This Privacy Policy explains how OTP Space collects, uses, and protects personal data when you use our Service.
1. Data We Collect
- Account data: the email, WhatsApp number, and application name you register.
- End-user data: the destination phone numbers you submit for verification, together with the related OTP codes and their delivery status.
- Technical data: API request logs, timestamps, and delivery metadata needed to operate and secure the Service.
2. How We Protect Data
- Phone numbers are encrypted at rest.
- OTP codes are stored hashed, never in plaintext.
- Login sessions are cryptographically signed, and admin access is restricted to an internal allowlist.
- We never log secrets or full phone numbers in operational logs.
3. How We Use Data
We use data solely to provide the Service: sending and verifying OTPs, showing status in the dashboard, billing credit usage, preventing abuse, and providing support. We do not sell personal data.
4. Sharing With Third Parties
To deliver an OTP, the destination number is passed to the WhatsApp delivery network. We may also use infrastructure providers (hosting, database) bound by confidentiality obligations. We may disclose data where required by law.
5. Storage & Retention
We retain data for as long as needed to run the Service and meet legal obligations. Expired OTP codes can no longer be used. You can request deletion of your account data by contacting us.
6. Data Roles
For end-user data, the Customer acts as the data controller and OTP Space as the data processor, processing data on the Customer's instructions. Fuller terms are in our DPA.
7. Your Rights
Subject to applicable law (including Indonesia's Personal Data Protection Law), you may access, correct, and request deletion of your personal data. To exercise these rights, contact [email protected].
8. Changes
We may update this Policy. We will notify you of material changes by email or in the dashboard.
9. Contact
Privacy questions can be sent to [email protected].