Privacy Policy
Your absolute privacy is our highest priority. Learn how we handle and protect your secure data.
1. Introduction
SMS OTPS ("we," "us," or "our") operates the website smsotps.com and its related cloud telecommunications and temporary virtual number verification systems. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access and use our platform. By registering and utilizing our services, you consent to the data practices described in this Policy.
2. Information We Collect
We collect information that you provide to us directly, as well as information collected automatically when you use our platform:
- Account Information: Full name, email address, and hashed password provided during registration.
- OAuth Data: If you register or log in using Google OAuth (Google Sign-In), we receive your email address and display name from Google's API to authenticate your identity and create your account. We do not access, collect, or store any other private Google data or files.
- Network & Security Logs: Your last known login IP address, login timestamps, and session tokens — used to secure your account and detect fraudulent access.
- Payment Records: Transaction IDs, deposit amounts, and payment status from our third-party payment gateways (Stripe and Cryptomus). We do not store, process, or have access to credit card numbers, CVV codes, or private crypto keys.
- Usage Data: Activation order history, temporary numbers requested, and dashboard activity for billing and abuse prevention.
3. How We Use Your Information
Your data is used solely to provide, maintain, improve, and secure our temporary virtual number services. Specifically, we use your data:
- To create and manage your client account and activation orders.
- To enforce rate limits, Cloudflare Turnstile bot-detection, and abuse controls.
- To process balance deposits and manage transaction ledgers.
- To send transactional emails such as verification OTPs, password resets, and account updates.
- To monitor platform performance, detect fraudulent activity, and ensure network reliability.
- To comply with applicable legal obligations, court orders, or regulatory requirements.
We do not use your personal data for advertising, remarketing, or selling to third-party marketing platforms.
4. Cookies and Web Analytics
We use strictly necessary session cookies to maintain your authenticated dashboard session and preserve security state. We also integrate Cloudflare Turnstile on authentication forms to distinguish human users from automated bots without tracking personal behavior. We do not use advertising cookies, cross-site tracking, or behavioral analytics platforms (such as Google Analytics).
5. Virtual Number Logs Retention & Log Pruning
To maximize operational safety and protect our users, we do not log or store temporary virtual number transactions longer than is strictly necessary to fulfill the temporary OTP verification task. Once an active lease order terminates, expires, or is cancelled, associated carrier routes are disconnected and purged immediately from memory. Connection logs (including routing calls, timestamps, and data transfers) are retained for up to 90 days for abuse prevention, security troubleshooting, and legal compliance, after which they are automatically pruned.
6. Data Sharing & Law Enforcement Disclosures
We do not sell, rent, or trade your personal information. We may share minimal necessary data with trusted third-party service providers solely to operate our platform (Stripe for credit card payments, Cryptomus for crypto deposits, Cloudflare for security, and Google OAuth for registration).
Law Enforcement Cooperation: We cooperate fully with law enforcement and regulatory authorities. We reserve the right to disclose any collected information — including account profiles, registration details, payment history, last known IP addresses, and API logs — if required to do so by a valid subpoena, court order, search warrant, or regulatory demand.
7. Security Measures
We implement industry-standard security measures to protect your data, including SSL/TLS encryption for all data transmitted between your browser and our servers, bcrypt salted password hashing (we never store plain-text passwords), Cloudflare enterprise-grade DDoS protection, and restricted database access with role-based permission controls.
8. Your Rights
Depending on your jurisdiction, you may have the right to request access to, correction of, or deletion of the personal data we hold about you, or to request your data in a portable format. To exercise any of these rights, please contact our support team.
9. Age Requirement & Minors
SMS OTPS services are strictly not directed to or intended for individuals under the age of 18. If we become aware that a child under 18 has provided us with personal data without parent/guardian consent, we will take immediate action to delete that information and close the associated account.
10. Contact Us
If you have any questions or concerns regarding this Privacy Policy, please contact our privacy team at support@smsotps.com.