Privacy Policy

LAST UPDATED: APRIL 14, 2026

Short version: we collect your email to manage your account, use provider APIs to route SMS, and process payments through CryptoBot. We don't sell your data. We don't store SMS content longer than needed.

1. Who We Are

MCP SMS Server ("we", "us", "our") provides a virtual phone number and SMS verification API service accessible at mcp-sms-nu.vercel.app. The service is designed for developers and AI agents to automate SMS verification flows.

2. Information We Collect

We collect only what is necessary to provide the service:

Email address — used to create your account and deliver your API key
API usage data — which tools you call, which services and countries you request numbers for, timestamps
Balance and transaction records — top-up amounts, invoice IDs (payment details are handled by CryptoBot)
IP addresses — retained temporarily for abuse prevention and security

We do not collect: names, physical addresses, phone numbers, government IDs, or any KYC information.

3. SMS Content

When you use get_sms(), the SMS code is returned to you via API response and is not stored on our servers beyond the active session window (typically a few minutes). We do not read, log, or analyze the content of SMS messages.

4. How We Use Your Data

To provide and operate the SMS verification service
To manage your account balance and API access
To detect and prevent fraud and abuse
To send transactional emails (API key delivery, balance alerts)
To improve service reliability and performance

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Third-Party Services

We route SMS requests through the following provider networks:

5sim (5sim.net) — virtual number provider
SMS-Activate (sms-activate.org) — virtual number provider
OnlineSim (onlinesim.io) — virtual number provider

Payments are processed by CryptoBot (pay.crypt.bot). When you make a payment, your transaction is subject to CryptoBot's privacy policy. We receive only a confirmation of payment — not your wallet address or private keys.

6. Cookies

We use minimal cookies and local storage:

Cookie consent — remembers whether you've accepted our cookie notice
Session state — keeps you from seeing popups repeatedly within a session

We do not use advertising, tracking, or analytics cookies. We do not use Google Analytics or similar tracking tools.

7. Data Retention

We retain account data (email, API key, balance history) for as long as your account is active. If you request deletion, we will remove your data within 30 days, except where retention is required for fraud prevention or legal compliance.

API request logs are retained for a maximum of 90 days.

8. Your Rights

Depending on your jurisdiction, you may have rights including:

Access to data we hold about you
Correction of inaccurate data
Deletion of your account and associated data
Objection to processing

To exercise any of these rights, contact us at the email below.

9. Security

API keys are hashed before storage. We use HTTPS for all data in transit. Access to production systems is restricted to authorized personnel only. We perform regular security reviews.

10. Changes to This Policy

We may update this policy as the service evolves. Material changes will be communicated via email or a prominent notice on the site. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions or data requests, email us at: gonchasobaka@gmail.com