2sms

Privacy Policy

Effective date: March 19, 2026

2sms ("we," "our," or "us") operates 2sms.ai, a platform that allows businesses to send SMS notifications to their workers and recipients using documents they upload. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using 2sms you agree to this policy. If you do not agree, do not use the service.

1. Information We Collect

Account information

When you sign up, we collect your email address, company name, and authentication credentials. We do not store passwords — authentication is handled via Google OAuth or passwordless magic links through Supabase.

Recipient data

You provide the names and phone numbers of the people you send SMS messages to ("recipients"). This data is stored in our database and used solely to deliver SMS messages on your behalf. You are responsible for obtaining consent from your recipients before sending them messages.

Document content

When you upload a PDF, CSV, or Excel file, it is stored in Supabase Storage and sent to Anthropic's Claude API for AI field extraction. Extracted fields (reference numbers, locations, times, etc.) are stored in our database and used to compose SMS messages. Documents are soft-deleted when you delete them and are not retained after account deletion.

SMS message content

We store the content of outbound SMS messages and inbound replies in our database. This is necessary to show you send history, conversation threads, and delivery status. Messages are associated with your account and accessible only to you (and your team members, if any).

Payment information

Payments are processed by Stripe. We do not store credit card numbers or full payment details. We store your Stripe customer ID, subscription status, and plan type. Stripe's privacy policy governs how they handle your payment data.

Usage data and logs

We collect logs of API calls, error events, and feature usage for debugging and service improvement. This includes IP addresses, user agents, and timestamps. Logs are retained for up to 90 days.

2. How We Use Your Information

  • To provide, operate, and improve the 2sms service
  • To send SMS messages to your recipients on your behalf
  • To send you transactional emails (magic links, reply notifications, billing receipts)
  • To process payments and manage your subscription
  • To detect and prevent fraud, abuse, and security incidents
  • To respond to your support requests

We do not sell your data or your recipients' data to third parties. We do not use your document content or SMS messages to train AI models.

3. Third-Party Services

We use the following sub-processors to operate the service:

ProviderPurposeData shared
TwilioSMS deliveryRecipient phone numbers, message content
AnthropicAI field extractionDocument content (PDFs, CSVs, Excel)
SupabaseDatabase & authAll account and operational data
StripePaymentsEmail, payment info
SendGridTransactional emailEmail address, email body
VercelHosting & computeRequest data, logs

Each provider has its own privacy policy governing their handling of data. We select providers with strong security and privacy practices.

4. SMS and TCPA Compliance

2sms is a platform tool. You, the account holder, are responsible for ensuring you have proper written consent from every recipient you send messages to, as required by the Telephone Consumer Protection Act (TCPA) and any applicable state laws.

We provide automatic opt-out handling: STOP, UNSUBSCRIBE, CANCEL, END, and QUIT keywords immediately halt future messages to that recipient. START and YES re-enable them. Do not circumvent these mechanisms.

We reserve the right to suspend accounts we believe are sending unsolicited messages or operating in violation of TCPA.

5. Data Retention

  • Account data is retained for the lifetime of your account.
  • Documents are soft-deleted when you delete them. Hard deletion occurs within 30 days.
  • SMS send logs and replies are retained for the lifetime of your account to support conversation history.
  • After account deletion, all personal data is deleted within 30 days, except where retention is required by law (e.g., billing records for tax purposes — retained up to 7 years).

6. Security

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.2+), row-level security on all database tables, API key hashing, and webhook signature verification. Authentication uses Supabase with passwordless flows — no password hashes are stored.

No system is perfectly secure. In the event of a data breach affecting your information, we will notify you as required by applicable law.

7. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and associated data
  • Portability — request an export of your data in a machine-readable format
  • Opt-out of marketing — we send no marketing email; transactional emails are required for service operation

To exercise any of these rights, email privacy@2sms.ai. We will respond within 30 days.

8. Cookies

We use essential cookies only — specifically, the Supabase auth session cookie required to keep you logged in. We do not use advertising, tracking, or analytics cookies. No third-party cookies are set.

9. Children

2sms is a business tool intended for users 18 and older. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email to your account address at least 14 days before taking effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Email us at privacy@2sms.ai.

← Back to sign inTerms of Service