1. Introduction
Textsflow ("Textsflow," "we," "us," or "our") operates a business messaging platform that helps organizations send SMS, voice, and related communications to their own customers and contacts. Protecting the privacy of the people who visit our website, request quotes, and use our services is a core part of how we operate.
This Privacy Policy describes what information we collect, why we collect it, how we use and share it, how long we keep it, and the choices and rights you have. It applies to the Textsflow website, our dashboard and API, our sales and support interactions, and any other service that links to this policy (together, the "Services").
Please read it carefully. By using the Services you acknowledge that you have read and understood this policy. If you do not agree with it, please do not use the Services.
2. Our Role: Controller and Processor
Textsflow acts in two different capacities depending on the data in question:
- Controller. For information we collect about website visitors, prospects, account holders, and our own employees, Textsflow decides the purposes and means of processing and is the "controller" (or "business" under U.S. state laws).
- Processor. When our customers use the platform to send messages to their own contacts, those contacts' phone numbers and message content are processed by Textsflow on the customer's behalf. In that context the customer is the controller and Textsflow is the "processor" (or "service provider"). If you received a message through Textsflow and want your data removed, please contact the business that sent it; we will also assist that business on request.
3. Information We Collect
3.1 Information you provide
- Contact details such as your name, company, job title, email address, and phone number when you request a quote, sign up, or contact support.
- Business information about your industry, team size, expected message volume, and use case when you ask for a tailored plan.
- Account credentials when you create a Textsflow account (password hashes are stored; plaintext passwords are not).
- Billing information including billing address and the last four digits of a payment card. Full payment card numbers are handled by our PCI-compliant payment processor and never stored by Textsflow.
- Content you submit, including messages in our support channels and any attachments.
- Consent records — the checkboxes you tick, the timestamp, the IP address observed at the time, and the language you agreed to.
3.2 Information collected automatically
- Device and log data such as IP address, browser type and version, operating system, referring URL, pages viewed, and timestamps.
- Usage data from the dashboard (features used, broadcast counts, delivery metrics) to operate the Service and improve reliability.
- Cookies, pixels, and similar technologies. See Section 7 below for details.
3.3 Information from third parties
- Carriers and messaging aggregators return delivery receipts, error codes, and opt-out signals for messages sent through our platform.
- Authentication providers (e.g., single sign-on) share the identifiers you authorize them to share.
- Enrichment and anti-fraud vendors may supply firmographic data or risk signals used to qualify prospects and protect the platform from abuse.
4. SMS and Voice Communications
If you opt in to SMS from Textsflow, you may receive text messages that include:
- Account notifications, alerts, and billing reminders
- Quote follow-ups and onboarding information
- Appointment or demo reminders you scheduled with us
- Service-related updates, incidents, and maintenance notices
- Responses to your HELP, STOP, and other keyword replies
SMS program terms.
• Frequency: up to 10 messages per month.
• Message and data rates may apply from your carrier.
• Reply HELP for help.
• Reply STOP at any time to unsubscribe. Once we process a STOP request, you will receive a confirmation message and no further marketing or account texts from that program.
• Consent to receive SMS is not a condition of purchase.
• Carriers are not liable for delayed or undelivered messages.
Mobile number sharing. We do not share, sell, or transfer mobile opt-in information or consent records to third parties for their own marketing. Phone numbers are shared only with carriers and messaging infrastructure providers strictly for the purpose of delivering the messages you asked us to send.
5. How We Use Information
We use information to:
- Respond to quote requests, sales inquiries, and support tickets.
- Deliver, operate, maintain, and secure the Services.
- Send account, transactional, and service communications (including SMS if you have opted in).
- Send marketing communications where permitted by law — you can opt out at any time.
- Monitor platform performance, diagnose bugs, and improve features.
- Detect, prevent, and investigate fraud, spam, abuse, and other security incidents.
- Comply with legal obligations, including TCPA, CTIA guidelines, 10DLC/A2P registration requirements, tax rules, and lawful requests from regulators or law enforcement.
- Enforce our Terms of Service and defend our legal rights.
6. Legal Bases for Processing (EEA/UK)
If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar rules, we process personal data under one of the following legal bases:
- Contract — to provide the Services you have requested or to take steps prior to entering a contract.
