Privacy Policy
Last updated: May 4, 2026
This Privacy Policy explains how the SMS Forwarder mobile application (the "App") collects, uses, shares, and protects information about you. The App is provided by the developer of SMS Forwarder (the "Developer", "we", "us", or "our"). By using the App, you agree to the practices described here.
1. Who We Are and Scope
The Developer is the data controller (or, where applicable, the business) for personal data processed through the App. This Policy applies to information processed via the App and via the Developer's API used by the App. It does not apply to third-party services that you separately integrate with — for example, the email provider, webhook endpoint, or messaging platform you select as a forwarding destination — which are governed by their own privacy policies.
2. Information We Collect
2.1 Information you provide
- Forwarding rules. The name you assign to a rule, the destination type (e.g. email, webhook, Slack, Discord, Teams, WhatsApp), and the destination details you enter (such as an email address or a webhook URL).
- Test recipient phone number. If you use the "Send Test SMS" feature, the phone number you enter is stored locally on your device and pre-filled the next time. It is never transmitted to our servers or to analytics providers.
- App preferences. Theme, language, notification preference, analytics opt-out preference, and onboarding state — stored locally on your device.
2.2 Information collected automatically
- Device and app information. Device model identifier, iOS version, App version, language and region, Apple identifier-for-vendor (IDFV).
- Push notification token (if you grant notification permission), used to deliver alerts about your rules and subscription.
- Subscription state. Whether you have an active subscription, the active subscription product identifier, and its expiration date — derived from RevenueCat / the Apple App Store.
- Diagnostics. Crash reports, anonymized performance metrics, and aggregated usage events (for example: a paywall was viewed, a button was tapped, a purchase was initiated). Diagnostics are subject to your in-app analytics opt-out.
2.3 What we do not collect
- The text content of SMS messages you forward.
- The phone numbers of senders or recipients of forwarded messages.
- Your contacts, calendars, photos, or location.
- Your real name, email address, or password (the App does not require account creation).
3. How SMS Forwarding Works
The App relies on Apple Shortcuts automation, which you set up on your device. When an SMS arrives:
- Your iOS Shortcut reads the message content and any sender info exposed by iOS.
- It passes that information to the App's Forward SMS action.
- The App immediately sends the message to the destination you configured (for example, an email API or a webhook URL).
- The App does not retain the message content after delivery, and the message content is never sent to the Developer's backend or any analytics provider.
4. How We Use Information
- To provide the service. Saving and retrieving your forwarding rules, syncing them across reinstalls, sending push notifications you have opted into, and processing subscriptions through Apple.
- To maintain quality and security. Diagnosing crashes, monitoring performance, and protecting against abuse.
- To improve the App. Aggregated, opt-out-able analytics events used to understand which features are working.
- To communicate with you. Replying to support requests you initiate.
- To comply with law. Where required by law or legal process.
5. Legal Bases for Processing (EEA / UK / Switzerland)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:
- Performance of a contract — to operate the App and deliver the features you request (e.g. saving and syncing rules, processing subscriptions).
- Legitimate interests — to keep the App secure, prevent abuse, debug crashes, and maintain product quality, balanced against your privacy interests.
- Consent — for non-essential analytics, where we collect it through the in-app analytics opt-in. You can withdraw consent at any time in Settings → Share Anonymous Analytics.
- Legal obligation — to comply with applicable laws.
6. Service Providers and Recipients of Data
We share information only with the categories of recipients below, only to the extent needed for the listed purpose.
| Recipient | Purpose | Data shared |
|---|---|---|
| Apple Inc. (App Store, StoreKit, Push Notification Service) | Distribution, in-app purchases, push notifications. | Subscription transactions and receipts; push notification tokens. |
| RevenueCat, Inc. | Subscription state management, restore purchases, customer info. | Anonymous App User ID, Apple App Store receipts, subscription product identifiers, country/region. |
| Google LLC (Firebase Analytics, Crashlytics, Performance Monitoring, Remote Config) | Crash diagnostics, performance metrics, feature flagging, aggregated usage analytics. | App and device metadata (App version, iOS version, device model, locale, IDFV), aggregated event names with non-identifying parameters, crash stack traces. No SMS content is sent to Firebase. Subject to your in-app analytics opt-out. |
Developer's own backend (monolithgw.com) |
Storing your forwarding rules and device record so they can be restored across reinstalls. | Device UUID (IDFV), phone model, OS version, App version, push notification token, subscription product identifier, subscription expiration date, your forwarding rule names and destination details. No SMS content is stored. |
| Forwarding destinations you configure | Delivering forwarded SMS messages to where you asked them to go. | The content of the SMS, plus sender info exposed by iOS — sent only to the destination you set (your email server, your webhook, etc.). |
Each of these recipients has its own privacy policy. You can review them at:
- Apple — apple.com/legal/privacy
- RevenueCat — revenuecat.com/privacy
- Google Firebase — firebase.google.com/support/privacy
7. International Data Transfers
Some of our service providers process information in the United States or other countries that may have different data-protection laws than your country of residence. Where required (for example, transfers from the EEA / UK / Switzerland to a third country without an adequacy decision), we rely on lawful transfer mechanisms such as the European Commission's Standard Contractual Clauses or the EU–US Data Privacy Framework, where applicable.
