smsdora
← Back to homepage

Privacy Policy

This policy explains how smsdora collects, uses, stores, and protects your personal information when you use our platform.

Last updated: April 20, 2025

Introduction

This Privacy Policy describes how smsdora ("smsdora," "we," "us," or "our") collects, uses, and shares information in connection with your use of the smsdora platform, website, and related services (collectively, the "Service").

smsdora is a device-based SMS gateway platform that enables users to send and receive SMS messages through connected Android devices. By using the Service, you agree to the collection and use of information in accordance with this policy.

If you have questions about this policy, you can contact us at support@smsdora.com.

Information We Collect

Account Information

When you create an account, we collect your full name, email address, and password (stored in hashed form). If you sign in using Google OAuth ("Sign in with Google"), we receive your name, email address, and Google profile photo from Google. We do not store your Google password.

Billing & Payment Information

If you subscribe to a paid plan, billing is handled entirely by Stripe, our third-party payment processor. We do not store your payment card details on our servers. We receive and store non-sensitive billing metadata from Stripe, including your subscription plan, billing interval (monthly or yearly), subscription status, current period start/end dates, and Stripe customer and subscription IDs. This data is used to manage your access to the Service.

Stripe may also send us webhook events (e.g., payment succeeded, subscription cancelled) which we process to update your account status. All webhook payloads are verified using Stripe's signature mechanism before processing.

Device Information

When you register an Android device with the platform, we collect device identifiers, device name, brand, model, Android version, companion app version, SIM card details (label, slot, and optionally phone number), battery status, and connectivity status. This information is required to manage device-based SMS dispatch operations and display device status in your dashboard.

Outbound Message & Operational Data

The platform processes operational metadata related to SMS messages you send through the Service. This includes recipient phone numbers, message status (queued, dispatched, sent, delivered, failed), timestamps, device attribution, failure reasons, and source identifiers (API, dashboard, campaign).

Message content may be temporarily stored as part of the dispatch workflow and retained in logs for operational visibility. We do not sell or use message content for advertising purposes.

Incoming SMS Data

If you use the incoming SMS feature, your connected Android devices may receive inbound SMS messages from third parties and forward them to the platform. We store the sender's phone number, message content, timestamp, receiving device identifier, and SIM slot information. This data is displayed in your inbox dashboard and is retained in accordance with our data retention policy. You are responsible for ensuring that you have the appropriate rights and consents to process any incoming messages received through the Service.

Webhook Data

If you configure outbound webhooks (where the platform sends delivery notifications to your own endpoints), we store the webhook endpoint URL, associated events, and delivery attempt logs. We do not store the full response bodies returned by your webhook endpoints.

API & Technical Data

If you use the REST API, we log API key identifiers, request counts, rate limit data, and IP addresses for security and operational monitoring. API key secrets are stored in hashed form and cannot be recovered after initial creation.

Campaign & Template Data

If you use campaign and template features, we store template content, variable definitions, recipient lists (including phone numbers imported from Excel or entered manually), campaign metadata, and delivery statistics.

Usage & Log Data

We automatically collect information about how you interact with the Service, including pages viewed, actions performed, browser type, operating system, IP address, and referring URLs.

How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process outbound SMS dispatch operations through connected devices
  • Receive, store, and display incoming SMS messages in your inbox
  • Manage your account, subscription plan, and billing interval
  • Process payments and manage subscription lifecycles via Stripe
  • Handle Stripe webhook events to keep your account status accurate
  • Deliver outbound webhook notifications for SMS delivery events to your configured endpoints
  • Display operational dashboards, message logs, device status, and campaign reports
  • Send transactional emails related to your account (e.g., password resets, billing receipts)
  • Monitor platform health, performance, and security
  • Investigate and prevent fraud, abuse, or violations of our Terms of Service
  • Respond to support requests
  • Improve the Service based on aggregate usage patterns

We do not use message content, recipient phone numbers, or device data for advertising or marketing purposes unrelated to the Service.

How We Share Information

We do not sell your personal information. We may share information in the following circumstances:

  • Stripe (Payment Processing): We share billing-related information with Stripe to process subscription payments. Stripe stores your payment card details and billing history subject to their own Privacy Policy. We receive webhook events from Stripe and store derived metadata (plan, status, period dates) to manage your account.
  • Google (Firebase & OAuth):The platform uses Firebase Cloud Messaging (FCM) to dispatch SMS jobs to connected Android devices — device tokens and push notification payloads are processed through Google's Firebase infrastructure. If you use "Sign in with Google," your identity is verified through Google OAuth and we receive your name and email address.
  • Cloud infrastructure provider: We use cloud hosting services to run our application servers and databases. Data is stored on their infrastructure subject to appropriate data processing agreements.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With your consent: We may share information when you explicitly authorize us to do so.

Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. Message logs (both outbound and inbound), campaign data, and operational data are retained for a reasonable period to support dashboard visibility, troubleshooting, and compliance.

Billing metadata received from Stripe (e.g., subscription status, plan history) is retained for the duration of your account and for a reasonable period afterward for financial record-keeping and fraud prevention purposes.

When you delete your account, we will remove or anonymize your personal information within a reasonable timeframe, except where retention is required by law or for legitimate business purposes such as fraud prevention.

API key identifiers and associated usage logs may be retained in anonymized form for aggregate analytics even after key revocation or account deletion.

Security

We implement industry-standard technical and organizational measures to protect your information. This includes encryption of data in transit (TLS), hashing of passwords and API key secrets, Stripe webhook signature verification, and access controls on internal systems.

However, no method of electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

International Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our servers and service providers (including Stripe and Google/Firebase) may be located in the United States or other regions. By using the Service, you consent to the transfer of your information to these locations.

Where required by applicable law, we implement appropriate safeguards for cross-border data transfers, such as standard contractual clauses.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain types of processing of your personal information.
  • Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at support@smsdora.com. We will respond within a reasonable timeframe as required by applicable law.

Cookies & Analytics

The Service may use cookies and similar technologies to maintain your session, remember your preferences, and collect aggregate usage data. Authentication tokens are stored in local storage to maintain your logged-in session across page visits.

We may use third-party analytics services to understand how the Service is used. These services may collect information about your interactions with the platform using cookies or similar tracking technologies.

You can control cookie preferences through your browser settings. Disabling essential cookies or clearing local storage may prevent you from staying logged in or using certain features of the Service.

Third-Party Services

The Service integrates with or relies on the following third-party services. Each has its own privacy policy governing the use of your data:

  • Stripe: Payment processing. Handles all subscription billing, credit card storage, and billing portal functionality. Stripe Privacy Policy.
  • Firebase Cloud Messaging (Google): Used for dispatching SMS jobs to connected Android devices via push notifications. Google Privacy Policy.
  • Google OAuth:Used as an optional authentication method ("Sign in with Google"). Your Google identity is verified by Google and we receive your name and email address.
  • Cloud hosting provider: Used for hosting application servers and databases.
  • Email service provider: Used for sending transactional emails (billing receipts, account notifications).

We encourage you to review the privacy policies of these third-party services. We are not responsible for the privacy practices of third parties.

Children's Privacy

The Service is not directed to children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or through the Service.

Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

smsdora

Email: support@smsdora.com