Privacy Policy
Last updated: May 17, 2026
This English version is provided for convenience. In case of any discrepancy between the English and Russian versions, the English version shall prevail.
We take the protection of your data seriously. This policy describes what data we collect, why, and how we protect it.
1. What Data We Collect
| Category | What and why |
|---|
| Registration | Email, name, password hash. For authentication. |
| OAuth | Provider ID, email, name, avatar. For sign-in via Google / Mail.ru / Yandex / VK / GitHub. |
| SMS messages | Content and metadata of SMS intercepted by your Android app. For forwarding to channels. |
| Push notifications | Title, body, source name. Only if collection is enabled. |
| Devices | Device ID, model, Android version, IP. For management and diagnostics. |
| Billing | Email and customer ID at the payment processor (Stripe / YooKassa / NowPayments). We do NOT store card details. |
| Technical logs | IP address, user agent, request timestamp. Retained for 30 days for security purposes. |
2. How We Use the Data
- Providing the Service's functionality (SMS forwarding).
- Authentication and account protection.
- Billing and tax reporting.
- Transactional notifications (verification, password reset, billing).
- Security and abuse prevention.
We do NOT sell your data to third parties and do not use SMS content for advertising or any purpose other than forwarding it to the channels you specify.
3. Multi-tenant Isolation
All your data is stored scoped to the tenant_id of your workspace. It is technically impossible to access another user's data through the standard API. Service administrators access the database only for diagnostics requested by you.
4. Retention and Deletion
- SMS retention depends on your plan (7 days — Free, 90 days — Pro, 1 year — Business).
- After account deletion, all your data is removed within 30 days.
- Technical logs are retained for 30 days regardless of plan.
- Backups are kept for up to 14 days.
5. Sharing with Third Parties
We use third-party services to operate the Service:
- Cloudflare — CDN, protection, TLS termination. Sees request metadata, not SMS content.
- Stripe / YooKassa / NowPayments — payment processors. Receive only data necessary to process payments.
- Resend — transactional email delivery.
- OAuth providers — Google, Mail.ru, Yandex, VK, GitHub. Receive only authentication requests.
6. Your Rights
- Request a copy of your data (write to [email protected]).
- Delete your account via settings.
- Withdraw consent for marketing emails (if you opted in).
7. Cookies
We use only functional cookies for authentication (JWT in localStorage). There are no marketing cookies. Cookie consent is not required.
8. Security
- All connections use HTTPS / TLS 1.3.
- Passwords are stored as bcrypt hashes (cost 10).
- JWT with expiration; refresh on re-login.
- Cloudflare WAF and rate limiting on the API.
9. Policy Changes
We will notify you of material changes by email at least 30 days in advance.
10. Contact
For privacy questions: [email protected]
← Back to home