Overview

This Privacy Policy explains how TextTheCaller ("we", "us", "our") collects, uses, stores, shares, and protects personal information when you visit our website, create an account, subscribe to a plan, or otherwise use our service.

TextTheCaller is a service that automatically sends a text message to callers when you miss their call. Because the service involves phone numbers and messaging, some personal data is necessary for the platform to operate.

By using TextTheCaller, you acknowledge that your information will be handled in accordance with this Privacy Policy.

Information We Collect

Information you provide

When you create an account or use the service, you may provide:

Your name and email address
Your mobile phone number
Your business or company name
Your mobile network provider
Your text-back message content and preferences
Any other information you submit through forms, settings, or support requests

Information generated through the service

When someone calls your forwarded number and the service processes a missed call, we collect:

Caller phone numbers — processed to deliver the text message. Caller numbers are not stored in their original form. We store a masked version (with middle digits hidden) in service logs, and a one-way cryptographic hash (HMAC-SHA-256 with a server-side secret) used solely to prevent duplicate messages to the same caller and to check against your skip list.
Call event identifiers — unique references for each call, used to prevent duplicate messages and maintain accurate logs.
Message delivery records — including the message content sent, delivery status, and any errors.
Timestamps — when calls were received and messages were sent.

We only send text messages to UK mobile numbers. Calls from landlines, international numbers, withheld numbers, or anonymous callers are not processed and no caller data is stored for those calls.

To protect your usage, we limit messages to the same caller to once every seven days per account. This deduplication uses cryptographically hashed data (HMAC-SHA-256) and does not require us to store raw caller phone numbers.

Account and billing data

Your subscription plan, billing status, trial status, and renewal dates
Payment confirmations and invoice records
Partial payment metadata provided by our payment processor

We do not store your full payment card details. Card information is handled entirely by our third-party payment processor.

Technical data

When you access our website or platform, we may automatically collect your IP address, browser type, device information, operating system, referring pages, session activity, and cookie identifiers.

How We Use Your Information

We use your information to:

Create and manage your account
Provide the automated text-back service, including processing missed calls and sending text messages to callers
Manage your subscription, billing, and payments
Enforce usage limits and prevent duplicate messages
Detect and prevent fraud, abuse, spam, and misuse of the service
Provide customer support and respond to enquiries
Monitor service performance, diagnose issues, and improve the product
Comply with legal obligations and enforce our terms

Legal Bases for Processing

Where data protection law requires a legal basis, we rely on one or more of the following:

Contract — processing necessary to provide the service, maintain your account, and handle your subscription.
Legitimate interests — processing necessary for securing the platform, preventing abuse, improving the service, and enforcing our rights, where those interests are not overridden by your rights.
Legal obligation — processing necessary to comply with tax, accounting, fraud prevention, or regulatory requirements.
Consent — where required by law for specific activities. You may withdraw consent at any time, though this will not affect processing that took place before withdrawal.

Cookies

We use cookies and similar technologies to keep you signed in, maintain session integrity, remember preferences, and protect against abuse. Some cookies are essential for the service to function and cannot be disabled without affecting core functionality.

You can manage cookie preferences through your browser settings, though doing so may affect site functionality.

We do not sell your personal data.

We share personal data with third-party service providers who help us operate the service, including providers of cloud hosting, SMS delivery, payment processing, and security services. These providers may only use the data as necessary to perform services on our behalf.

We may also share information where required by law, regulation, court order, or lawful request from a public authority, or where necessary to investigate fraud, prevent harm, protect our rights, or enforce our agreements.

If TextTheCaller is involved in a merger, acquisition, or sale of assets, personal data may be disclosed to relevant parties as part of that process.

International Data Transfers

Your information may be processed and stored in countries other than where you are located, where our service providers operate. Where personal data is transferred internationally and local law requires safeguards, we take reasonable steps to ensure appropriate protections are in place.

Data Retention

We retain personal data for as long as reasonably necessary to provide the service, maintain your account, comply with legal obligations, resolve disputes, and prevent fraud.

Caller data in service logs (masked phone numbers and anonymised identifiers) is retained for operational and abuse-prevention purposes. Call event identifiers are retained to prevent duplicate messaging.

If you cancel your account, we may retain limited records for a period where necessary for billing, dispute resolution, legal compliance, or security purposes. Compliance review records, including records of extreme violations, may be retained for longer where required for regulatory, legal, or law enforcement purposes.

