Privacy Policy

SoftwareDevTeam ("we," "us," or "our") operates the MySMS mobile application (the "App").

We believe that your private conversations are exactly that—private. We operate under a strict Privacy by Design and Local-First philosophy. Unlike many modern communication platforms, we do not upload, sync, or store your SMS messages, contacts, or biometric data on our servers.

This Privacy Policy explains how our App interacts with the data on your device and complies with global privacy regulations including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the General Personal Data Protection Law (LGPD - Brazil), and the Personal Information Protection and Electronic Documents Act (PIPEDA - Canada).

1. Data Collection and Usage

To function as your Default SMS Handler, the App requires access to specific sensitive data on your device. All processing happens locally on your hardware.

1.1 SMS and MMS Messages

• Permissions Requested: READ_SMS, SEND_SMS, RECEIVE_SMS, RECEIVE_MMS.
• Purpose: To enable the core functionality: sending, receiving, and organizing your text and multimedia messages.
• Processing: Features such as "OTP Auto-Copy," "Search," and "Spam Blocking" parse your messages locally. No message content is ever transmitted to us or any third party.

1.2 Contacts and Address Book

• Permissions Requested: READ_CONTACTS.
• Purpose: To map raw phone numbers to contact names and display profile avatars within the App.
• Storage: We query the Android Contacts Provider in real-time. Your address book is not copied or uploaded.

1.3 Device and Cellular State

• Permissions Requested: READ_PHONE_STATE.
• Purpose: Required to detect active SIM cards (Subscription IDs) for our "Smart Dual SIM" routing feature, ensuring replies use the correct carrier network.

1.4 Biometric Data

• Purpose: Used exclusively for the "Biometric App Lock" feature.
• Storage: The App uses the Android System Biometric API. We do not access your fingerprint or facial geometry data. We only receive a cryptographic "Pass/Fail" token from your operating system.

1.5 Financial Data (In-App Purchases)

• Purpose: To process voluntary developer support tips.
• Processing: Handled securely by Google Play Billing. We do not collect or store your credit card or banking information.

2. Legal Basis for Processing

Because our App processes data locally, the traditional concepts of "Data Controllers" and "Data Processors" are handled directly by you (the user) and your device operating system. However, for transparency, our legal bases for requesting these device permissions are:

2.1 Under GDPR (Europe / Greece) & UK-GDPR

• Performance of a Contract: Requesting SMS and Contact permissions is strictly necessary to deliver the messaging functionality you requested by installing the App.
• Legitimate Interests: Local processing is utilized to prevent spam and organize messages effectively.

2.2 Under CCPA / CPRA (California, USA)

• Categories of Personal Information Collected: Identifiers (Contact names), Commercial Information (Google Play transaction history).
• Sale of Data: We do not sell or share your personal information. Therefore, no "Do Not Sell My Info" opt-out is required.

3. Data Sharing and Third Parties

We do not sell, trade, rent, or transmit your personal identification information to others.

The App relies on the following third-party infrastructure for stability and distribution:

• Google Play Services: Required for secure In-App Billing.
• Google Play Console: We receive anonymous, aggregated data regarding crash reports (ANRs) and device installation metrics. This data contains no message content or personal identifiers.

4. Data Retention & Deletion

Because data is stored locally, retention is entirely under your control.

• SMS/MMS: Retained on your device's internal storage until you delete them manually or via our "Auto-Delete" feature.
• Auto-Delete: If enabled by you in Settings, the App will automatically issue deletion commands to the Android OS for messages older than your specified timeframe (e.g., 90 days). This action is permanent.
• App Settings: Local preferences (Themes, Pinned Chats, Blocklists) are retained until you clear the App's data via Android Settings or uninstall the App.

5. Security Measures

We implement strict security measures to protect your local data:

• Android Sandbox: The App operates within the secure Android application sandbox, preventing unauthorized third-party apps from reading its internal cache (Notes, Blocklists).
• App Lock: We provide an optional Biometric security layer to prevent unauthorized physical access to the App if your device is left unlocked.
• No Transit Risks: Because we do not use cloud synchronization, there is zero risk of a remote server data breach exposing your private conversations.

6. Your Privacy Rights

Depending on your jurisdiction (e.g., GDPR, CCPA, LGPD, PIPEDA), you have specific rights regarding your data. Since all data is local, you can exercise these rights directly within the App or your device OS:

• Right to Access: You can view all your processed data by opening the App.
• Right to Rectification: You can update contact information via your device's native Contacts app, and MySMS will reflect the changes instantly.
• Right to Erasure (Right to be Forgotten): You can delete specific messages, conversations, or completely uninstall the App to remove all local metadata.
• Right to Restrict Processing: You may revoke the SMS or Contacts permissions in your Android Settings at any time, though this will render the App non-functional.

7. Children's Privacy (COPPA compliance)

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children. Because the App interfaces with standard telephony services, it is intended for the registered owner of the device's SIM card. If you are a parent and aware that your child has provided us with data (e.g., via a support email), please contact us.

8. Contact Us

If you have any questions about this Privacy Policy, your rights, or our data practices, please contact our Data Protection Officer (DPO):