Consent Addendum
User Phone Number Consent Addendum
EasyOTP (Operated by Braintech Corporation Private Limited)
Effective: August 2025
1. Purpose
This User Phone Number Consent Addendum ("Addendum") governs the conditions under which EasyOTP (operated by Braintech Corporation Pvt. Ltd.) shares an End User’s phone number with a Vendor during authentication (Auth, OTP, Magic Link, QR) or A2P messaging transactions. It supplements the EasyOTP Data Processing & Compliance Agreement.
2. Consent Collection
• EasyOTP will present a clear consent dialogue within the EasyOTP mobile application when a User scans a Vendor’s QR code or attempts first-time login using other methods like OTP and Magic link.
• The dialogue shall state: 'By continuing, you agree to share your phone number with [Vendor Name].'
• The User must affirmatively choose to Continue or Cancel.
• A clickable link to the EasyOTP Privacy Policy and Terms of Service is included in every consent dialogue.
• Consent is logged with timestamp, IP address, device ID, and Vendor identifier.
3. Vendor Restrictions on PII Use
By accepting this Addendum, the Vendor agrees:
• To use the User’s phone number solely for authentication or authorized A2P messaging purposes.
• Not to use, sell, transfer, or repurpose the phone number for marketing, profiling, or any secondary purpose.
• To implement technical and organizational measures ensuring that phone numbers are processed only for intended purposes.
• To immediately cease using the phone number if consent is revoked.
4. Withdrawal of Consent
• Users may withdraw consent at any time within the EasyOTP mobile application.
• Upon withdrawal, EasyOTP will:
– Record the withdrawal event in its consent database.
– Notify the Vendor via:
βͺ Real-time webhook notification (if enabled by the vendor); and
βͺ Backup email alert.
• The Vendor is obligated to:
– Terminate all active sessions of the affected User within 24 hours.
– Purge any phone number data previously received unless retention is legally required.
– Not attempt to silently reauthenticate without renewed consent.
5. Vendor Technical Obligations
• Vendors should implement the EasyOTP Consent Status Webhook to receive real-time updates (recommended)
• The webhook response must be acted upon immediately for session termination or consent re-prompt.
• EasyOTP may also provide the consent status alongside the standard authentication API response to ensure redundancy.
• Failure to implement these measures constitutes a material breach of this Agreement.
6. Compliance & Legal Basis
This Addendum ensures compliance with global privacy frameworks, including:
• GDPR (EU/EEA) – Articles 6 & 7 (lawful basis & consent).
• DPDP Act (India) – Explicit consent requirements.
• CCPA/CPRA (California, U.S.) – Notice and opt-out requirements.
• HIPAA (where applicable) – Limitation on use of PHI.
• ePrivacy and telecom consent frameworks.
7. Enforcement & Liability
• Vendors found misusing User phone numbers or failing to honor withdrawals will be subject to account suspension or termination.
• EasyOTP reserves the right to audit Vendor compliance on request.
• Vendors shall indemnify EasyOTP against claims arising from their misuse of User phone numbers.
8. Updates
EasyOTP may update this Addendum from time to time. Material changes will be communicated to Vendors and take effect upon digital acceptance at the next login or onboarding event.
9. Version Control
|
Version |
Date |
Description of Changes |
Approved By |
|
1.0 |
Aug 2025 |
Initial release of User Phone Number Consent Addendum. |
Legal/Compliance |