Privacy Policy

Last Updated: January 8, 2026

DNS Publishing, LLC d/b/a Who Sent That Text Message ("we", "us", "our") operates the Who Sent That Text Message website and service, a consumer service powered by VeriRoute Intelligence. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Your Privacy Rights: If you are a resident of the European Economic Area (EEA), California, or other jurisdictions with privacy laws, you have specific rights regarding your personal data. See the "Your Rights" section below.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, password (hashed), name (if provided via SSO)
  • Payment Information: Billing address, payment card details (processed securely by Authorize.net - we only store last 4 digits and expiration date)
  • Search Queries: Phone numbers you look up through our Service
  • Communications: Information you provide when contacting us

1.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, pages viewed, referring URL
  • Location Data: Approximate location based on IP address (country, region, city)
  • Usage Data: Features used, search history, interaction patterns
  • Cookies and Tracking: See our Cookie Policy

1.3 Information from Third Parties

  • Google Sign-In: If you use Google SSO, we receive your email, name, and profile picture
  • Payment Processor: Transaction confirmation and fraud prevention data from Authorize.net

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our Service
  • Process transactions and send related information
  • Send transactional emails (account confirmation, password reset, billing notices)
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues, fraud, and abuse
  • Enforce our Terms of Service and protect our legal rights
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are in the EEA, we process your data based on:

  • Contract Performance: To provide the Service you requested
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For marketing communications (which you can withdraw at any time)
  • Legal Obligation: To comply with applicable laws

4. Information Sharing and Disclosure

We may share your information with:

4.1 Service Providers

  • Authorize.net: Payment processing
  • Postmark: Email delivery
  • Google Analytics: Website analytics
  • Cloud Infrastructure: Data hosting and storage

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court order, subpoena, government request).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do NOT sell your personal information to third parties.

5. Data Retention

We retain your information for as long as:

  • Account Data: Until you delete your account, plus 30 days for backup purposes
  • Lookup History: 90 days from the date of lookup
  • Payment Records: 7 years for tax and legal compliance
  • Log Data: 12 months
  • Anonymized Analytics: Indefinitely

6. Your Rights

6.1 All Users

  • Access your account information
  • Update or correct your information
  • Delete your account
  • Opt out of marketing communications

6.2 EEA Residents (GDPR)

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

6.3 California Residents (CCPA/CPRA)

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access personal information
  • Right to equal service and price
  • Right to delete personal information

To exercise any of these rights, please contact us at privacy@whosentthattextmessage.com or use the data management tools in your account settings.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission.

8. Data Security

We implement security measures including:

  • TLS/SSL encryption for all data in transit
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security audits and penetration testing
  • Access controls and authentication
  • PCI DSS compliance for payment processing (via Authorize.net)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Children's Privacy

Our Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. Do Not Track

Some browsers have a "Do Not Track" feature. We currently do not respond to Do Not Track signals. However, you can manage cookies through your browser settings and opt out of analytics tracking.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. For material changes, we will provide notice through email or a prominent notice on our Service.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights:

  • Email: privacy@whosentthattextmessage.com
  • Data Protection Officer: dpo@whosentthattextmessage.com
  • Website: Contact Form

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.