Privacy Policy — SaaSySMS

1. Who we are

SaaSySMS is a multi-tenant SMS platform that lets businesses send, receive, and manage two-way SMS conversations. References to "SaaSySMS", "we", "us", or "our" in this policy refer to the operator of saasysms.com.

2. Information we collect

Account information

When you sign up we collect your name, email address, and a hashed password. We do not store your password in plain text.

Workspace and usage data

We store the workspaces you create, the contacts you import, the messages you send and receive, and configuration settings you apply.

Billing information

Payments are processed by Stripe. We store a Stripe customer ID and subscription status but never store raw card numbers or full payment details on our servers.

Log and technical data

We automatically collect IP addresses, browser type, pages visited, and timestamps for security, debugging, and abuse prevention purposes.

3. How we use your information

To provide, operate, and improve the SaaSySMS service
To authenticate your identity and maintain your session
To process payments and manage your subscription
To send transactional emails (email verification, password reset, billing receipts)
To detect and prevent fraud, abuse, and security incidents
To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising.

4. SMS message data

Message content sent through the platform is stored to provide the inbox and conversation history features. You are responsible for ensuring that your contacts have consented to receive SMS messages from you and that your use of the platform complies with applicable laws including the TCPA (US), CASL (Canada), and equivalent regulations in your jurisdiction.

5. Data sharing

We share data only with the following categories of third parties, and only to the extent necessary to operate the service:

CM.com — our SMS carrier. Message content and recipient phone numbers are transmitted to CM.com to deliver SMS.
Stripe — payment processing. Subject to Stripe's Privacy Policy.
Hosting infrastructure — servers and databases used to run the platform.

6. Cookies and session storage

We use a single session cookie to keep you logged in. We do not use advertising cookies or third-party tracking pixels. If you disable cookies, you will not be able to log in to the platform.

7. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or billing purposes.

8. Your rights

Depending on your location you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data ("right to be forgotten")
Object to or restrict certain processing
Data portability

To exercise any of these rights, email us at [email protected].

9. Security

We use industry-standard measures including HTTPS/TLS encryption in transit, hashed passwords, HTTP security headers, and rate limiting to protect your data. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's privacy

SaaSySMS is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the service after changes are posted constitutes acceptance of the revised policy.

12. Contact us

If you have questions about this policy or how we handle your data, please contact us at [email protected].