8. Data Retention
- On your device. Local data (rules, preferences, the test recipient phone number) is kept until you delete the App or clear it manually.
- Developer's backend. Forwarding rules and the associated device record are kept until you delete the App and request deletion, or until two (2) years after your last use of the App, whichever comes first.
- RevenueCat. Subscription records are kept as long as needed for tax, accounting, and entitlement-restoration purposes, then deleted or de-identified.
- Firebase Analytics / Crashlytics. Retained per Firebase's defaults — generally up to 14 months for events and up to 90 days for crash data — unless we change the retention setting.
9. Security
We use industry-standard safeguards including TLS for data in transit and reputable cloud providers for data at rest. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we work to minimize risk.
10. Children's Privacy
The App is not directed to children under the age of 13 (or the equivalent minimum age in your country). We do not knowingly collect personal information from such children. If you believe a child under that age has provided personal information to us, please contact us so we can delete it.
11. Your Rights
11.1 Common rights
Depending on where you live, you may have some or all of the following rights:
- Access a copy of the personal information we hold about you.
- Correct inaccurate information.
- Delete personal information.
- Restrict or object to certain processing.
- Receive a portable copy of your information.
- Withdraw any consent you have given.
- Lodge a complaint with your local data-protection authority.
To exercise these rights, contact support@monolithgw.com. We may need to verify your identity (for example by confirming you control the device UUID associated with your data). We will respond within the time required by your local law.
11.2 European Economic Area / United Kingdom / Switzerland
The rights described above apply under the GDPR and UK GDPR. You can also withdraw consent for analytics in Settings → Share Anonymous Analytics at any time, without affecting prior processing.
11.3 California
Under the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) you have the rights to know, delete, correct, and to data portability described above. We do not "sell" personal information and we do not "share" it for cross-context behavioral advertising. We do not knowingly process the personal information of minors under 16 for sale or sharing. We will not discriminate against you for exercising your rights.
11.4 Other U.S. states
Residents of states with comprehensive consumer-privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Oregon, Texas, and Montana) have similar rights to those listed in section 11.1.
11.5 Asia–Pacific
If you reside in a jurisdiction with a comprehensive personal-data law — for example Japan (APPI), South Korea (PIPA), India (DPDP Act), Singapore (PDPA), Indonesia (PDP), Malaysia (PDPA), Thailand (PDPA), Vietnam (PDPD), the Philippines (DPA), Australia (Privacy Act), or New Zealand (Privacy Act) — you have rights of access, correction, deletion, and complaint to your local supervisory authority. Contact us at the address above to exercise these rights.
12. Permissions Used
- Notifications (optional) — to inform you about subscription, automation, or rule events.
- Network access (always required) — to sync your rules with the Developer's backend, fetch subscription state from RevenueCat, and send diagnostics to Firebase.
- App Intents / Shortcuts — required so your iOS Shortcut can pass SMS content to the App's Forward SMS action.
13. Cookies and Similar Technologies
The App is a native iOS application and does not use browser cookies. The Apple Identifier-for-Vendor (IDFV) is used as a stable, app-vendor-scoped identifier; it is not the IDFA and we do not use it for cross-app or cross-developer tracking.
14. Changes to This Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the latest revision. If a change is material, we will use reasonable efforts to notify you in the App or by other means before it takes effect.
15. Contact
For privacy questions or to exercise your rights, contact us at support@monolithgw.com. For general support, contact support@monolithgw.com.
© 2026 SMS Forwarder. All rights reserved.