1. Who we are
8ms is operated by Audire Inc, doing business as 8ms ("8ms", "8ms.dev", "we", "our"). Registered office: 1040 Partridge Place, Suite 3, Helena, MT 59602, USA. You can reach us at privacy@8ms.dev for any privacy question.
2. What this policy covers
This policy describes how we handle personal data when you visit 8ms.dev, sign up for an account at app.8ms.dev, pair Android phones to our gateway, send or receive SMS through those phones, or connect a third-party service (such as a CRM, payment processor, or email provider) to your 8ms account.
3. Data we collect
Account data
When you sign up we collect your email address and any business profile you choose to add (company name, timezone, optional display name). We receive a verified email from our authentication provider (Supabase) and store a hashed session identifier.
Phone & gateway telemetry
Each Android phone you pair reports a device identifier, battery percentage, network type (Wi-Fi / 4G / 5G), and a heartbeat so we can show its online status. We do not collect the phone's contact list, its photos, its location coordinates, or any data outside the SMS subsystem and the basic health signals listed above.
SMS content
Outbound and inbound SMS that pass through your phones are stored in your 8ms account so they appear in your conversations inbox and so we can attribute deliveries, replies, and opt-outs. Message bodies are retained for as long as your account is active. You can delete individual conversations or your entire account, which purges them.
Contacts
Contact records you upload (name, phone, email, company, custom fields, tags) are stored to populate your inbox and to send campaigns. Contact phone numbers are stored in E.164 format. You can edit, export, or delete individual contacts or your entire contact list at any time.
Third-party tokens
When you connect a third-party service (GoHighLevel via OAuth, Stripe for billing, etc.) we store the access and refresh tokens we receive, encrypted at rest with AES-256-GCM. We use them only to call the third-party APIs on your behalf. Disconnecting the integration deletes the tokens.
Usage and diagnostic data
We log requests to our API and dashboard (timestamp, route, response code, anonymised IP for abuse detection, basic browser metadata) and error reports (stack traces, request IDs). We do not use third-party tracking pixels or advertising cookies.
4. Why we collect it
We process personal data to:
- Provide the service — deliver SMS, sync with connected CRMs, run scheduled campaigns, surface replies in your inbox.
- Bill you — Stripe processes payments using the customer record we share with it.
- Keep the service reliable — alert on errors, prevent abuse, monitor phone health.
- Communicate with you — transactional emails (signup confirmation, billing receipts, security alerts) and optional weekly summaries.
- Comply with law — respond to lawful requests and meet our own tax / accounting obligations.
5. Who we share data with
We use a small set of sub-processors. Each one only receives the minimum data needed to perform its function:
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Supabase (PostgreSQL + Auth) | Primary data store + auth | All account data |
| DigitalOcean | Compute / hosting | All account data (in transit) |
| Stripe | Subscription billing + payment processing | Email, plan, charge metadata |
| GoHighLevel (Lead Connector) | CRM sync when you connect it | Contacts and message bodies you choose to mirror |
| Anthropic | AI classification of inbound replies (intent + suggested reply) | Inbound message body, no contact PII beyond first name if templated |
| Resend | Transactional email delivery | Email address, message content |
| Sentry | Error monitoring (optional, when enabled) | Stack traces, request IDs, sanitised request bodies |
We do not sell or rent your data. We do not share it with advertisers.
6. International transfers
Our infrastructure and several sub-processors are based in the United States. If you access 8ms from outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses or equivalent safeguards with sub-processors operating outside your jurisdiction.
7. How long we keep data
- Account data — for as long as your account is active, plus 30 days after deletion to handle disputes and chargebacks.
- SMS content — for as long as your account is active. You can delete conversations earlier from the dashboard.
- Billing records — 7 years (US/UK tax retention rules).
- Logs and diagnostics — 90 days.
8. Security
We use TLS for all data in transit. Sensitive credentials — gateway passwords, third-party access and refresh tokens — are encrypted at rest with AES-256-GCM, with the key held in a separate environment variable rather than alongside the ciphertext. Database access is scoped per-tenant via row-level security policies so one customer cannot read another customer's data.
No system is perfectly secure. If you become aware of a vulnerability in 8ms, please email security@8ms.dev.
9. Your rights
Depending on where you live you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data ("right to be forgotten").
- Export your data in a portable format.
- Restrict or object to certain processing.
- Withdraw consent for optional processing (for example, AI reply suggestions).
Email privacy@8ms.dev and we will respond within 30 days. For most requests, the simplest path is to use the Account section of app.8ms.dev/app/settings directly.
10. SMS-specific notes
Because 8ms is an SMS gateway, two specifics matter:
- Opt-out keywords are honoured automatically. If a recipient replies STOP, UNSUBSCRIBE, REMOVE, QUIT, END, CANCEL, or OPTOUT, we mark them as do-not-contact for your account and block future sends.
- You are the sender. SMS leaves your own Android phone over your own carrier connection. You are responsible for the consent and TCPA / GDPR / regional-equivalent compliance of any messaging you send. We do not pre-clear your contact lists.
11. Children
8ms is a B2B product not directed at children. We do not knowingly collect personal data from anyone under 16.
12. Changes to this policy
We will update this page when our practices change. The "Last updated" date at the top reflects the most recent version. Material changes will be emailed to account owners.
13. Contact
Privacy questions: privacy@8ms.dev
General support: support@8ms.dev
Security disclosures: security@8ms.dev