>smsactivator.io

Privacy policy

We collect the minimum data needed to deliver the service. No KYC, no third-party trackers, no raw IP addresses in logs.

Effective: 2026-05-07

Data we collect

We collect only what is necessary to deliver the service: an email address for account login, hashed IP addresses for abuse-prevention, and the order metadata required to fulfil and refund SMS verifications.

  • Account: email address (required), encrypted password hash (argon2), optional TOTP secret.
  • Orders: service slug, country code, allocated number, SMS payload, timestamps. Phone numbers are not tied to your real identity.
  • Wallet: deposit and spend ledger, on-chain transaction IDs (so you can reconcile from a block explorer).
  • Logs: hashed IP addresses (sha256 with a server-side secret) and minimal user-agent metadata, retained 30 days for abuse triage.

What we do not collect

We do not require KYC. We do not collect government IDs, full names, billing addresses, or any other identity verification documents. We do not store raw client IP addresses. We do not run third-party advertising trackers.

How long we retain it

Account data persists until you delete the account from the dashboard. SMS payloads are retained for 30 days for refund eligibility, then deleted. Wallet ledger entries are retained indefinitely for accounting integrity. Hashed IP audit logs are retained 30 days then purged.

How we protect it

Upstream API credentials and account-creation order payloads are encrypted at rest with AES-256-GCM. Payment webhooks are HMAC-SHA512 signed. Sessions are HttpOnly + Secure + SameSite cookies. Failed-login lockouts are enforced per email and per IP. The infrastructure is self-hosted — no third-party SaaS holds your data.

Sharing

We share order data with the upstream SMS provider that fulfils the order — that is technically required to receive the SMS. We do not sell, rent, or otherwise share account data with anyone else. We respond to lawful legal requests narrowly, and we publish the count in a periodic transparency note when applicable.

Your rights

You can export your account data and order history from the dashboard. You can delete your account from the dashboard at any time, which purges email, wallet ledger metadata, and order history (subject to statutory retention requirements for the wallet ledger).

For requests under GDPR, CCPA, or similar regimes, contact privacy@smsactivator.io and we will respond within the regulatory window.

Changes

Material changes to this policy will be announced on the homepage banner and via email. The Effective date above always reflects the latest revision.