TextFuse
Sign inGet Started

Privacy Policy

Last updated: April 24, 2026

This Privacy Policy describes how TextFuse ("we", "us") collects, uses, and shares personal information when you use our SMS marketing software (the "Service"). We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Who controls your data

There are two different roles to understand:

  • Our customers (business account holders) are the data controllersfor their contact lists and message content. They decide who to message and why.
  • TextFuse acts as a data processor for customer contact data — we store and transmit it on their behalf. For the customer's own account information (name, email, billing), TextFuse is the controller.

If you received a message through TextFuse and have questions about how a specific business uses your information, contact that business directly. Our customers can unsubscribe you on request, or you can reply STOP to any message or use the link on our opt-out page.

2. Information we collect

From account holders (our customers)

  • Account information: name, email, password hash, business name, phone number.
  • Billing information: billing address and payment-method details are collected and stored by Stripe, Inc., our payment processor. TextFuse only stores a Stripe customer ID and non-sensitive metadata (last 4 of card, brand).
  • Usage data: log-in times, IP address, browser user-agent, pages visited, messages sent, SIM-gateway activity. Used to operate and secure the service.

From message recipients (end consumers)

  • Contact data uploaded by our customers: phone number, first name, last name, tags, and any optional fields the customer chooses to store.
  • Message content: the body of messages sent and received, along with timestamps, delivery status, and the business-owned phone number used.
  • Consent state: whether you have opted out (replied STOP or used the unsubscribe link) and when.

3. How we use information

  • To provide, operate, and improve the Service;
  • To transmit SMS on behalf of our customers through regulated mobile networks;
  • To bill our customers and handle refunds or chargebacks;
  • To detect fraud, abuse, and violations of our SMS Compliance Policy;
  • To communicate with account holders about account status, security, and service updates (these are transactional emails and you cannot opt out while your account is active);
  • To comply with legal obligations.

We do not sell personal information. We do not use message content to train AI models. We do not allow third parties to scrape or crawl customer data.

4. Who we share information with

We share limited data with service providers who help us run TextFuse:

  • Stripe (payments) — billing data. Stripe is PCI-DSS Level 1 certified.
  • Resend (email delivery) — recipient email address and email content for transactional mail (receipts, notifications).
  • DigitalOcean (hosting) — all data is stored on droplets located in a US data region, encrypted at rest.
  • Mobile carriers and SMS aggregators — phone numbers and message bodies, solely to deliver your messages. We have no control over carrier retention policies.
  • Legal and safety — we may disclose information to comply with a subpoena, court order, or other legal process, or to protect the rights, property, or safety of TextFuse, our customers, or others.

If TextFuse is acquired or merged, your information may be transferred to the successor entity subject to this Privacy Policy.

5. Data retention

  • Account and billing records: retained for the life of your account plus 7 years for tax and compliance purposes.
  • Message content: retained for 24 months, then automatically purged unless you delete it sooner. You can export your data at any time.
  • Opt-out records: retained indefinitely so opted-out numbers are never messaged again.
  • Backups: encrypted snapshots retained up to 30 days.

6. Security

We use industry-standard safeguards including encryption in transit (TLS 1.2+), encryption at rest, bcrypt-hashed passwords (cost 12), principle-of-least-privilege database access, automated backups, and restricted administrative access. No online service can guarantee absolute security; in the event of a confirmed breach affecting your data, we will notify you without undue delay.

7. Your rights

Under PIPEDA (and equivalent laws in other provinces and countries) you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate information;
  • Request deletion, subject to our legal retention obligations;
  • Withdraw consent or opt out of marketing messages at any time (reply STOP or use our opt-out page);
  • Request that we limit or suspend processing in certain circumstances;
  • File a complaint with the Office of the Privacy Commissioner of Canada.

To exercise a right, email privacy@textfuse.ca. We will respond within 30 days.

8. Cookies and tracking

We use essential cookies to keep you signed in and to protect against CSRF attacks. We use minimal first-party analytics to understand aggregate traffic patterns. We do not use third-party advertising trackers on dashboard pages and do not sell user behaviour data.

9. International transfers

Our hosting and some service providers are located in the United States. By using TextFuse you acknowledge that personal information may be processed outside Canada and may be subject to the laws of the country where it is processed.

10. Children

TextFuse is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has used the service, contact us and we will delete the information.

11. Changes to this policy

We will update this Privacy Policy from time to time. Material changes will be posted here with a new "Last updated" date and notified by email to account holders.

12. Contact

Questions or privacy requests: privacy@textfuse.ca.

← Back to TextFuse
TermsPrivacySMS Policysupport@textfuse.ca