Privacy Policy

This Privacy Policy explains how Burna SMS ("we", "us") processes information when you use the Burna SMS mobile application and related web resources. We designed Burna SMS to minimize the personal data we hold. We update this page when practices change. Last updated: 9 Aug 2025.

This policy is written to satisfy Apple App Store submission, Stripe payment processing disclosures, and general modern privacy expectations. We do not claim formal GDPR/CCPA compliance; however, the controls described align with their principles.

1. Summary

Core points at a glance:

No sale of personal data. Ever.
No ad networks or third‑party analytics SDKs.
Account data stored in Supabase (managed Postgres) in the region your project is hosted.
Ephemeral SMS content retained only long enough to deliver to the requesting user.
Stripe handles all card data; we receive only non‑sensitive payment metadata.

2. Data We Process

3. Lawful Bases / Legitimate Interests

We rely on contract necessity (providing the service you request) and legitimate interest (platform security, fraud mitigation). Where a provider supplies an email (Google / Apple), it is needed to associate a wallet and authenticate ownership.

4. Cookies & Local Storage

Primary product functionality occurs inside the mobile app. The marketing site stores minimal first‑party preferences only (e.g., dark mode in future). No cross‑site tracking or third‑party advertising cookies.

5. Retention

SMS message fragments are purged shortly after display or rental expiry. Wallet and transaction records are retained for as long as required for accounting and fraud audit (typically 5–7 years in aggregate form). Account deletion requests trigger logical deletion/anonymization processes.

6. Security

Data is stored in Supabase Postgres with row‑level security policies restricting access to the authenticated owner. Secrets are never stored client‑side beyond session tokens managed by the Supabase SDK. We employ server‑side RPC functions for wallet debits to avoid client tampering.

7. Payments

Stripe processes all card information. We do not store full card numbers, CVV, or raw bank details. We retain Stripe customer IDs and payment intent identifiers to reconcile wallet credits and detect charge anomalies.

8. Your Choices & Controls

Access / Export: Request a machine‑readable export of profile + rental history by emailing privacy@burnasms.com.
Deletion: Email support to request account removal; we queue anonymization of associated historical records not required for financial integrity.
Opt‑Out of Marketing: We do not send promotional email; transactional notices only.

9. Children

The service is not directed to individuals under 16. We do not knowingly collect such data. Contact us if you believe an ineligible minor is using the platform.

10. Changes

Material changes will update the "Last updated" date. Continued use constitutes acceptance of revisions.

11. Contact

Questions or requests: privacy@burnasms.com or support@burnasms.com.

Burna SMS is a utility for ephemeral verification flows. Misuse for fraud or unauthorized account access is prohibited and may be escalated to relevant platforms or authorities consistent with legal requirements.