API to SMS
Back to Home

Privacy Policy

Last updated: April 2, 2026

1. Introduction

API to SMS ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SMS gateway API service. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

API to SMS acts as the data controller for personal data collected through our platform. For questions about this policy or to exercise your data rights, please contact us at:

Email: privacy@apitosms.com

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Account Information

  • Name and email address
  • Password (stored securely hashed)
  • Google account ID (if using Google Sign-In)
  • Two-factor authentication settings

3.2 SMS and Contact Data

  • Phone numbers of message recipients
  • SMS message content
  • Contact names, phone numbers, and email addresses
  • Contact list information

3.3 Payment Information

  • Billing name and email
  • Payment card last four digits and brand (full card details are processed by Stripe)
  • Invoice and billing address
  • Transaction history

3.4 Technical Data

  • IP address
  • Browser type and device information
  • API request logs
  • Session data

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide our SMS gateway services to you
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: For optional features and marketing communications (where applicable)

5. How We Use Your Data

We use your personal data to:

  • Provide and maintain our SMS gateway service
  • Process your SMS messages and deliver them via your connected devices
  • Manage your account and subscription
  • Process payments and generate invoices
  • Send service-related notifications
  • Provide customer support
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

6. Third-Party Services

We share data with the following third-party service providers:

Stripe (Payment Processing)

Processes payments and stores payment card information securely. Stripe Privacy Policy

Google (Authentication)

Used for Google Sign-In authentication. Google Privacy Policy

Google reCAPTCHA (Bot Protection)

Protects forms from automated abuse. May collect device and browsing data. Google Privacy Policy

7. Data Retention

We retain your data for the following periods:

  • Account data: Until you delete your account
  • SMS message logs: Basic plan: 1 day, Pro plan: 365 days
  • Payment records: 7 years (legal requirement)
  • Session data: 2 hours of inactivity
  • API request logs: 30 days

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please visit your account's Data Management page or contact us at privacy@apitosms.com. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing
  • Two-factor authentication option
  • Regular security updates
  • Access controls and authentication

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Cookies

We use cookies and similar technologies to operate our service. For detailed information about the cookies we use, please see our Cookie Policy.

12. Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@apitosms.com

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.