SMSForwarder
Sign InGet Started

Privacy Policy

SMSForwarding.com is a B2B platform built for developers and businesses. This policy explains how we handle data across our web platform and Android gateway app.

Last Updated: February 22, 2026
Who We AreData We CollectHow We Use DataSMS Data HandlingAndroid App PermissionsThird-Party ServicesData RetentionSecurityYour RightsContact

Summary for developers and businesses: SMSForwarding.com acts as the facilitator — incoming SMS received by your registered Android device is routed through our servers and forwarded to your configured webhook endpoint. Your application can also initiate outgoing SMS via our API, which we deliver to end-users through your registered Android device and SIM. We do not read, analyse, mine, or sell your message content. We collect only what is necessary to operate the service and process your subscription.

1. Who We Are

SMSForwarding.com ("we", "us", "our") is a business-to-business (B2B) software platform and a product of Tulip Softwares. We provide a managed SMS gateway API service that enables developers and businesses to send and receive SMS messages through their registered Android devices — routed through our servers. Incoming SMS messages arrive at our infrastructure and are forwarded to the customer's configured webhook endpoint. Outgoing SMS messages are initiated by the customer's application via our REST API and delivered to end-users through the customer's registered Android device and SIM.

Our customers ("you") are businesses and developers who integrate our platform into their own products and services. This policy governs how we handle data related to your account, your use of our platform, and the Android gateway application ("SMS Forwarder App").

Parent company: Tulip Softwares (tulipsoftwares.com)
Registered address: Jorhat, Assam, India — 785001
Contact: [email protected]

2. Data We Collect

We collect the following categories of data:

Account & Identity Data

  • Full name and business email address provided at registration
  • Encrypted password (we never store plaintext passwords)
  • Subscription plan and billing history
  • Account creation date and last login timestamp

Device & App Data

  • Android device identifier (Android ID) used to uniquely register your gateway device
  • SIM card phone number(s) associated with your registered device
  • FCM (Firebase Cloud Messaging) push token for delivering outgoing SMS commands to your device
  • App version and device registration timestamp

SMS Message Data

  • Incoming SMS messages received by your registered Android device, forwarded to your configured server endpoint
  • Outgoing SMS commands issued from your server to your device via our API
  • SMS delivery status, timestamps, and error logs
  • Message metadata (sender number, recipient number, timestamp) retained in your account log history per your configured retention period

Usage & Technical Data

  • API request logs including endpoint called, HTTP status, and timestamp
  • IP addresses used to access the platform or API
  • API keys generated and their last-used timestamps
  • Webhook endpoint URLs you configure
  • Browser/user-agent data when accessing the web dashboard

Payment Data

  • Subscription plan selection and billing cycle
  • Payment transactions are processed entirely by our third-party payment gateway — we do not store card numbers or payment credentials on our servers

3. How We Use Your Data

We use the data we collect exclusively to operate, maintain, and improve the SMSForwarding.com platform:

  • Authenticating your account and securing access to the API and dashboard
  • Registering and managing your Android gateway devices
  • Routing outgoing SMS commands from your server to your Android device via FCM push or polling
  • Forwarding incoming SMS from your Android device to your configured webhook endpoint
  • Maintaining SMS delivery logs accessible in your dashboard
  • Processing subscription payments and managing your billing cycle
  • Sending transactional emails (account verification, password reset, billing receipts)
  • Detecting and preventing abuse, fraud, or violations of our Terms of Service
  • Providing technical support when you contact us
  • Improving platform reliability, performance, and security

We do not use your SMS content for advertising, profiling, data mining, or any purpose beyond delivering the service you subscribed to.

4. How SMS Data is Handled

As a B2B infrastructure platform, SMSForwarding.com acts as a data processor — not a data controller — for the SMS messages that pass through the system. You (our customer) are the data controller responsible for the message content you choose to process through our platform.

