Homechevron_rightPrivacy Policy
lockLegal

Privacy Policy

We respect your privacy. This policy explains what data DopeSMS collects, why we collect it, and what choices you have. We don’t sell your data — ever.

Last updated: 

1

Information We Collect

We collect only what we need to operate DopeSMS and prevent abuse. The information we collect falls into three categories:

a. Account information

  • Email address (used for login and transactional notifications).
  • Display name (optional, shown in your dashboard).
  • Authentication data managed by Supabase Auth (hashed password, session tokens).

b. Payment data

  • Wallet top-up history (amount, method, status, reference).
  • Paystack transaction references. We do not see or store your full card or bank details — these are handled directly by Paystack under their own privacy policy.
  • Manual bank transfer receipts and the message you send us when funding via transfer.

c. Usage data

  • Order and subscription history (service, country, timestamp, price, status, SMS received).
  • IP address and approximate geolocation.
  • Device, browser type, and operating system.
  • Pages visited, features used, and error logs.
  • API key (a hashed token) if you generate one for programmatic access.
2

How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the Service.
  • Authenticate you, manage your account, and process wallet transactions.
  • Deliver SMS to the numbers you purchase and forward SMS contents to your dashboard.
  • Detect, prevent, and address fraud, abuse, and security incidents.
  • Send you essential service notices (payment receipts, order updates, security alerts).
  • Respond to your support requests and other communications.
  • Comply with legal obligations and respond to lawful requests.
info
We do not use your data for advertising or marketing third-party products. The only marketing we may send is transactional information about your own DopeSMS account.
3

Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the limited circumstances below:

  • Service providers.We share data with vendors that help us run DopeSMS — Supabase (database and auth), Paystack (payments), and our hosting infrastructure (Railway / Fly.io). Each vendor is contractually required to protect your data.
  • Upstream SMS providers. When you purchase a number, we send the service, country, and number type to our upstream telephony partners so they can provision a number for you.
  • Legal compliance. If we receive a valid subpoena, court order, or other legal process, we may be required to disclose information. We will challenge overbroad requests where possible.
  • Safety. If we believe in good faith that disclosure is necessary to prevent harm to a person, to enforce our Terms, or to prevent illegal activity.
  • Business transfers. If DopeSMS is acquired or merged, user data may be transferred to the successor entity. You will be notified before your data becomes subject to a different privacy policy.
4

Data Security

We take the security of your data seriously. Our safeguards include:

  • TLS encryption in transit for all data exchanged with DopeSMS.
  • Encrypted-at-rest storage in our managed PostgreSQL database.
  • Row-level security policies enforced in Supabase to ensure users can only access their own data.
  • Hashed passwords (handled entirely by Supabase Auth — we never see plaintext passwords).
  • API keys are stored as one-way hashes and only displayed in full once at creation time.
  • Access to production systems is restricted to a small number of authorized personnel under least-privilege principles.

No system is 100% secure. If we ever discover a security incident affecting your data, we will notify you and relevant authorities in line with the Nigerian Data Protection Regulation (NDPR).

5

Data Retention

We retain your data only as long as necessary to provide the Service and meet our legal obligations. Specifically:

  • Account data: kept while your account is active. Deleted within 30 days of account closure, except where retention is required for accounting or legal purposes.
  • Transaction history: retained for a minimum of 7 years to comply with Nigerian tax and anti-money laundering regulations.
  • Order & SMS history: retained for at least 90 days after the order completes, after which it may be anonymized or deleted.
  • Server logs: typically retained for 30 days and then aggregated or deleted.
6

Your Rights

You have the following rights regarding your personal data. To exercise any of them, contact us using the details in the Contact section below.

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Update or correct inaccurate data from your account settings or by contacting support.
  • Deletion. Request that we delete your personal data, subject to our legal retention obligations (see above).
  • Portability. Request a machine-readable export of your data.
  • Objection & restriction. Object to certain processing or ask us to restrict processing while we investigate a concern.
  • Withdraw consent. Where we rely on your consent, you can withdraw it at any time.
info
We respond to verified requests within 30 days. We may need to confirm your identity before acting on a request to prevent unauthorized access.
7

Cookies & Tracking

DopeSMS uses a minimal set of cookies and similar technologies:

  • Essential cookies. Session and authentication cookies that allow you to stay logged in and use the dashboard. These cannot be disabled.
  • Preference cookies. Store UI preferences such as dark mode and locale.
  • Analytics. We may use privacy-respecting analytics (e.g., Plausible) to understand aggregate usage patterns. We do not use this data to identify individual users.

We do not use third-party advertising cookies, and we do not allow third parties to set tracking cookies on dopesms.com.

8

Third-Party Services

DopeSMS relies on a small set of carefully chosen third-party services. Each operates under its own privacy policy:

credit_cardPaystack
Payment processing & card storage
databaseSupabase
Authentication & database hosting
cloudRailway / Fly.io
Application hosting & infrastructure
smsUpstream Providers
Telephony & SMS number provisioning

We recommend reviewing the privacy policies of these providers to understand how they handle your data.

9

Children's Privacy

DopeSMS is not directed to children under the age of 18, and we do not knowingly collect personal data from anyone under 18. If we learn that we have inadvertently collected data from a child under 18, we will delete it as soon as possible.

If you believe a child under 18 has created an account on DopeSMS, please contact us at the address below so we can take action.

10

Changes to This Policy

We may revise this Privacy Policy from time to time. When we do, we will:

  • Update the “Last updated” date at the top of this page.
  • Notify active account holders of material changes via email or in-app notification at least 14 days before the changes take effect.

We encourage you to review this policy periodically. If you disagree with any change, you may close your account before the change takes effect.

11

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

mailEmail
privacy@dopesms.com
scheduleResponse time
Within 7 business days
location_onOperating entity
DopeSMS Technologies
publicJurisdiction
Federal Republic of Nigeria
arrow_backRead our Terms & ConditionshomeBack to home