Privacy Policy

Last updated: November 16, 2025

This Privacy Policy explains how TextAll ("TextAll", "we", "us", or "our") collects, uses, and protects information when you visit textall.io (the "Site") and use our SMS messaging platform and related services (collectively, the "Services").

1. Who We Are

TextAll is a SaaS platform that lets you send SMS messages using your own Twilio account. You log in using Twilio Connect, choose a sending number, and manage campaigns, recipients, and message delivery through our dashboard.

2. Information We Collect

2.1 Account and Profile Information

When you sign in using Twilio Connect, we may collect and store:

  • Your Twilio Connect Subaccount SID.
  • The Twilio Parent Account SID associated with the sending numbers you choose.
  • Your email address and display name.
  • Basic account preferences (such as default sending number, throttling preferences, and theme settings).

2.2 Twilio Credentials and Tokens

To send messages on your behalf, TextAll may store specific Twilio-related credentials only when required. This includes:

  • The parent-account Auth Token for the Twilio number you choose to send from.

We do not store your Twilio login password, global Auth Token, API Keys, or OAuth access tokens. Parent-account Auth Tokens are stored per-number and are encrypted at rest. They are used exclusively to send messages and verify incoming webhook signatures from Twilio.

2.3 Message and Recipient Data

When you use the Services to send SMS messages, we process and store:

  • Recipient phone numbers you upload or enter directly.
  • Campaign names and message content you create in TextAll.
  • Delivery status updates and related metadata from Twilio (for example, message SIDs, status codes, error messages, and timestamps).

You are responsible for ensuring that the phone numbers and message content you provide comply with all applicable laws, regulations, carrier rules, and Twilio’s acceptable use policies.

2.4 Usage, Logs, and Analytics

We may collect information about how you access and use the Services, including:

  • Log data such as IP address, browser type, operating system, and access times.
  • Application logs related to API calls, errors, and performance metrics.
  • Aggregated usage data (for example, number of messages sent, delivery rate, and error counts).

This information helps us maintain security, monitor performance, troubleshoot issues, and improve the Services.

2.5 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Keep you signed in to your account and maintain your session.
  • Remember your preferences and settings.
  • Understand basic usage patterns on our Site.

You may be able to control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of the Services.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services.
  • Authenticate you and secure your account.
  • Send SMS messages and manage campaigns using your Twilio account.
  • Display delivery, failure, and status metrics in your dashboard.
  • Monitor and improve performance, reliability, and user experience.
  • Detect, prevent, and respond to security incidents and abuse.
  • Communicate with you about updates, security notices, or support issues.
  • Comply with legal obligations and enforce our Terms of Service.

4. How We Share Information

We do not sell your personal information. We may share information as follows:

  • With Twilio: We send necessary data (such as phone numbers and message content) to Twilio so that Twilio can deliver SMS messages and provide delivery status back to us.
  • Service Providers: We may use trusted third-party vendors (for example, hosting providers, monitoring tools, or analytics services) that process data on our behalf under appropriate confidentiality and security agreements.
  • Legal and Compliance: We may disclose information if required by law or in good faith belief that such action is necessary to comply with legal obligations, protect our rights, or prevent fraud or abuse.
  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to appropriate safeguards.

5. Data Security

We take reasonable technical and organizational measures to protect information from unauthorized access, use, alteration, or destruction. These measures include:

  • Encryption of sensitive credentials (such as parent-account Auth Tokens) at rest.
  • Limited, role-based access to production systems.
  • Secure server configuration and ongoing monitoring.

However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain information for as long as it is reasonably necessary to provide the Services to you, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. This generally includes:

  • Account and configuration data retained while your account is active.
  • Message and delivery logs retained for a reasonable period to support reporting and troubleshooting.

We may anonymize or aggregate certain data for analytics and long-term service improvement.

7. Your Choices and Rights

Depending on your location, you may have certain rights regarding your personal information, such as the ability to access, update, or delete your data. Within your TextAll account, you may:

  • Update your account details and preferences through the dashboard (where available).
  • Disconnect or change your Twilio configuration at any time.
  • Use the in-dashboard “Delete All Data” option to permanently erase your stored campaigns, recipients, message logs, preferences, and Twilio credentials. This action is irreversible.
  • Contact us using the information below to request access, correction, or deletion of certain data, subject to applicable law.

8. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

9. International Users

Our infrastructure is primarily located in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries with different data protection laws than those in your jurisdiction.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If changes are material, we may provide additional notice (for example, via email or a banner in the dashboard). Your continued use of the Services after any changes become effective constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: