Privacy Policy | RoamNumber

1. Who We Are

RoamNumber is operated by Zero Index Software SAS, a company registered in France. We act as the data controller for the personal data processed through the RoamNumber service available at roamnumber.com.

For any privacy-related inquiries, you can contact us at: privacy@roamnumber.com

2. What Data We Collect

We collect and process the following categories of personal data when you use RoamNumber:

2.1 Account Information

Full name
Email address
Profile image (if you sign in with Google)
Hashed password (if you use email/password authentication)

2.2 Session and Device Data

IP address
Browser user agent (browser type, version, operating system)
Session tokens and expiry information

2.3 Phone Numbers

Phone numbers you purchase through the service
Custom names you assign to your phone numbers
Phone number capabilities (SMS, MMS, voice)

2.4 Communication Content

SMS and MMS messages: message text, media attachments (URLs), delivery status, timestamps, and the phone numbers of the parties involved
Voice calls: call direction, duration, start/end times, and call status. We do not record the audio content of voice calls.

2.5 Push Notification Data

Browser push subscription endpoints and associated encryption keys, if you enable push notifications

2.6 Analytics Data

We use a self-hosted instance of Umami, a privacy-focused analytics tool. Umami does not use cookies, does not collect personal data, and does not track individual users. It collects anonymous, aggregated data such as page views, referrer URLs, browser type, and country (derived from IP addresses, which are not stored).

3. How We Use Your Data

We process your personal data for the following purposes:

Purpose	Legal Basis (GDPR)
Providing the RoamNumber service (sending/receiving messages and calls)	Performance of contract (Art. 6(1)(b))
Account creation and authentication	Performance of contract (Art. 6(1)(b))
Sending push notifications about incoming messages and calls	Consent (Art. 6(1)(a))
Session management and security (IP logging, user agent)	Legitimate interest (Art. 6(1)(f))
Anonymous analytics to improve the service	Legitimate interest (Art. 6(1)(f))
Compliance with legal obligations (e.g., telecommunications regulations)	Legal obligation (Art. 6(1)(c))

4. Third-Party Services

We share data with the following third-party service providers:

4.1 Telnyx

Telnyx provides our telecommunications infrastructure, including phone number provisioning, SMS/MMS messaging, and voice calling. When you use RoamNumber, your phone numbers, message content, media attachments, and call metadata are processed by Telnyx. Telnyx acts as a data processor on our behalf. For more information, see the Telnyx Privacy Policy.

4.2 Google (Optional)

If you choose to sign in with Google, we receive your name, email address, and profile image from Google through the OAuth protocol. We do not share any of your RoamNumber data with Google. See the Google Privacy Policy.

4.3 Browser Push Services

If you enable push notifications, notifications are delivered through your browser's push service (e.g., Firebase Cloud Messaging for Chrome, Mozilla Push Service for Firefox). Notification payloads include a message preview and a link to the relevant conversation.

5. Cookies

RoamNumber uses a single essential cookie for authentication: better-auth.session_token (or __Secure-better-auth.session_token over HTTPS). This cookie is strictly necessary to keep you signed in and cannot be disabled while using the service.

We do not use any tracking cookies, advertising cookies, or third-party cookies. Our analytics solution (Umami) is cookie-free.

6. Data Retention

Account data: retained for as long as your account is active. If you request account deletion, your data will be deleted within 30 days.
Messages and call records: retained for as long as your account is active and the associated phone number is in your possession.
Session data: automatically expires and is deleted based on session lifetime settings.
Push subscriptions: automatically removed when the subscription becomes invalid (e.g., when you unsubscribe or change browsers).
Invitation tokens: expire after their designated validity period and are no longer usable.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

All data in transit is encrypted using TLS (HTTPS)
Passwords are hashed using industry-standard algorithms before storage
Database access is restricted and connection-pooled
Authentication sessions are cryptographically signed and include IP and user agent verification
Access to the service is invitation-only, limiting unauthorized account creation

8. International Data Transfers

Zero Index Software SAS is based in France. Your data is processed within the European Union where possible. However, some of our service providers (notably Telnyx, which is headquartered in the United States) may process data outside the EU/EEA. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Your Rights

Under the GDPR, and where applicable under other data protection laws, you have the following rights:

Right of access: request a copy of the personal data we hold about you
Right to rectification: request correction of inaccurate or incomplete data
Right to erasure: request deletion of your personal data
Right to restriction: request that we restrict the processing of your data
Right to data portability: request your data in a structured, machine-readable format
Right to object: object to processing based on legitimate interests
Right to withdraw consent: where processing is based on consent (e.g., push notifications), you may withdraw it at any time

To exercise any of these rights, contact us at privacy@roamnumber.com. We will respond within one month, as required by the GDPR.

You also have the right to lodge a complaint with the French data protection authority (CNIL) or your local supervisory authority.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know: what personal information we collect, use, and disclose
Right to delete: request deletion of your personal information
Right to opt out of sale: we do not sell your personal information to third parties
Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

11. Children

RoamNumber is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the service. The “Last updated” date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@roamnumber.com
Company: Zero Index Software SAS
Data Protection Authority: CNIL (Commission Nationale de l'Informatique et des Libertés)