Getatext — Privacy Policy

Last updated: 2025-09-27

1) Scope and acceptance

This Policy explains how Getatext.com (“Getatext”, “we”) processes personal data when you use the website, dashboard and/or API (“Services”). By registering or using the Services, you accept this Policy together with our Terms and Conditions and KYC/AML Policy. If you do not agree, please do not use the Services.

Controller. Getatext acts as controller for your account, dashboard and API usage. If you integrate/resell the API to your own end-users, you act as controller toward them; Getatext may act as processor solely for technical OTP delivery under your instructions.

Reference jurisdiction. Wyoming, USA, without prejudice to non-waivable rights under your local laws.

Minimum age. 18+; reasonable proof may be requested.

Contact. support@getatext.com (operational messages via the official channels in the Terms).

2) Data we process

  • Account: email, account alias/name, stated country, internal ID, optional channels (e.g., Telegram).
  • Operational: order history (ID, destination service/slug, delivery status), MSISDN and timestamps; delivery evidence.
  • Technical logs: IP, user-agent, reasonable fingerprint, session events, errors; anti-abuse signals (consistent failures, number farming).
  • API: key, invoked endpoints, volumes, applied rate-limits, performance metrics.
  • Payments & billing: amounts, currency, timestamp, status, 3-D Secure and checks (AVS/CVC) where exposed; we do not store full card numbers. Crypto: network/TXID/amounts.
  • KYC/AML (where applicable): legal name, ID, selfie, country & proof of address; outcome and flags (sanctions/PEP).
  • Referrals & communications: referrer–referee link, valid deposits, benefits; support tickets and operational notices.
  • Cookies & similar tech: necessary (auth, security, preferences) and analytics (aggregated; no behavioral advertising).

3) Purposes and legal bases

  • Service delivery (Contract).
  • Security & anti-fraud/abuse (Legitimate interests).
  • Legal compliance (KYC/AML, bookkeeping, escheat).
  • Service improvement (Legitimate interests).
  • Operational communications (Legitimate interests).
  • Optional marketing (Consent).
  • Referral program (Contract + Legitimate interests).

Automated decisions & profiling: no solely automated decisions with legal/similar effects; reasonable human review exists.

4) Retention

  • Account/operations: relationship + up to 2 years after last activity/closure.
  • Payments/bookkeeping: 5–10 years depending on tax law.
  • KYC/AML: legal minimums or verifier rules (typically 5–10 years).
  • Logs & anti-fraud evidence: ≥180 days; up to 2 years for investigations/disputes.
  • Referrals: up to 2 years after cycle closure.
  • Tickets: up to 2 years after closure.
  • Backups: additional window (e.g., up to 90 days); not accessible in production.

Erasure/anonymization & legal holds as appropriate. We also manage dormancy (escheat) and inactive accounts with prior contact attempts.

5) Sharing and recipients

Processors: We share data with processors for infrastructure/security; telecom/aggregators; payments; KYC/AML; support; and operational analytics (non-advertising).

Recipients: Data may be shared with authorities upon valid requests, or as part of corporate transactions with appropriate safeguards.

What we do NOT do: We do not sell user data and do not engage in behavioral advertising.

International transfers: We use SCCs/safeguards plus technical measures for international data transfers.

Resellers/API: Resellers have their own obligations. Getatext acts as a processor for technical delivery and as a controller for its own records.

6) International transfers

We rely on SCCs or equivalent mechanisms for international transfers. We also conduct transfer assessments and apply technical/organizational measures like encryption in transit, access controls, data minimization, and limited retention.

7) Security

  • We use encryption in transit, access controls, environment segregation, data minimization, and limited retention.
  • Logging and monitoring data is kept for ≥180 days for anti-fraud and disputes.
  • We have processes for vulnerability management and business continuity (backups/restore).
  • API security includes personal keys, rate-limits, and anti-scraping measures.

We provide incident notifications where applicable and remind users of their responsibilities (passwords, API key).

8) Your rights

You have the right to access, rectify, erase, restrict, object to processing, data portability, withdraw consent, and request human review. Rights under CCPA/CPRA and LGPD also apply where applicable. To exercise your rights, please contact us at support@getatext.com.

9) Preferences & controls

  • We use necessary and analytics cookies (no behavioral advertising).
  • Marketing communications are opt-in with an easy unsubscribe option.
  • We do not currently respond to Do Not Track (DNT) signals.
  • Account controls include API key rotation and activity review.

10) Service specifics

  • We do not guarantee third-party acceptance of a number after an OTP is sent.
  • We employ operational anti-scraping and fair use policies to prevent consistent failures and number farming.
  • Technical signals are used for security and dispute resolution, not for advertising.

11) Inactivity & dormancy (escheat)

Accounts that are unused for 3 months from registration with no deposits may be suspended and deleted. For accounts with balances, we will make two contact attempts (7 days apart) before the account is considered dormant.

12) Changes & notices

We will indicate the effective date of this policy and notify you of material changes via support@getatext.com and our official Telegram channel https://t.me/getatext.

13) Contact

Support & privacy: support@getatext.com • Telegram (General Manager): @GeneralManager_Getatext • Reference jurisdiction: Wyoming, USA.