1. Introduction

TextMe (“we,” “us,” “our,” or the “Company”) operates the TextMe platform (the “Platform,” “Service”), a software-as-a-service application that enables digital content creators to manage fan conversations, sell pay-per-view digital content, and process payments through iMessage.

This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you use our Platform, visit our website, or otherwise interact with us. This Privacy Policy applies to all users of the Platform, including Creators, team members (Typers, Managers, Admins), and Fans/Buyers.

By using the Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, do not use the Platform.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Full name, email address, password (encrypted), profile photo/avatar, role and permissions.

Creator Profile Information: Creator/display name, username/handle, bio/description, WhatsApp number, social media links, subscription pricing, watermark preferences, avatar/profile images.

Content and Media: Photos, videos, and other digital media uploaded to the vault, content metadata, PPV pricing information, message templates.

Communication Data: Messages sent and received through the Platform (via TextMe API), message content, timestamps, read receipts, delivery status, fan phone numbers, conversation notes and tags, mass text messages.

Payment Information: Transaction amounts and currency, payment descriptions, transaction status and history, checkout URLs. We do NOT directly collect or store credit card numbers, bank account details, or other sensitive financial information — this is handled entirely by our private, PCI-compliant payment processor.

2.2 Information Collected Automatically

Usage and Analytics Data: Pages visited and features used, click patterns, time spent on the Platform, search queries, feature usage frequency.

Device and Technical Data: IP address, browser type and version, operating system, device type, screen resolution, language/locale settings, time zone.

Log Data: Server access logs, error logs, API request logs, authentication events, activity logs.

2.3 Information from Third Parties

We may receive information from: our private, PCI-compliant payment processor (payment processing), a third-party service provider that manages real iPhone devices for iMessage delivery (messaging infrastructure), and traffic sources (referring social platforms). TextMe does not directly manage or operate the iPhone devices used for iMessage delivery; this infrastructure is entirely managed by a third-party provider.

3. How We Use Your Information

• Providing and operating the Platform (account management, messaging, content delivery, team management)
• Payment processing (transactions, refunds, revenue reports, fraud detection)
• Analytics and reporting (revenue dashboards, team performance, traffic source analysis)
• Communication (notifications, billing alerts, service announcements, marketing with consent)
• Safety, security, and compliance (fraud detection, Terms enforcement, content moderation, audit logs)
• Platform improvement and development

4. How We Share Your Information

We do not sell your personal information to third parties. We share information with:

• Service Providers: a third-party iMessage service provider (messaging infrastructure), our private, PCI-compliant payment processor (payments), hosting/database providers
• Creator-Fan Sharing: Creators and team members can see fan phone numbers, messages, purchase history. Fans can see creator display names and messages.
• Within Your Organization: Based on role-based access (Super Admin, Admin, Manager, Typer)
• Legal Requirements: When required by law, subpoena, or court order
• Business Transfers: In case of merger, acquisition, or sale of assets

5. Data Retention

6. Data Security

• Encryption in transit (TLS 1.2+) and at rest
• Passwords hashed using bcrypt
• Secure JWT authentication tokens with expiry
• Role-based access control (RBAC)
• API authentication via bearer tokens, webhook HMAC verification
• Input validation using Zod schema validation
• Security headers via Helmet.js
• CORS restricted to authorized domains

7. Your Rights and Choices

• Access & Portability: Access your personal information, request portable copies (JSON/CSV)
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Restriction & Objection: Object to processing, opt out of marketing
• Withdrawal of Consent: Withdraw consent at any time

8. Cookies and Tracking

We use strictly necessary cookies (session, authentication, security), functional cookies (preferences), and analytics cookies (usage, performance). You can manage cookies through your browser settings.

9. U.S. State Privacy Rights (CCPA/CPRA)

California residents have additional rights: Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale/Sharing (we do not sell personal information), Right to Limit Use of Sensitive Information, and Right to Non-Discrimination.

10. European Economic Area (GDPR)

If located in the EEA or UK, GDPR applies. Legal bases include: performance of contract, legitimate interest, legal obligation, and consent. You have rights to lodge complaints, object to processing, restrict processing, and data portability.

11. Children's Privacy

The Platform is not intended for individuals under 18. We do not knowingly collect personal information from children under 18.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.

13. Contact Us

For questions about this Privacy Policy or our data practices, please contact us via the Platform support channels.