Nautalex Business Services Inc. — SMS Communication Policy

1. Purpose

The purpose of this policy is to define the proper, secure, and compliant use of SMS (Short Message Service) and mobile messaging when communicating on behalf of Nautalex Business Services Inc. This ensures protection of client data, consistent professional standards, and alignment with Nautalex’s security and privacy obligations.

2. Scope

This policy applies to:

  • All Nautalex employees, contractors, and authorized representatives

  • All corporate-owned and personally owned devices used for business communication

  • Any SMS, MMS, RCS, or mobile text-based messaging platform used for business purposes

3. Approved Use Cases

SMS communication may only be used for:

  1. Time-sensitive notifications, such as:

    • Appointment reminders

    • Urgent service disruptions

    • Two-factor authentication (2FA) codes

  2. Client support updates, when email or phone contact is unavailable.

  3. Internal operational alerts where SMS is the fastest reliable channel.

Any use of SMS must be business‑related and must maintain Nautalex's professional standards.

4. Prohibited Use

The following are strictly prohibited:

  • Sending confidential, personal, or sensitive data (e.g., passwords, PHI, financial info).

  • Using SMS for long-form communication better suited for email or Teams.

  • Transmitting internal strategy, security details, or proprietary information.

  • Using personal phone numbers for business messaging without approval.

  • Engaging in SMS communication with clients without their explicit consent.

5. Security Requirements

5.1 Device Security

All devices used for SMS communication must:

  • Be protected with a passcode, biometric lock, or equivalent security control

  • Have mobile OS security updates applied regularly

  • Enable remote wipe if the device contains business contact information

5.2 Message Handling

Users must:

  • Avoid clicking links received in unsolicited or unexpected text messages

  • Immediately report suspicious SMS messages to IT/security

  • Delete SMS messages containing operationally sensitive information once logged

6. Client Consent & Compliance

Nautalex employees must ensure:

  • SMS communication is conducted only with client choice and explicit opt‑in

  • Clients may opt out at any time

  • SMS communication adheres to Canadian Anti‑Spam Legislation (CASL)

  • Documentation of consent must be recorded in the appropriate CRM or support system

7. Record Retention

  • SMS messages related to business decisions, support cases, or agreements must be documented in the official Nautalex system (Teams, email, CRM, support ticketing).

  • SMS itself is not an approved system of record.

8. Professional Conduct

All SMS messages must reflect Nautalex’s values:

  • Professional, concise, and respectful

  • Free from slang, emojis (unless previously agreed upon with the client), or informal tone

  • Consistent with Nautalex’s brand identity and service standards

9. Monitoring & Enforcement

  • Nautalex reserves the right to review SMS use conducted on corporate devices.

  • Violations may lead to disciplinary action, up to and including revocation of mobile privileges or termination, depending on severity.

10. Policy Review

This policy will be reviewed annually or sooner if required by changes in technology, security standards, or regulatory requirements.