Privacy Policy for SMS Forwarder

1. Introduction

This Privacy Policy explains how SMS Forwarder ("we," "our," or "the App") collects, uses, stores, and protects information when you use our Android application.

By using SMS Forwarder, you agree to the collection and use of information in accordance with this policy.

We designed the App to forward SMS messages based on rules you configure. Depending on the features you enable, the App may use your device, your email account, and certain third-party services to perform its functions.

2. Information We Collect

2.1 SMS Messages

• What we collect: SMS content, sender information, timestamp, message ID, and SIM-related information for incoming messages
• Why we collect it: To enable the core functionality of forwarding messages based on your configured rules
• How we use it: Messages are processed locally on your device to determine whether they match your forwarding rules
• Storage: SMS content is not stored on our servers. Any temporary processing happens on-device unless you choose to forward a message to an external destination

2.2 Contact Information

• What we collect: Contact names and phone numbers from your device's address book, if you choose to use contact-based rules
• Why we collect it: To allow you to select specific contacts for rule-based SMS forwarding
• How we use it: Contacts are accessed only for rule configuration and are not transmitted to external servers unless needed for a feature you explicitly enable

2.3 Phone State and Device Information

• What we collect: Dual SIM card information, roaming status, device phone state, Android version, device model, and app version
• Why we collect it: To detect which SIM card received a message, apply roaming-based rules, and support app functionality and troubleshooting
• How we use it: This information is used locally to execute forwarding rules appropriately and to support crash reporting and app diagnostics where enabled

2.4 Email Addresses, Google Account Data, and Forwarding Destinations

• What we collect: Email addresses, destination phone numbers, and configuration data you provide for forwarding
• Why we collect it: To forward SMS messages to your specified destinations
• How we use it: Used exclusively for sending forwarded messages and stored locally on your device, unless required by a third-party service you choose to use

2.5 Forwarding History and Logs

• What we collect: Timestamps, sender information, message previews, delivery status, and rule identifiers
• Why we collect it: To provide activity logs, statistics, and failed forwarding retry functionality
• Retention period:
  • Free users: 7 days, maximum 50 logs
  • Premium users: 90 days, unlimited logs
• How we use it: Stored locally on your device for reference, troubleshooting, and user visibility

2.6 App Usage and Preferences

• What we collect: Your app settings, rule configurations, theme preferences, and notification settings
• Why we collect it: To maintain your personalized app experience and preferences
• How we use it: Stored locally on your device

2.7 Backup Data

• What we collect: When you use the backup feature, SMS Forwarder creates a local backup file containing your rule configurations and app settings
• Why we collect it: To allow you to restore your settings and rules on the same device or transfer them to another device
• How we use it: The backup file is stored locally on your device's storage (typically in the Downloads folder or location you select). Backup files are in JSON format and remain on your device—they are never transmitted to our servers or any third party unless you intentionally share them

2.8 Purchase Verification Data

• What we collect: When you make an in-app purchase (Premium subscription), we collect purchase tokens provided by Google Play
• Information transmitted to our server:
  • Purchase token (unique identifier from Google Play)
  • Product ID (subscription type identifier)
  • Package name (app identifier)
• Why we collect it: To verify your purchase with Google Play's servers and prevent unauthorized access to premium features
• How we use it: This information is sent to our secure verification server for real-time validation only. We do not store purchase tokens permanently, and no personally identifiable information is collected during this process

2.9 Google Account Access Data (Gmail API)

• What we collect: If you enable email forwarding using Gmail, we request authorization to send email on your behalf through your Google account (specifically requesting the https://www.googleapis.com/auth/gmail.send scope).
• OAuth Token Storage: OAuth authentication tokens required to access the Gmail API are stored securely on your local device and are never transmitted to our servers.
• Why we collect it: To send forwarded SMS messages to the email address or destination you choose
• How we use it: The App uses the minimum Google authorization required to send email. We do not use Google account access for unrelated purposes
• What we do not do:
  • We do not read your Gmail inbox
  • We do not access your Gmail drafts, contacts, or message history
  • We do not use Google account data for advertising, profiling, or analytics
  • We do not sell or transfer Google user data to third parties

3. How We Use Your Information

We use the collected information for the following purposes:

• SMS Forwarding: Processing and forwarding SMS messages based on your configured rules
• Rule Filtering: Applying filters such as source conditions, text patterns, regular expressions, message length, and time schedules to determine which messages to forward
• Activity Logging: Maintaining forwarding history with delivery status for your reference
• Statistics: Providing dashboard metrics such as total forwarded, success rate, and failed count
• App Functionality: Executing dual SIM detection, roaming control, and message template customization
• Backup & Restore: Creating local backup files for your rule configurations and settings
• Purchase Validation: Verifying premium subscriptions with Google Play to enable premium features
• Crash Reporting: Collecting anonymous crash data to identify and fix bugs
• Purpose Limitation: We use your information only to provide SMS forwarding, related configuration features, purchase validation, support, and app maintenance. We do not use your data for advertising, cross-app tracking, profiling, or unrelated purposes

4. Data Storage and Security

4.1 Local Storage

Rule configurations, app settings, logs, and OAuth authentication tokens required to access the Gmail API are stored securely in your device's local storage using Android storage mechanisms. Tokens are never transmitted to our servers. You can delete this data by uninstalling the app, clearing app data, or removing it from within the app where supported.

