Phone Number Authentication Policy

1. Purpose

This policy outlines the procedures and guidelines for collecting, using, and securing phone numbers to enable users to log into our service via SMS authentication. We are committed to protecting users' privacy and ensuring compliance with relevant laws and regulations.

2. Scope

This policy applies to all users of our website and services who register an account and authenticate via phone numbers and SMS. This includes phone number collection, message delivery, and the login process.

3. Data Collection

  • Phone Number Requirement: To use our services, users can (but are not required to) provide a valid phone number during the sign-up process. The phone number is used exclusively for account authentication and communication related to the account (e.g., two-factor authentication (2FA), login verification).
  • Accuracy of Information: If providing their own phone number, users must provide accurate and current phone numbers. The website will not be responsible for any issues arising from the use of incorrect or outdated phone numbers.

4. User Consent

  • Explicit Consent: By providing a phone number and selecting the opt-in checkbox, users explicitly consent to receive SMS messages for the purpose of authentication, account-related notifications, and security purposes (e.g., login codes).
  • Opt-In Process: Users will be prompted to confirm their consent to receive SMS messages during the sign-up process. This opt-in will be documented as part of the registration record.
  • Revocation of Consent: Users may revoke their consent to receive SMS authentication messages at any time by opting out of the SMS service. However, opting out may impact the user’s ability to access their account.

5. SMS Authentication Process

  • One-Time Password (OTP):For users who have opted-in, upon registration and subsequent login attempts, users will receive an SMS with a one-time password (OTP) or verification code to complete the authentication process.
  • Code Expiry: OTPs are valid for a limited time (typically 5-10 minutes) to ensure security. Expired OTPs will need to be re-requested by the user.
  • Multiple Attempts: Users will be limited to a specific number of attempts to enter the correct OTP. After the limit is exceeded, additional security measures, such as account lockout or reCAPTCHA verification, may be required.

6. Data Privacy and Security

  • Protection of Phone Numbers: Phone numbers provided by users will be securely stored and encrypted in accordance with applicable data protection laws, including but not limited to GDPR (for EU users), CCPA (for California residents), and other relevant privacy regulations.
  • No Sharing of Phone Numbers: We do not share users’ phone numbers with third parties for marketing or other purposes, except where required by law or as necessary to provide the service (e.g., SMS providers like Twilio).
  • Encryption and Security: All phone numbers, OTPs, and related data are stored and transmitted securely using encryption protocols to protect against unauthorized access.

7. Opt-Out and Unsubscribing

  • Opting Out of SMS Authentication: Users who no longer wish to use SMS for authentication may request to switch to an alternative authentication method (if available), such as email authentication.
  • Unsubscribing from Marketing Messages: If marketing messages are sent via SMS (separate from authentication-related messages), users may opt out by replying with the keyword "STOP" to any marketing message. Users will no longer receive promotional SMS messages but will still receive critical account-related messages (e.g., security alerts).

8. User Responsibilities

  • Account Security: Users are responsible for keeping their phone numbers up to date and ensuring that they have access to the phone number they registered with. Users should not share their OTPs with anyone, as this would compromise the security of their account.
  • Reporting Unauthorized Activity: Users must immediately report any suspected unauthorized access or suspicious activity related to their account, including the use of their phone number for SMS authentication, by contacting our support team.

9. Compliance with Regulations

Our phone number authentication system adheres to all relevant local and international regulations, including:

  • Telephone Consumer Protection Act (TCPA) (U.S.)
  • General Data Protection Regulation (GDPR) (EU)
  • California Consumer Privacy Act (CCPA) (California, U.S.)
  • Other applicable data protection and privacy laws in the jurisdictions where we operate.

We will comply with applicable rules around SMS marketing and messaging, ensuring that all messages are sent with the proper consent and that users have the option to opt out of communications that are not related to account authentication.

10. Monitoring and Enforcement

  • SMS Usage Monitoring: We may monitor SMS traffic to ensure compliance with this policy and detect any misuse of the phone number authentication process, such as fraud or abuse of the OTP system.
  • Suspension or Termination of Access: Users who violate this policy, misuse the authentication system, or engage in suspicious activities may have their access to the website temporarily suspended or permanently terminated.
  • Account Recovery: In the event that a user’s phone number is compromised or lost, we will have a secure process in place for account recovery, which may involve identity verification and support team intervention.

11. Modifications to the Policy

We reserve the right to update or modify this policy as necessary to ensure compliance with changes in laws, regulations, or best practices. Any material changes to this policy will be communicated to users, and they will be asked to review and consent to the revised policy.

Acknowledgment

By providing a phone number to log into our service, you acknowledge that you have read, understood, and agree to this Phone Number Authentication Policy.