@fluxStyles
Taratxt

Privacy Policy

Last updated: April 17, 2026

Taratxt ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use the Taratxt platform - a personal and small-business SMS gateway service that enables SMS delivery via your own registered SIM card using either our Taratxt Gateway Android Application or an Arduino-based gateway device.

1. Information We Collect

We collect only the information necessary to provide and operate the Taratxt service:

  • Account Information: When you register, we collect your name, email address, and a hashed password. We do not store plaintext passwords.
  • Android Application Information: The Taratxt Gateway Android Application acts as a bridge between your physical SIM card and the Taratxt MQTT broker. To perform this service, the app requires access to read and send SMS messages on your behalf.
  • Device Information: Details about your registered gateway devices (e.g., device name, project grouping, connection status). We do not collect information about the physical SIM card itself - the SIM remains under your sole custody and ownership.
  • Message Metadata: We store message records including recipient mobile number, message content, delivery status (Pending, Sending, Sent, Failed), and timestamps. This is required for queue management, retry logic, and your dashboard tracking.
  • API Usage Logs: API call timestamps and request metadata for rate limiting and abuse detection. We do not log full request bodies beyond what is necessary for message routing.
  • Webhook Endpoints: URLs you configure for event delivery. These are stored securely and used only to fulfill your configured event triggers.

2. Message Content & Payloads

Your SMS message content is stored transiently as part of the delivery queue. We retain message records for a period determined by your plan tier (7–30 days), after which they are automatically purged.

We do not sell, share, or inspect the content of your messages for any commercial, advertising, or third-party purposes beyond what is strictly required for operational delivery and compliance with Philippine law. The Taratxt Gateway Android Application does not share, sell, or provide your SMS content, contact lists, or call logs to third parties for marketing or advertising purposes.

As the account holder, you are solely responsible for the content of messages sent through your gateway device. You must ensure all recipients have given appropriate consent to receive SMS from you.

3. SIM Card, Device Data & App Permissions

Taratxt does not have access to, nor does it store, any data directly tied to your physical SIM card (e.g., IMSI, ICCID). Your SIM remains in your own device, in your own custody.

For users using the Taratxt Gateway Android Application, the following explicit permissions are required:

  • READ_SMS and RECEIVE_SMS: Used to detect incoming messages on your device and forward them to your configured webhook endpoints.
  • SEND_SMS: Used to deliver outgoing messages initiated via the Taratxt API through your SIM card.
  • READ_PHONE_STATE: Used to detect and manage dual-SIM slots, allowing you to select which SIM is used for sending.

In compliance with the Philippine SIM Registration Act (RA 11934), you are required to use a SIM card that is registered in your own name with your telecommunications provider. Taratxt does not verify SIM registration on your behalf - this remains your legal responsibility.

4. AI Integration (MCP)

Any AI agent interactions conducted via the Taratxt Model Context Protocol (MCP) server are strictly scoped to the capabilities you explicitly enable through your assigned API tokens.

We do not use your message history, device topology, or interaction logs to train AI models. MCP session data is not retained beyond the scope of your active API session unless you have explicitly configured persistent logging.

You are responsible for the actions of any AI agent you authorize to interact with your Taratxt account. Granting unrestricted MCP credentials to unsandboxed environments is at your own risk.

5. How We Use Your Information

We use the information collected solely to:

  • Authenticate and manage your account securely.
  • Route, queue, and retry your SMS messages via your connected gateway device.
  • Deliver webhook events to your configured endpoints.
  • Monitor service health, enforce rate limits, and detect abuse.
  • Comply with applicable Philippine laws and regulations, including RA 11934 and RA 10175.
  • Send you transactional account communications (e.g., password resets, plan changes). We do not send marketing emails without your explicit consent.

6. Data Sharing & Disclosure

We do not sell or rent your personal information to third parties. We may share information only in the following limited circumstances:

  • Service Providers: With trusted infrastructure providers (hosting, database, email) who process data on our behalf under strict confidentiality obligations.
  • Legal Compliance: When required by Philippine law, court order, or a lawful request from government authorities (e.g., NTC, NBI, or PNP) pursuant to RA 11934, RA 10175, or other applicable legislation.
  • Account Safety: To investigate suspected abuse, fraud, or violations of our Terms of Service.

7. Data Security

Your authentication credentials, Personal Access Tokens, and sensitive configuration data are encrypted at rest using industry-standard encryption. All data in transit is protected via HTTPS/TLS.

While we implement reasonable security measures, no system is completely immune to breaches. You are responsible for keeping your API keys, account credentials, and gateway device credentials secure. Do not share these with untrusted parties.

8. Data Retention & Deletion

Message records are retained for the duration specified by your active plan (7 days for Free, 15 days for Developer, 30 days for Business) and then automatically deleted.

Account data is retained for as long as your account is active. If you delete your account, your personal data and message history will be permanently removed within 30 days, except where retention is required by law.

If you uninstall or delete the Taratxt Gateway Android Application, any local transaction logs stored on the device are immediately removed. However, your account data and any message records currently in the delivery queue remain on our servers until you request account deletion via the Taratxt dashboard.

9. Your Rights

You have the right to access, correct, or request deletion of your personal data at any time by contacting us or through your account settings. You may also export your data or deactivate your account at any time.

For privacy-related concerns or data requests, contact us at privacy@taratxt.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the platform. Continued use of Taratxt after changes constitutes your acceptance of the revised policy.