- Legitimate interests — to secure, improve, and market the Services, and to communicate with prospective customers, where those interests are not overridden by your rights.
- Consent — for certain marketing communications, SMS opt-ins, and non-essential cookies. You can withdraw consent at any time.
- Legal obligation — where processing is necessary to comply with applicable law.
7. Cookies and Similar Technologies
We use cookies and similar technologies to keep you signed in, remember preferences, measure how the site is used, and — where you consent — to run analytics and marketing tags. Cookies generally fall into these categories:
- Strictly necessary cookies required for the site to function (authentication, load balancing, CSRF protection).
- Preference cookies that remember choices such as language or theme.
- Analytics cookies that help us understand usage in aggregate.
- Marketing cookies that measure the performance of advertising campaigns.
You can manage cookies through your browser settings. Blocking some cookies may degrade parts of the site. Where required, we present a cookie banner on first visit.
8. How We Share Information
We do not sell personal information, and we do not share it for third-party advertising or cross-context behavioral advertising. We do share limited information with:
- Service providers that host infrastructure, process payments, send email, provide analytics, or deliver support tooling. They are bound by written contracts that limit their use of the data to our instructions.
- Carriers and messaging partners that are technically required to deliver SMS, MMS, and voice traffic.
- Corporate transactions — if Textsflow is involved in a merger, acquisition, financing, or sale of assets, personal information may transfer as part of that transaction. We will notify you if your information becomes subject to a materially different privacy policy.
- Legal and safety disclosures — to comply with a subpoena, court order, regulatory request, or applicable law; to protect the rights, property, or safety of Textsflow, our users, or others; and to investigate fraud or abuse.
- With your direction — whenever you instruct us to share information, such as connecting an integration you authorize.
9. International Data Transfers
Textsflow is based in the United States, and our service providers may operate in other countries. When we transfer personal data from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms.
10. Data Retention
We keep personal data only as long as we need it for the purposes described in this policy or as required by law. Typical retention periods are below; actual periods may be shorter or longer where legal obligations, active disputes, or security investigations require it.
| Data type | Retention period |
|---|---|
| Inquiries from non-customers | 2 years from last contact |
| Customer account data | 5 years after the engagement ends |
| SMS consent records | At least 4 years |
| Message content and delivery logs | Up to 90 days for content; up to 2 years for delivery metadata |
| Billing and tax records | 7 years (legal requirement) |
| Security logs and audit trails | 1 year, longer if relevant to an incident |
| Aggregated or de-identified data | Indefinite |
11. Your Privacy Rights
Depending on where you live, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to fix inaccurate or incomplete data.
- Deletion — ask us to delete your data, subject to legal and operational exceptions.
- Portability — receive certain data in a machine-readable format.
- Restriction or objection — ask us to limit or stop certain processing, including direct marketing.
- Withdraw consent — where we rely on consent, withdrawing it will not affect processing already carried out.
- Appeal — if we deny your request, you may appeal and, in some U.S. states, complain to your state attorney general.
How to exercise your rights. Email us at privacy@textsflow.com from the address associated with your account, or use the contact details in Section 15. We will verify your identity before acting on a request and will respond within the timeframes required by applicable law (typically 30–45 days).
Opt-outs. You can unsubscribe from marketing emails using the link in any email, reply STOP to any SMS program, and decline non-essential cookies through our banner or your browser settings.
12. Children's Privacy
The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
13. Security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest for sensitive stores, role-based access controls, audit logging, regular vulnerability scanning, and least-privilege access for employees. We maintain an incident response process and, where required by law, will notify affected individuals and regulators of a data breach.
No internet transmission or storage system is perfectly secure. We cannot guarantee absolute security, but we treat it as a continuous engineering priority.
14. Third-Party Sites and Services
The Services may link to third-party websites or integrate with third-party tools. We are not responsible for their content or privacy practices. Please review the privacy notices of any third party before sharing information with them.
15. Contact Us
Questions, requests, or complaints about this policy can be sent to:
If you are in the EEA or UK and believe we have not addressed your concern, you also have the right to complain to your local data protection authority.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. For material changes, we will provide additional notice — for example, by email or a prominent notice on the site — before the changes take effect. Continued use of the Services after the effective date means you accept the updated policy.