simsendly
Privacy Policy
Back to home
Legal

Privacy Policy

We believe in plain-language privacy. This policy explains exactly what data we collect, why we collect it, and how you can control it.

Effective April 24, 2026

Overview

Short version:Simsendly collects the minimum data needed to operate your SMS gateway. We do not sell your data, your contacts' data, or your message content to third parties. Your messages pass through your own SIM cards — we only store metadata (timestamps, delivery status) required to run the service.

Simsendly, Inc. ("Simsendly", "we", "us", or "our") operates the Simsendly platform — a carrier-native SMS gateway service that allows GoHighLevel agencies to send and receive messages through their own Android devices and SIM cards.

This Privacy Policy applies to our website at simsendly.expertlevel.io, our web dashboard at app.simsendly.expertlevel.io, our backend API, and our Android gateway application (collectively, the "Service").

Data We Collect

Account information — when you register for Simsendly we collect your email address, your agency name, and a password (stored as a cryptographic hash, never in plaintext). We collect this through Supabase Auth.

Device data — when you pair an Android device with the Service, we store the device's Firebase Cloud Messaging (FCM) token, device model, Android version, app version, SIM slot numbers (not the full SIM identity), and battery and signal-level readings sent with each heartbeat. This data is used exclusively to route messages and surface device health in your dashboard.

Message metadata — for every message sent or received, we store:

  • Timestamp (sent, delivered, failed)
  • Delivery status (queued, sent, delivered, failed)
  • Destination phone number (outbound) or source phone number (inbound)
  • GoHighLevel conversation and message IDs for bidirectional sync
  • The device that sent or received the message

Message content — message body text is transmitted through our backend for delivery routing but is not stored permanently after the message is dispatched. We do not index, analyse, or train models on message content.

GoHighLevel OAuth tokens — to connect your GHL sub-accounts we store the OAuth access and refresh tokens issued by GoHighLevel. These tokens are encrypted at rest and used solely to sync conversation status with your GHL inbox.

Usage and analytics data — we collect aggregate statistics (messages sent per day, delivery rates, device uptime) to display in your dashboard and to detect abuse. We do not use third-party analytics SDKs that track individual users across the web.

Communications — if you contact our support team we retain your email and the conversation thread for as long as your account is active plus 12 months.

How We Use Your Data

We use the data we collect to:

  • Provision, operate, and maintain the Service
  • Route outbound SMS messages to the correct paired device
  • Forward inbound SMS replies to GoHighLevel Conversations
  • Display device health, delivery rates, and message history in your dashboard
  • Authenticate your account and issue secure session tokens
  • Send transactional emails (password reset, invoice receipts, device-offline alerts)
  • Detect and prevent abuse, spam, or Terms of Service violations
  • Comply with legal obligations

We do not use your data to build advertising profiles, sell to data brokers, or engage in behavioural tracking.

Data Sharing

We share data only with the following sub-processors, strictly to operate the Service:

  • Supabase (auth and database) — your account credentials and structured data are stored in a Supabase PostgreSQL instance in us-east-1.
  • Google Firebase / FCM — we use Firebase Cloud Messaging to deliver outbound message instructions to your paired Android devices. We pass the FCM token and message payload; Firebase does not receive message content.
  • Amazon Web Services — our API backend, object storage, and CDN run on AWS us-east-1.
  • GoHighLevel — we exchange OAuth tokens and conversation events with GoHighLevel's API as required by your integration.
  • Stripe — billing data (card numbers, invoices) is handled entirely by Stripe. We store only your subscription tier and Stripe customer ID.

We may disclose data if required by law, court order, or to protect the rights, property, or safety of Simsendly, our users, or the public. We will notify you of such disclosures where legally permissible.

If Simsendly is acquired by or merges with another company, your data may be transferred. We will notify you by email before your data becomes subject to a different privacy policy.

Data Retention

We retain data for as long as your account is active. Specifically:

  • Account data — retained until you close your account, then deleted within 30 days.
  • Message metadata (timestamps, status, phone numbers) — retained for 90 days, then automatically purged.
  • Device heartbeat data — rolling 7-day window; older readings are deleted.
  • OAuth tokens — retained while the integration is active; deleted when you disconnect GoHighLevel.
  • Support conversations — retained for 12 months after account closure.
  • Billing records — retained for 7 years as required by tax law.

You can request deletion of your account and all associated data at any time by emailing support@expertlevel.io. We will complete deletion within 30 days.

Security

We take reasonable and industry-standard measures to protect your data:

  • All data in transit is encrypted via TLS 1.2 or higher.
  • Passwords are hashed with bcrypt; we never store plaintext credentials.
  • GoHighLevel OAuth tokens are encrypted at rest using AES-256.
  • Our infrastructure runs on AWS with VPC isolation; database ports are not publicly accessible.
  • Session tokens are HMAC-signed with a rotating secret and expire after 1 hour.
  • We conduct periodic security reviews and patch dependencies promptly.

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to support@expertlevel.io before public disclosure.

Your Rights

Depending on your location, you may have the following rights under GDPR, CCPA, or applicable law:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate data.
  • Deletion — request deletion of your personal data ("right to be forgotten").
  • Portability — request your data in a machine-readable format.
  • Restriction — request that we limit how we use your data.
  • Objection — object to certain processing activities.
  • Opt-out of sale — we do not sell personal data, so this right is automatically satisfied.

To exercise any of these rights, email support@expertlevel.io with the subject line "Privacy Request". We will respond within 30 days. We may need to verify your identity before acting on requests.

California residents (CCPA): Simsendly does not sell or share personal information as defined under the California Consumer Privacy Act. For questions, contact support@expertlevel.io.

Cookies & Tracking

Our marketing landing page (simsendly.expertlevel.io) uses only strictly necessary cookies — no advertising trackers, no cross-site analytics.

Our web dashboard (app.simsendly.expertlevel.io) stores a session token in sessionStorage (not a cookie) to authenticate your requests. This token is cleared when you close the browser tab.

We do not use Google Analytics, Facebook Pixel, or any behavioural advertising technology.

Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child, please contact support@expertlevel.io and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Effective" date at the top of this page. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

For non-material changes (typos, clarifications that don't affect how we process data), we will update the policy without separate notice.

Contact Us

If you have questions, concerns, or requests about this Privacy Policy or our data practices, please contact us:

Email: support@expertlevel.io
Company: Simsendly, Inc.
Subject: Privacy Request — [your name]

We aim to respond to all privacy enquiries within 5 business days.

© 2026 Simsendly, Inc. All rights reserved.
Privacy PolicyTerms of Service