Privacy Policy

Last updated: April 9, 2026

This Privacy Policy describes how Interconnected Software, Inc. ("we," "us," or "our") collects, uses, and shares information in connection with the IncNumber service ("the Service") available at incnumber.com.

1. Information We Collect

1.1 Information You Provide

• Email address — Used as your SMS forwarding destination, account identifier, and for service-related communications.
• Voice greeting text — The custom greeting message you configure for incoming callers.
• Feedback submissions — Any feedback or support requests you submit through the Service.

1.2 Information Generated by the Service

• US phone number — The number provisioned and assigned to your account.
• SMS message content — The content of text messages received on your number, stored for forwarding and message history.
• Call metadata — Caller phone number and call timestamp. No call audio is recorded or stored.

1.3 Information Collected Automatically

• Usage data — Pages visited, features used, and interaction patterns, collected via Google Analytics (GA4).
• Session replay and UX diagnostics — Anonymized session recordings, click and scroll heatmaps via Microsoft Clarity. Content and form input fields are masked by default.
• Error and performance data — Application errors and performance metrics, collected via Sentry.
• Network data — IP address, browser type, and device information processed by Cloudflare for security and content delivery.

1.4 Payment Information

Payment information (credit card number, billing address) is collected and processed directly by Stripe. We do not receive, store, or have access to your full card details. We receive only a confirmation of payment status and the billing country you provide.

2. How We Use Your Information

We use your information for the following purposes:

• To provision and maintain your US phone number
• To forward incoming SMS messages to your email address
• To play your custom voice greeting for incoming callers
• To process and manage your subscription payments
• To display your message and call history in the dashboard
• To send service-related communications (e.g., account alerts)
• To monitor and improve the reliability and performance of the Service
• To detect and prevent fraud, abuse, and violations of our terms
• To comply with legal obligations

3. Data Sharing and Third-Party Services

We share your information only with the following categories of service providers, solely to operate the Service:

• Telecom infrastructure provider — Processes your phone number, incoming SMS content, and call metadata to deliver telephony services.
• Stripe — Processes your payment information and manages your subscription. See Stripe's Privacy Policy.
• Email delivery provider — Transmits forwarded SMS messages and service emails to your email address.
• Google Analytics (GA4) — Collects anonymized usage data to help us understand how the Service is used. See Google's Privacy Policy.
• Microsoft Clarity — Records anonymized user sessions with content and form input fields masked, to help us diagnose UX issues. See Clarity Terms and Microsoft Privacy Statement.
• Sentry — Collects error reports and performance data to help us identify and fix issues.
• Cloudflare — Provides CDN, DDoS protection, and DNS services. Processes network-level data.
• Firebase (Google Cloud) — Provides authentication (Firebase Auth) and database infrastructure (Cloud Firestore). Firestore data for the Service is stored in the asia-northeast1 (Tokyo, Japan) region.

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

3.1 Customer Proprietary Network Information (CPNI)

To the extent any information we hold about your use of the Service constitutes Customer Proprietary Network Information ("CPNI") as defined under the U.S. Communications Act and FCC rules (47 CFR §64.2001 et seq.), including the telephone number assigned to your account, message and call metadata, and the types of telecommunications services you receive, we will:

• Use CPNI only to provide the Service to you, to bill and collect for the Service, to protect our rights and property, and to protect users of the Service and other carriers from fraudulent, abusive, or unlawful use of the Service.
• Not use CPNI for marketing of services to which you do not already subscribe without your express prior consent.
• Not disclose CPNI to third parties for marketing or advertising purposes.
• Disclose CPNI only as required by law, including in response to valid legal process (see "Legal Process and Government Requests" below), or to our underlying telecom carrier solely to the extent necessary to deliver the Service.

4. Data Retention

• SMS content and call records: Retained for 90 days after receipt, then automatically deleted.
• Account information: Retained for the duration of your subscription and for 30 days after cancellation, after which it is deleted.
• Deleted account archives: Minimal account metadata (excluding message content) may be retained for up to 12 months after deletion for fraud prevention and legal compliance purposes.
• Payment records: Retained by Stripe in accordance with their data retention policies and applicable financial regulations.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) for all data transmissions
• Encrypted database storage with access controls
• Authentication via Firebase Auth (OAuth-based; we never store passwords)
• Payment data handled entirely by PCI-DSS compliant Stripe infrastructure

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. International Data Transfers

The Service operates across multiple jurisdictions. Depending on which subsystem is processing your data at a given moment, your information may be transferred to and processed in any of the following locations:

• United States — Telnyx (telecom infrastructure: phone number provisioning, SMS, voice), Stripe (payment processing), Resend (email forwarding), Cloudflare (CDN/security), Sentry (error monitoring), Google Analytics, and Microsoft Clarity all operate from the United States.
• Japan (Tokyo, asia-northeast1) — Firebase Auth and Cloud Firestore (account metadata, message history, dashboard state) are hosted in the Tokyo region. Japan has been recognized by the European Commission as providing an adequate level of data protection under GDPR Article 45 (Commission Implementing Decision (EU) 2019/419 and 2023 review).

