Privacy Policy
SMSNoKYC is built to keep you anonymous. No email, no name, no phone, no ID. The only key to your account is the seed phrase you hold.
1. Operational Records
We never ask who you are. SMSNoKYC retains only the technical records needed to operate anonymous accounts, process payments and orders, prevent abuse, and measure the service in aggregate:
- Account record: a bcrypt hash of your access seed and a 4-character lookup prefix — the seed itself is never written in plain text.
- Transaction record: what was ordered, the deposit amount and coin, a transaction ID, timestamps and the running balance.
- Session record: a short-lived server-side identifier that tracks login state and is tied to no personal identity.
- Abuse-prevention record: temporary IP-keyed rate-limit counters that guard against brute force and clear themselves automatically.
2. Identity We Do NOT Ask For
- Name, email address, or phone number
- Precise physical address or GPS location
- Government-issued ID or identity documents
- Advertising pixels or cross-site ad retargeting
3. How Operational Records Are Used
Those operational records are used only to:
- Authenticating your account access
- Processing and fulfilling orders
- Manage your balance and deposit history
- Prevent abuse through rate limiting and fraud detection
- Keep the Service running and improve it
We do not sell, rent or share personal identity data for marketing or advertising — and in any case we hold none to sell.
4. Cookies & Storage
We set authentication cookies and a few first-touch attribution cookies to learn which source led to a signup, top-up or order, all without asking who you are.
- Session cookies are HTTP-only and secure, and serve only account access
- First-touch cookies keep a source, referrer, landing page and timestamp for attribution
- The live visitor counter keeps anonymous visitor and session IDs in your browser storage
- The live presence beacon honours Do Not Track
Google Analytics is used only for aggregate pageview and conversion figures; there are no advertising pixels, no ad retargeting and no data-broker tooling.
5. Third-Party Services
The Service talks to these outside providers purely to operate:
- Blockchain networks (Bitcoin, Ethereum, Solana): To verify cryptocurrency payments. Blockchain transactions are public by nature.
- SMS providers: To provision virtual numbers and receive SMS. The phone numbers and SMS content pass through third-party telecom providers.
- Price APIs: To fetch current cryptocurrency exchange rates.
- Google Analytics for aggregate analytics and conversion figures
6. Retention
- Account record: Retained as long as the account exists. Inactive accounts (no login for 12+ months) may be deleted.
- Order and transaction records: Retained with the account for your reference.
- Rate limiting logs: Automatically purged after 1 hour.
- SMS content: Stored temporarily and may be purged after the order is completed or expired.
7. Record Security
- Every connection is encrypted with TLS (HTTPS).
- Access seeds are bcrypt-hashed and never kept in plain text.
- Session state lives server-side in Redis and is never exposed to the client.
- CSRF protection guards every state-changing request.
8. Your Control
Since accounts are anonymous:
- You can walk away at any time simply by not logging in.
- There is no identity-based deletion request process, because account ownership can only be verified through the seed.
- Inactive accounts are automatically purged after extended periods of inactivity.
9. Changes to This Policy
We may update this Privacy Policy at any time. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service constitutes acceptance of the current policy.