to Avoid Advertising (REPEP) and will not send marketing messages to registered numbers.

4. Sharing and Transfer of Personal Data

We may share your personal data with:

  • Service providers, such as SMS gateway providers (e.g., Twilio), for message delivery and technical support. These providers are bound by data processing agreements that ensure compliance with LFPDPPP and include confidentiality obligations.
  • Affiliates or subsidiaries of Go Beyond for internal administrative purposes.
  • Government authorities when required by law (e.g., for investigations or compliance).

Data may be transferred internationally (e.g., to servers in the United States for SMS processing). In such cases, we ensure adequate protection through standard contractual clauses or other mechanisms approved under the LFPDPPP. We do not sell or rent your personal data to third parties.

5. Data Security

We implement administrative, technical, and physical security measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. These include encryption for transmissions, access controls, and regular security audits. All personnel and processors involved in handling your data are bound by confidentiality agreements, which remain in effect even after their relationship with us ends.

In the event of a data breach that significantly affects your rights, we will notify you and the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) as required by law.

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this Notice or as required by law. For SMS subscribers, this is typically until you opt-out, plus a reasonable period for record-keeping (e.g., 5 years for legal compliance). After this, data is securely deleted or anonymized.

7. Your Rights (ARCO Rights)

Under the LFPDPPP, you have the following rights regarding your personal data:

  • Access: Request information about the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Cancellation: Request deletion of your data when it is no longer necessary or if consent is withdrawn.
  • Opposition: Object to processing for specific purposes, including marketing.

To exercise these rights or revoke consent, contact us at hq@contrast-collective.com or our physical address listed above. Please provide proof of identity and details of your request. We will respond within 20 business days, extendable once for an equal period. There is no fee for these requests unless they are manifestly unfounded or excessive.

For opposition to marketing (opt-out), you can also:

  • Reply "STOP" to any SMS message to unsubscribe immediately. We will send one confirmation message and cease further communications.
  • Register with PROFECO's REPEP to block marketing contacts.

8. Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes in our practices or legal requirements. Updates will be posted on our website with the effective date. If changes are material, we will notify you via SMS or email (if provided). Continued use of our SMS services after changes constitutes acceptance.

9. Governing Law and Dispute Resolution

This Privacy Notice is governed by the laws of Mexico. Any disputes shall be resolved by the INAI or competent courts in Quintana Roo, Mexico.

If you have questions or complaints, contact us first. You may also file a complaint with the INAI at www.inai.org.mx.

This is the comprehensive version of our Privacy Notice. A simplified version is available during opt-in processes, summarizing key points and linking to this full Notice.