1. Scope
This Privacy Policy applies to the 2nd Line mobile application, backend services, support channels, admin tools, virtual phone number features, SMS, calls, token purchases, subscriptions and one-time verification number features.
2. Information we collect
We may collect account identifiers, Firebase Authentication user ID, email address, display name, sign-in provider, verified phone number status, account creation time, last sign-in time and authentication metadata.
When you use telecom features, we may process assigned virtual numbers, destination numbers, sender and recipient routing data, call timestamps, call duration, call status, message timestamps, delivery status, carrier or provider error codes, country, region, number type, one-time code activation records, provider transaction IDs, token charges, cancellation records, refund records and abuse-risk signals.
When you contact support, we may collect your name, email address, account identifier, support message, request topic, related timestamps and limited technical data needed to investigate the request.
3. Payments and subscriptions
Purchases may be processed through Google Play, RevenueCat and related store infrastructure. We do not store full payment card numbers. We may receive purchase identifiers, product IDs, subscription status, entitlement status, transaction timestamps and validation results.
4. Analytics and crash reporting
We may use Firebase Analytics and Firebase Crashlytics to understand app stability, crashes, active usage and feature performance. Crash and analytics data may include device model, operating system version, app version, session timing, crash stack traces and non-sensitive event metadata.
5. How we use information
We use information to provide the service, authenticate users, deliver numbers, SMS, calls and code sessions, process purchases, prevent fraud, enforce policies, respond to support requests, protect users, comply with law and improve service reliability.
6. Service providers
We may share necessary data with service providers such as Firebase, Google Play, RevenueCat, telecom providers, SMS/code providers, analytics providers, hosting providers and email/support infrastructure. Provider API keys must remain on backend systems and must not be embedded in the mobile client.
7. Retention
Account-visible data may be deleted or disabled after account deletion. Certain records may be retained for fraud prevention, telecom compliance, payment disputes, chargebacks, provider reconciliation, abuse investigations, tax/accounting obligations or lawful requests. Retained records are used only for those purposes.
8. Account deletion
You may request account deletion inside the app from Account > Delete account. If you cannot access the app, use the support form at /support. Deletion removes app account access and app-visible account data, subject to retention obligations described above.
9. Security
We use reasonable technical and organizational safeguards to protect account and telecom records. No online service can guarantee absolute security, but we limit access to sensitive data and keep provider credentials out of the mobile application.
10. Your choices
You may request support, account deletion or privacy assistance through the support page. Depending on your region, you may have rights to access, delete, correct or restrict certain personal data.
11. Contact
For privacy, account deletion or support requests, use the support page.