Security

We use reasonable administrative, technical, and organisational measures to protect personal data, including access controls, authentication protections, and secure infrastructure practices.

Caller phone numbers receive additional protection: they are masked before storage in logs and cryptographically hashed using HMAC-SHA-256 with a server-side secret for deduplication and skip list matching. Original caller numbers are not retained in our database. Even in the event of a database breach, stored hashes cannot be reversed without the server secret, which is stored separately from the database.

Contact import privacy

If you use the contact import feature to add numbers to your skip list, your phone numbers are processed entirely on your device. The import works as follows:

Your device's native contact picker presents a system-level interface where you choose which contacts to share — we cannot access contacts you do not select.
Selected phone numbers are hashed using SHA-256 on your device, then masked to hide middle digits. Only the hash and masked display value are sent to our server.
Our server applies an additional HMAC layer with a server-side secret before storing the hash. The raw phone number never leaves your device and is never transmitted to or seen by us.
We only request phone number data from the contact picker — no names, email addresses, or other contact information is accessed.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials.

Content Moderation and Account Suspension

We monitor text-back message content for potential abuse, spam, and violations of our Terms of Service and UK SMS regulations (including PECR). This involves multiple layers of review:

Automated filtering — messages are checked against a list of prohibited words, phrases, and patterns before they can be saved.
AI compliance review — an AI-assisted system analyses your message content, company name, and sender ID against UK SMS compliance rules. This check runs each time you save a text-back message.
Manual admin review — every saved text-back message is logged and queued for human review by our team, regardless of whether it passed automated checks.

What happens when a message fails review

If the AI compliance check determines that your message does not meet our guidelines (for example, it contains promotional language that is not permitted in service messages), the message will not be saved and you will be asked to revise it.

Extreme violations and account suspension

In cases where the AI compliance check identifies an extreme violation — such as impersonation of a government body, authority, or official entity; threatening, intimidating, or coercive language; phishing or scam patterns; or hate speech — the following actions are taken automatically:

SMS sending is paused — your account will no longer send text-back messages to missed callers until an admin has reviewed the violation.
Text-back editing is blocked — you will not be able to save or modify your text-back message while the review is pending.
Account deletion is temporarily restricted — to preserve evidence and allow for review, you will not be able to delete your account while a suspension is active. This restriction is necessary to comply with our legal obligations and protect the integrity of the platform.
An internal incident report is generated — our team receives a detailed notification including your account details, the message content that triggered the violation, the AI's assessment, your IP address, and timestamp information. This allows us to review the incident promptly and take appropriate action.

These measures are taken under our legitimate interest in preventing misuse of the platform, protecting recipients of text messages, complying with UK telecommunications regulations, and cooperating with law enforcement or regulators if required.

A suspended account will remain in this state until an admin has reviewed and resolved the violation. If the flag was made in error, the suspension will be lifted and full account functionality restored. If you believe your account has been suspended incorrectly, please contact us.

Data collected during moderation

When you save a text-back message, we record the following for compliance review purposes:

Your company name, sender ID, selected message preset, and the full rendered message
Whether the message passed or failed automated and AI checks, and any reason provided
The date and time the message was saved

In the event of an extreme violation, we additionally record:

Your IP address and browser user agent at the time of the incident
The identity of any admin who reviews or takes action on the violation

This data is retained for as long as necessary to fulfil our compliance, legal, and abuse-prevention obligations.

Your Rights

Depending on your location, you may have rights including:

Requesting access to the personal data we hold about you
Requesting correction of inaccurate information
Requesting deletion of your information
Restricting or objecting to certain processing
Requesting portability of certain data
Withdrawing consent where processing is based on consent

These rights may be subject to legal exceptions. In particular, the right to deletion may be temporarily restricted where your account is under review for an extreme content violation, as described in the Content Moderation and Account Suspension section above. To exercise a privacy right, contact us using the details below. We may need to verify your identity before responding.

If you are in a jurisdiction with a data protection regulator, you may also have the right to lodge a complaint with them.

Children

TextTheCaller is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected information from a child, we will take steps to delete it.

Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for their privacy practices and your use of them is subject to their own terms and policies.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the policy on our website and, where appropriate, notify you by email. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or a privacy-related request, contact us at [email protected].

TextTheCaller Privacy Policy