4.2 Backup File Security

Backup files created by the app contain your rule configurations and settings. These files are stored in JSON format on your device. We recommend:

• Storing backup files in a secure location
• Not sharing backup files with untrusted parties
• Deleting backup files when no longer needed
• Being aware that backup files may be readable by anyone with access to your device storage

4.3 Network Communications

The app makes network requests only for the following purposes:

• Email forwarding: Via Gmail API when you explicitly enable Gmail-based forwarding
• Purchase verification: Validating premium subscriptions with our secure server
• Crash reporting: Sending anonymous crash data to Firebase Crashlytics

All network communications use industry-standard HTTPS encryption or other secure protocols provided by the relevant service.

4.4 Security Measures

• The app requests only the permissions necessary for its core functionality
• SMS forwarding uses your device's standard Android SMS capabilities
• Email forwarding via Gmail uses Google's authorization and security infrastructure
• Purchase verification uses encrypted HTTPS connections
• Crash reporting is anonymous and does not intentionally include SMS content, contact data, or Google account data
• We do not integrate behavioral advertising SDKs into the app

5. Third-Party Services

5.1 Google Play Billing

SMS Forwarder uses Google Play's In-App Billing service for premium subscriptions. Google Play may collect payment information and purchase history according to Google's Privacy Policy. We do not have access to your payment card details or banking information.

Google Play Privacy Policy: https://policies.google.com/privacy

5.2 Purchase Verification Server

We operate a secure verification server to validate in-app purchases with Google Play's servers. This server:

• Validates purchase tokens with Google Play in real time
• Does not store any personally identifiable information
• Does not access or store SMS content
• Does not retain purchase tokens permanently
• Uses HTTPS encryption for all communications
• Only processes purchase verification requests

5.3 Firebase Crashlytics

We use Firebase Crashlytics to automatically collect crash reports when the app encounters errors. This helps us improve app stability and fix bugs.

Information Collected by Crashlytics:

• Device information: Device model and manufacturer
• Operating system: Android version
• App version: Version of SMS Forwarder installed
• Crash data: Technical stack traces and error logs
• Timestamp: Date and time when crashes occurred

What Crashlytics Does Not Collect Intentionally:

• No user IDs or account identifiers
• No SMS message content
• No contact information
• No email addresses or phone numbers
• No behavioral advertising data

Firebase Privacy Policy: https://firebase.google.com/support/privacy

5.4 Gmail API (Optional)

If you configure email forwarding, the app uses Gmail API to send emails on your behalf. Your Gmail account is used only for the forwarding functionality you explicitly configure. We do not store your Gmail credentials, and we do not use Gmail access for any purpose other than sending the forwarded message.

5.5 Google APIs User Data Policy

SMS Forwarder's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We request only the minimum access necessary to send email forwarding messages, and we do not use Google user data for advertising, profiling, or unauthorized sharing.

5.6 No Analytics or Advertising

• We do not integrate third-party advertising networks
• We do not use your personal data for advertising or profiling
• We do not sell or rent user data
• We do not intentionally track your behavior across other apps or websites

6. Data Sharing and Third-Party Disclosure

6.1 We Do Not Share Your Data for Advertising

6.2 User-Initiated Forwarding

• When you configure SMS forwarding to email addresses or phone numbers, messages are sent to those destinations as per your explicit instructions
• Email forwarding uses Gmail API when you choose to enable Gmail-based forwarding
• SMS forwarding uses your mobile carrier's SMS infrastructure

6.3 Automated Data Transmission

• Purchase verification: Purchase tokens are transmitted to our server and Google Play for validation
• Crash reports: Anonymous crash data is sent to Firebase Crashlytics
• Email forwarding: Forwarded email content is transmitted through Google’s systems when you enable Gmail-based sending

6.4 Legal and Safety Disclosures

We may disclose information if required by law, legal process, or to protect the rights, safety, or security of users, the App, or others. Any such disclosure will be limited to what is reasonably necessary.