For transfers from the EEA/UK to the United States, we rely on the following legal mechanisms:

• Contractual necessity — Processing is necessary to perform the contract (your subscription) with you, pursuant to Article 49(1)(b) of the GDPR.
• Standard Contractual Clauses — Where applicable, our third-party service providers maintain appropriate data transfer mechanisms.
• EU-U.S. Data Privacy Framework — Google (Firebase, Analytics), Microsoft (Clarity), Cloudflare, and Stripe maintain DPF certifications, where applicable.

7. Your Rights Under the GDPR (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of access — Request a copy of the personal data we hold about you.
• Right to rectification — Request correction of inaccurate or incomplete data.
• Right to erasure — Request deletion of your personal data, subject to legal retention requirements.
• Right to restriction — Request that we limit processing of your data in certain circumstances.
• Right to data portability — Request your data in a structured, machine-readable format.
• Right to object — Object to processing based on legitimate interests.

Legal bases for processing: We process your personal data on the following grounds:

• Performance of a contract — Processing necessary to provide the Service you subscribed to (Article 6(1)(b) GDPR).
• Legitimate interests — Processing necessary for fraud prevention, service improvement, and security (Article 6(1)(f) GDPR).
• Legal obligation — Processing required to comply with applicable laws (Article 6(1)(c) GDPR).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

8. Your Rights Under the CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to know — Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete — Request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale — We do not sell your personal information. No opt-out is necessary.
• Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at [email protected]. We will verify your identity and respond within 45 days.

9. Cookies and Tracking Technologies

The Service uses the following tracking technologies:

• Google Analytics (GA4) — Uses cookies and similar technologies to collect anonymized usage statistics. You can opt-out using the Google Analytics Opt-out Browser Add-on.
• Microsoft Clarity — Uses cookies and similar technologies to record anonymized user sessions (mouse movements, clicks, scrolls) with content and form input fields masked. No personally identifiable information is collected. You can opt-out by disabling cookies or using browser tracking protection.
• Sentry — Collects error and performance data using session identifiers. No marketing cookies are used.
• Cloudflare — May set security-related cookies (e.g., __cf_bm) for bot detection and DDoS protection.
• Firebase — Uses local storage and cookies for authentication session management.

We do not use any third-party advertising cookies or cross-site tracking technologies.

10. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

10.5 Legal Process and Government Requests

We may disclose your personal information, including the content and metadata of SMS messages received on your number, your account information, and your IP address, in response to:

• A valid subpoena, court order, search warrant, or other legally binding request issued under United States law (where we are incorporated) or under the law of another jurisdiction where we operate or store data;
• A preservation request or government order requiring us to retain data pending further legal process;
• An emergency disclosure request from law enforcement when we have a good-faith belief that immediate disclosure is necessary to prevent imminent death or serious physical injury;
• A request from our underlying telecom carrier or another regulated party when failure to disclose would expose us to legal liability or violate applicable telecommunications law (including CALEA where applicable).

When we receive a request for your information from a government or law-enforcement entity, we will:

• Review the request for legal validity and scope, and challenge requests we believe are overbroad, defective, or unlawful;
• Disclose only the information specifically required by the request;
• Attempt to notify the affected user of the request before disclosure unless prohibited by law (e.g., a non-disclosure order or court-ordered gag), or unless we have a good-faith belief that notification would create a risk of injury or obstruction of justice.

To facilitate fraud investigation and law-enforcement response, when an account is deleted we retain a minimal archive of account metadata (excluding SMS message content) for up to twelve (12) months, as described in Section 4 (Data Retention) above.

Law-enforcement and other legal requests should be directed to [email protected] and clearly marked as a legal request.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you by email. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries, data access requests, or complaints, contact us at:

Interconnected Software, Inc.
131 Continental Dr, Suite 305, Newark, DE 19713, United States
Email: [email protected]