Privacy Policy

1. Company Information

This Privacy Policy describes how ReadySMS LLC and its affiliates, successors, and assigns ("ReadySMS," "we," "us," or "our") collect, use, and protect your personal information when you use our SMS messaging platform (the "Service"). ReadySMS operates throughout the United States. References to ReadySMS in this Policy include any successor or affiliated entity to which the Service may be migrated; see Section 14.

2. Information We Collect

We collect the following types of information:

• Account Information: Name, email address, phone number, business details, and tax/EIN information provided during registration.
• Billing Information: Payment details processed securely through Stripe. We do not store full credit card numbers.
• Usage Data: Message logs, campaign statistics, API usage, and platform activity.
• Contact Lists: Phone numbers and contact details you upload or manage within the platform for messaging purposes.
• Consent Records: Timestamps, IP addresses, user agents, and cryptographic hashes of consent attestations you submit; consent decisions for SMS to your account phone (see Section 7).
• Device Information: IP address, browser type, and device information collected automatically for security and analytics.
• Communications Records: Records of calls between you and ReadySMS staff or systems, recorded under Section 17 of our Terms of Service.

3. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service
• Process transactions and send billing notifications
• Send service-related communications (account alerts, verification codes, billing notifications)
• Send marketing communications, but only with your explicit prior consent (see Section 7)
• Comply with 10DLC brand and campaign registration requirements and other telecommunications regulations
• Detect and prevent fraud, abuse, and TCPA violations
• Improve and develop new features
• Provide customer support
• Comply with legal obligations, including responses to lawful requests and TCPA defense

4. Information Sharing

We do not sell your personal information. We share information with:

• SMS Carriers and Aggregators: Infobip and other providers, to deliver your messages.
• The Campaign Registry (TCR): As required for 10DLC brand and campaign registration.
• Payment Processors: Stripe processes your payments securely.
• Cloud Infrastructure Providers: Railway, AWS, and similar service providers process data on our behalf under data processing agreements.
• Third-Party Integrations: When you connect services like GoHighLevel, Zapier, or webhooks, data is shared as necessary for the integration to function.
• Affiliates and Successor Entities: We may share information with our corporate affiliates, parent companies, and successor entities for operational, accounting, and governance purposes; see Section 14.
• Legal Requirements: When required by law, subpoena, court order, or regulatory request, including TCPA discovery, FCC inquiries, and state attorney general investigations.
• Business Transfers: In the event of a merger, acquisition, restructuring, sale of assets, or similar corporate transaction, your information may transfer to the acquiring or successor entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication (JWT), access controls, audit logging, and regular reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services and comply with legal obligations. Specific retention periods include:

• Message content and logs: Up to 5 years for TCPA and carrier dispute compliance.
• AI generation logs: 4 years for litigation defense (Lowrey v. OpenAI & Twilio compliance pattern).
• Consent records: Minimum 5 years from the date of consent.
• Call recordings: 12 months (see Section 17 of the Terms of Service).
• Billing records: 7 years for tax and accounting purposes.

7. SMS Messaging Consent

When you provide your phone number to ReadySMS, we ask you to separately consent to two categories of SMS:

• Service messages (required for phone-based features): Verification codes, account and security alerts, and billing notifications. Required to use phone-dependent features.
• Marketing & updates (optional): Promotional offers, product updates, and announcements. Optional and never required to use the Service.

You may revoke marketing SMS consent at any time by (a) replying STOP to any marketing message, (b) toggling marketing off in Settings → Notifications → SMS to Your Phone, or (c) emailing support@readysms.io. Service-message consent persists as long as you maintain a verified phone number on the account.

We log every consent decision, including timestamp, IP address, user agent, and a cryptographic record of the disclosure shown. These records support TCPA compliance and are retained for at least 5 years.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your data ("right to be forgotten")
• Opt out of marketing communications
• Restrict or object to certain processing
• Export your data in a portable format
• Withdraw consent at any time

To exercise any of these rights, contact privacy@readysms.io. We respond to verifiable requests within 45 days (CCPA) or 30 days (GDPR), as applicable.

9. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• Right to Know: What personal information we collect, the sources, the business purpose, and any third parties with whom we share it.
• Right to Delete: Request deletion of personal information we have collected (subject to legal exceptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You may direct us to limit our use of sensitive personal information (financial account details, government IDs).
• Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different level of service based on your exercise of CCPA rights.

To submit a verifiable consumer request, email privacy@readysms.io. We respond within 45 days. You may designate an authorized agent to act on your behalf.

10. Other State Privacy Laws

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Delaware (DPDPA), Tennessee (TIPA), Indiana (ICPA), and others — may have rights to access, correct, delete, and port their data and to opt out of targeted advertising, sale, or profiling. We honor these rights through the same process described above.

11. International Users

The Service is offered to United States residents and businesses. We do not target users outside the United States. Data is processed and stored in the United States. By using the Service, users outside the U.S. consent to transfer of their data to the U.S. for the purposes described in this Policy.

12. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. We may use analytics cookies (with consent where required) to understand usage patterns.

13. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that a child has provided personal information, we will delete it.

14. Successor Entity

The Service may be operated, in whole or in part, by an affiliated or successor entity to ReadySMS. We may transfer or migrate the Service, your account, and the personal information described in this Policy to such an entity at any time, without prior notice, and this Privacy Policy will continue to govern your information following such migration. The successor entity will assume all obligations of ReadySMS under this Policy. By continuing to use the Service after a migration, you consent to this transfer.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance.

16. Contact Us

For general questions, contact support@readysms.io. For privacy-specific requests (data access, deletion, correction, opt-out), contact privacy@readysms.io. For legal notices, contact legal@readysms.io.