At InboxSMS, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and temporary SMS services.
1. Data Controller
InboxSMS operates as a white-label partner of the Platfone platform. Under our partnership agreement, the primary data controller for all core technical infrastructure, verification data, and account systems is Privatix LTD (150 Menachem Begin Road, WE Tower – Level 9, 6492105 Tel Aviv, Israel). Email: support@platfone.com.
2. What Data We Collect
We limit data collection to only what is necessary to operate, secure, and improve our services:
- Account & Identity: Email address, login IDs (Google, Apple, Facebook, or Telegram), Firebase UID, and display names.
- Payment & Billing: Transaction metadata, amounts, timestamps, payment method type, and issuing country. Important: We do not collect or store full credit card numbers or wallet private keys. All payment processing is handled securely by certified processors (Stripe, Cryptomus, Payssion, PayPal).
- Technical & Usage: IP address, region, device/browser details, API usage logs, rate limit metrics, and activation history.
- Verification Message Content: Inbound SMS message texts or call logs are temporarily cached for fraud prevention, support, and quality review. They are retained for up to 12 months or until 1,000 activations have occurred on the account, whichever comes first.
- Identity Verification (KYC): If you trigger KYC verification, your documents are uploaded directly to our third-party provider, Sumsub. Neither InboxSMS nor Platfone stores images of your documents; we receive only the verification result (approved/rejected) and metadata.
3. Purposes & Legal Bases
We process personal data based on the following legal grounds:
- Contract Performance: To provision numbers, receive SMS verifications, and manage your credit balance.
- Legitimate Interests: To prevent abuse, enforce our Acceptable Use Policy, monitor system health, and combat payment fraud.
- Legal Obligation: To comply with tax, corporate accounting, anti-money laundering (AML), and sanctions rules.
4. Cookies & SDKs
We use cookies to maintain login sessions (via Firebase), improve security (via Cloudflare), compile traffic statistics, and preserve your dashboard preferences. You can disable cookies in your browser settings, but doing so may prevent the site from functioning correctly.
5. Third-Party Sub-Processors
We share data only with trusted vendors under strict data protection terms:
| Vendor | Purpose | Region |
|---|---|---|
| Stripe / Cryptomus / Payssion | Payment processing | US / EU / Global |
| Sumsub | KYC / Identity Verification | EU / UK |
| Firebase | Authentication & User Database | Global |
| Cloudflare | DDoS security, DNS, and CDN | Global |
| Mailtrap.io | Transactional email delivery | EU / US |
| DigitalOcean | Database and server hosting | US |
6. Data Retention Periods
- Account Info: For the lifetime of the account plus 90 days.
- Billing/Invoices: 7 years for tax and legal audits.
- Logs & API Usage: 30 to 180 days.
- SMS Content: Up to 12 months or 1,000 activations.
- KYC Audit Logs: 3 to 6 months.
7. Your Rights
Depending on your jurisdiction (such as the GDPR or CCPA), you may have rights to access, correct, delete, or restrict the processing of your data. To exercise these rights, please reach out via our contact page. Requests may be limited where compliance with law enforcement or AML obligations takes precedence.
Questions about privacy?
Reach out to our support team — we typically reply within one business day.
Contact Us