Privacy Policy

We collect the following categories of data:

Account data: Your email address and hashed password when you create an account.

Payment data: Transaction amounts, payment method type (e.g., card, crypto), and last four digits of payment instruments where applicable. We do not store full card numbers. Payment processing is handled by third-party providers.

Usage data: Records of activations including service type, country, number assigned, timestamp, and activation outcome (success or failure). This data is used to operate the service and process refunds.

Technical data: IP addresses, browser/client information, and session data collected for security and fraud prevention purposes.

We use collected data to:

- Provision and operate the virtual number service - Process payments and apply credits to accounts - Detect and prevent fraud, abuse, and terms violations - Respond to support requests - Comply with legal obligations

We do not use your data for advertising. We do not build behavioral profiles for marketing purposes.

We do not sell, rent, or trade your personal data to third parties.

We may share data with:

- Payment processors, solely to process transactions - Infrastructure providers (hosting, CDN) who process data on our behalf under confidentiality agreements - Law enforcement or regulatory authorities when required by applicable law

Any third parties we work with are required to handle data in a manner consistent with this policy.

We use minimal, functional cookies only. These are necessary for:

- Maintaining your login session - Security (CSRF protection) - Basic analytics (page views, not tied to individual profiles)

We do not use third-party advertising cookies or tracking pixels. You can disable cookies in your browser, but this will prevent login from working.

Account data is retained for as long as your account is active. Activation logs are retained for 12 months for fraud detection and support purposes, then deleted.

Payment records may be retained longer where required by financial regulations in applicable jurisdictions.

If you delete your account, personal data is removed within 30 days. Anonymized aggregate data may be retained indefinitely.

Depending on your jurisdiction, you may have the right to:

- Access the personal data we hold about you - Request correction of inaccurate data - Request deletion of your account and associated data - Object to certain types of processing - Export your data in a machine-readable format

To exercise any of these rights, contact us at privacy@sms-activate.dev. We will respond within 30 days.

We apply industry-standard security measures including encryption in transit (TLS), hashed password storage, and access controls on internal systems.

No system is perfectly secure. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

We may update this policy from time to time. Material changes will be indicated by a revised effective date. Continued use of the service after changes constitutes acceptance of the updated policy.