The data flows are:

Incoming SMS

Your Android DeviceSMSForwarding.com ServersYour Webhook Endpoint

Outgoing SMS

Your Application / API CallSMSForwarding.com ServersYour Android Device / SIMEnd User
  • SMS content is transmitted over TLS-encrypted connections at all times
  • Messages are temporarily buffered in our infrastructure only as necessary for reliable delivery to your endpoint
  • We do not read, analyse, index, or process message content for any purpose other than routing it to your configured endpoint
  • Message metadata (sender, recipient, timestamp) is stored in your account log for the duration of your configured retention period (default: 30 days)
  • Your webhook endpoint URL is under your full control — you are responsible for securing your webhook endpoint and validating incoming payloads
  • If your webhook endpoint is unavailable, we retry delivery according to your configured retry policy before marking the message as failed

5. Android App Permissions

The SMS Forwarder Android app requests the following permissions. Each permission is used exclusively for the stated purpose and for no other reason:

READ_PHONE_STATE

Reads your SIM card phone number and device identifier to register your device with the platform. Required only once during initial device registration.

RECEIVE_SMS

Listens for incoming SMS messages on your device so they can be forwarded to your configured server endpoint in real time.

READ_SMS

Reads SMS message content to package and forward it to your server. No message content is stored on the device beyond what Android retains in the system SMS inbox.

SEND_SMS

Sends outgoing SMS messages as instructed by commands delivered from your application via our API. Only messages explicitly triggered via your API integration are sent.

RECEIVE_BOOT_COMPLETED

Allows the forwarding service to restart automatically when the device reboots, ensuring continuous gateway availability.

FOREGROUND_SERVICE

Keeps the SMS forwarding service running reliably in the foreground on Android 8.0+ devices, preventing the OS from terminating it.

INTERNET

Required to communicate with the SMSForwarding.com API to forward messages and receive outgoing SMS commands.

REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

Requests that Android exclude the app from battery optimisation to ensure the gateway service remains running continuously.

6. Third-Party Services

We integrate with the following third-party services to deliver core platform functionality. Each third party operates under their own privacy policy:

Firebase Cloud Messaging (FCM) — Google LLC

Used to deliver outgoing SMS commands from your server to your Android gateway device in real time via push notifications. FCM processes your device's push token. No message content is stored by Firebase beyond the push payload.

Firebase Privacy Policy →

Payment Gateway Provider

Used to process subscription payments. All payment data (card numbers, billing address) is handled directly by our payment gateway provider. We receive only a transaction confirmation and your subscription status — we never see or store your payment credentials. Please refer to your payment provider's privacy policy for details on how they handle your payment information.

We do not sell, rent, or share your personal data with any other third parties for marketing or advertising purposes.

7. Data Retention

  • Account data (name, email, billing history) is retained for the lifetime of your active account and for 30 days after account deletion to allow for dispute resolution.
  • SMS message logs are retained according to your configured log retention setting in the app (default: 30 days). You can clear logs at any time from the Settings screen.
  • API request logs and IP access logs are retained for up to 90 days for security and abuse-prevention purposes.
  • Device registration data (Android ID, phone number, FCM token) is deleted when you deregister your device or delete your account.
  • After account deletion, all remaining personal data is permanently purged from our systems within 30 days.

8. Security

We apply industry-standard security measures appropriate for a B2B API platform:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Passwords are hashed using bcrypt — plaintext passwords are never stored
  • API keys are hashed before storage and displayed only once at creation
  • Access to production infrastructure is restricted to authorised personnel only
  • Firebase Cloud Messaging tokens are rotated automatically by the Android app

You are responsible for:

  • Securing your API keys and not exposing them in client-side code or public repositories
  • Securing your webhook endpoint URL and validating incoming payloads
  • Keeping the SMS Forwarder Android app updated to the latest version
  • Ensuring your Android device is physically secure

If you discover a security vulnerability, please report it responsibly to [email protected].

9. Your Rights

As our customer, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about your account
  • Rectification — request correction of inaccurate account data
  • Deletion — request deletion of your account and all associated personal data
  • Portability — request an export of your SMS logs and account data in machine-readable format
  • Restriction — request that we restrict processing of your data in certain circumstances
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Note that some data may need to be retained for legal, billing, or fraud-prevention purposes even after an account deletion request.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our platform, legal requirements, or industry standards. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Send an email notification to all registered account holders at least 14 days before the changes take effect
  • Display a notice in the web dashboard

Continued use of the platform after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you may close your account before the effective date.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

SMSForwarding.com

A product of Tulip Softwares

Email: [email protected]

Website: smsforwarding.com