Last updated 2026-03-20
SMSAPE (“we”, “us”, “our”) is built around private, temporary SMS verification. This Privacy Policy explains what information may be processed when you use smsape.com(the “Website”) and our virtual number platform (the “Service”).
We use the information described below to operate your account, assign temporary numbers, route verification messages to your dashboard, protect the platform from abuse, and respond to support or privacy requests.
We handle personal information according to applicable privacy and data protection requirements. Depending on your location, those requirements may include principles from:
Our goal is to keep processing limited, purposeful, and proportionate to the Service we provide.
We may update this Policy when our Service changes, when we improve security controls, or when legal requirements evolve. The “Last updated” date above shows when the current version took effect.
If you continue using SMSAPE after an update is posted, you acknowledge the revised Policy.
We do not collect data on speculation. The information described below is gathered because the Service cannot function without it — for keeping the account alive, for billing, or for getting an SMS code to the right dashboard.
Signing up creates these records:
For each number you order, the system retains:
Incoming verification messages live on our side just long enough to land on your screen. They are not mined, profiled, or shared — they exist only to be read by the account that ordered the number, and they age out from active storage shortly after.
Records of top-ups and balance movements are kept for accounting and dispute purposes. Card numbers, wallet seeds, and other sensitive payment material are never seen by SMSAPE — those stay with the regulated payment processors that take the actual transaction.
A modern web service can't run end-to-end without a small set of trusted vendors. We pick ours for their security posture and their published privacy practices, and we limit what each one sees to what it needs to do its job.
Edge providers such as Cloudflare front the platform to absorb attack traffic and serve static assets quickly. They process limited technical signals — IP, request headers, timestamps — purely to filter abuse and route requests; they do not see SMS contents or account credentials.
Crypto and digital-payment partners take the financial side of every top-up. Their privacy policies cover the handling of transaction data, and their compliance posture (e.g., PCI for card processors) is the reason that work sits with them and not with us.
A transactional email vendor relays the messages we send (account verifications, security alerts, password resets). They process the recipient address and message body only for the time needed to deliver to your inbox.
The primary purpose is direct: allocate numbers, ferry incoming SMS to dashboards, keep balances in sync, and present the activation history to the account that owns it.
Aggregated and anonymized signals from how the platform is used help us spot fraud rings, automated abuse, and patterns that would degrade the experience for everyone else. The detection runs on patterns, not on identities.
SMSAPE does not sell user data, license it for advertising, or share it with marketing networks. Personal information is not a product on this platform — it is a working input we keep no longer than we need.
The exact list depends on the law that applies where you live, but in most jurisdictions you can:
Reach out to support to start any of those requests. Privacy-related messages are routed to a queue we handle ahead of routine support traffic.
The site sets a small number of cookies and equivalent local-storage entries — strictly the ones required to keep you signed in, remember your interface preferences, and run anti-abuse checks at the edge. Disabling them in the browser is your choice, but the dashboard will not work the way it should once they are blocked.
Data is encrypted in transit and at rest on the storage layer, access to production systems is gated behind strong authentication, and operational practices follow current security baselines. Nothing on the public internet is invulnerable, however; if a breach affecting personal data does occur, we will follow the disclosure obligations of the applicable law and notify the people impacted in the manner those rules require.
The Service is intended for users at or above the age of majority in their jurisdiction (18 in most regions). We do not knowingly process data from minors. If a minor's data has reached us, please get in touch and we will remove it as a matter of priority.
For privacy questions, data-rights requests, or anything else covered by this Policy, write to:
Email: support@smsape.com
Privacy inquiries are typically reviewed and answered within 48–72 hours.