Gravity SMS

Last updated: March 17, 2026

Privacy Policy

Gravity SMS is a platform (B2B SaaS), not a direct-to-consumer SMS sender. This policy describes how we handle data for our tenants (businesses). We tell you how we collect, use, store, and protect your data. Tenants are responsible for their own end-users' consent and compliance.

1. What We Collect

We collect account information (name, email, organization name) from tenant signup. We store authentication data: hashed API keys and encrypted RingCentral OAuth tokens. We process SMS message data including sender number, recipient number, message body, timestamps, and delivery status. We log usage data such as API call logs, IP addresses, and timestamps. Stripe processes subscriptions and payments; we do not store full card numbers (Stripe handles PCI compliance).

2. How We Use It

We use this data to provide the SMS gateway service (send and receive messages via RingCentral), authenticate API requests, maintain RingCentral connections on behalf of tenants, monitor service health and debug issues, and communicate service updates.

3. How We Store & Protect It

Data is stored in encrypted databases with encryption at rest. RingCentral OAuth tokens are encrypted before storage. API keys are securely hashed and are not recoverable. All API traffic uses HTTPS. Data is hosted on US-based cloud infrastructure.

4. Third-Party Services

We use RingCentral for SMS delivery (you use your own account and credentials). Stripe handles subscription billing and payment processing; card data never touches our servers and Stripe is PCI-DSS compliant. Our application and database are hosted on secure US-based cloud infrastructure. Microsoft Power Automate, Zapier, and Make receive webhook callbacks when you configure them. We do not sell or share data with third parties for marketing.

5. Data Retention

Message records are retained for 90 days. Webhook event logs are retained for 30 days. Account data is retained while your account is active. On account deletion, credentials are deleted immediately and message history is deleted within 30 days.

6. Tenant Responsibilities

Tenants are responsible for their own end-users' consent and compliance. Tenants must comply with TCPA, CTIA guidelines, and applicable laws for their SMS usage. Gravity SMS is a platform; tenants own the relationship with their message recipients.

7. Your Rights

You may access your data via the API or tenant dashboard. You may request a data export or account deletion. You may disconnect RingCentral at any time.

8. Cookies

We use minimal session cookies for admin and tenant dashboard authentication. We do not use tracking cookies or analytics.

9. SMS Communications

By opting in to SMS communications from Gravity SMS, you agree to receive text messages related to your account, service notifications, and other communications as described at the time of opt-in. Message frequency varies based on your account activity and preferences. Message and data rates may apply.

You can opt out of SMS messages at any time by replying STOP to any message. For help, reply HELP or contact us at support@gravitysms.com.

Your phone number and SMS data will not be shared with third parties or affiliates for marketing purposes. For more details on how we handle your data, see the rest of this Privacy Policy and our Terms of Service.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted here with an updated date. Continued use after changes constitutes acceptance.

11. Contact

For questions about this policy, contact us at support@gravitysms.com or visit gravitysms.com.