7. Your Data Rights and Controls

You have complete control over your data to the extent supported by the app and your device settings:

7.1 Access and Modification

• Access all your rules, logs, and settings within the app at any time
• Modify or delete rules whenever you choose
• View all activity logs in the Activity Log screen

7.2 Data Deletion

• Delete individual logs: Tap on any log entry and select delete
• Clear all logs: Use the app's settings or data management options where available
• Delete app data: Uninstalling the app removes locally stored app data from your device
• Delete backup files: Manually delete backup files from your device storage

7.3 Data Export

• Export rules: Use the backup feature to export your rule configurations
• Backup format: Backup files are in JSON format and can be restored anytime
• Transfer data: Backup files can be manually transferred between devices

7.4 Purchase Data

• Purchase verification data is temporary and not stored permanently on our servers
• Your Google Play purchase history is managed by Google and can be accessed through Google Play
• You can request purchase information from Google Play

7.5 Crash Data

• Crash data is used for debugging and app improvement
• No intentionally collected personally identifiable information is included in crash reports
• Crash data retention is controlled by Firebase and its service settings

7.6 Permission Management

• You can revoke app permissions at any time through your device's Settings → Apps → SMS Forwarder → Permissions
• Note: Revoking essential permissions (SMS, Contacts, Phone, or Network access where relevant) will limit app functionality

7.7 Google Account Access Control

• You can revoke Google account access at any time via your Google Account settings
• Revoking access will immediately stop email forwarding via Gmail
• You can use the app without Gmail-based forwarding if that feature is disabled

8. Data Retention

Data Type	Storage Location	Retention Period
SMS Content	Not retained by our servers	Processed in real time only unless forwarded per your instructions
Rule Configurations	Device local storage	Until deleted or app uninstalled
App Settings	Device local storage	Until app uninstalled or data is cleared
Forwarding Logs (Free)	Device local storage	7 days (auto-deleted)
Forwarding Logs (Premium)	Device local storage	90 days (auto-deleted)
Backup Files	Device local/external storage	Until manually deleted by user
Purchase Verification	Our server (temporary)	Not stored permanently
Crash Reports	Firebase Crashlytics	According to Firebase retention and service settings
Google Account Access	Google authorization session	Until you revoke access or the session expires

9. Children's Privacy

SMS Forwarder is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information where applicable.

10. Permissions Explained

SMS Forwarder requires the following Android permissions:

Permission	Purpose	Required
READ_SMS	Read incoming SMS messages to apply forwarding rules	Yes
SEND_SMS	Forward SMS messages to specified phone numbers	Yes (if using SMS forwarding)
READ_CONTACTS	Access contacts for rule configuration	Yes (for contact-based rules)
READ_PHONE_STATE	Detect dual SIM, roaming status, and phone state	Yes
INTERNET	Send email forwards, verify purchases, and send crash reports	Yes
REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	Ensure app runs reliably in background for SMS monitoring	Recommended
RECEIVE_BOOT_COMPLETED	Automatically start monitoring after device reboot	Recommended

Some permissions are required only if you use the corresponding feature. For example, Gmail-related permissions are used only if you enable email forwarding through your Google account.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying an in-app notification upon your next app launch, where practical

We encourage you to review this Privacy Policy periodically. Continued use of the app after changes constitutes acceptance of the updated policy.

12. International Users and Data Transfers

SMS Forwarder stores most app data locally on your device. Data may be transmitted internationally in the following scenarios:

• Email forwarding: Your messages may be transmitted through Google’s systems and email infrastructure that could be located in different countries
• Purchase verification: Purchase tokens are sent to our server and Google Play servers for validation
• Crash reporting: Anonymous crash data is sent to Firebase servers, which may be located in different countries

We recommend reviewing Google's, Firebase's, and your email provider's privacy policies for information about international data transfers.

13. Compliance with Laws

We intend to comply with applicable data protection and privacy laws, which may include:

• GDPR: General Data Protection Regulation for users in the European Economic Area
• CCPA: California Consumer Privacy Act for users in California
• IT Act, 2000: Information Technology Act for users in India
• Other applicable regional privacy regulations

GDPR Basis for Processing: Where GDPR applies, processing is based on your consent, performance of a contract, legitimate interest, or another applicable lawful basis depending on the feature and context.

14. Your Consent

By using SMS Forwarder, you consent to:

• The collection and use of SMS content solely for forwarding as per your rules
• Local storage of your rule configurations and activity logs
• Network transmission when forwarding SMS via email, if you enable that feature
• Creating and managing backup files on your device storage
• Verification of in-app purchases with our secure server and Google Play
• Anonymous crash reporting via Firebase Crashlytics for app improvement
• SMS forwarding charges from your mobile carrier when using SMS forwarding
• Google account authorization when you choose to send emails through Gmail

You may withdraw consent for optional features at any time by disabling the relevant feature or revoking access in your device or Google account settings.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data deletion requests, permission inquiries, or privacy concerns, please email us with "Privacy Request" in the subject line.