Skip to main content

Texter Privacy Policy

Last Updated: 15/6/2026

 

App Toro s.r.o., ID no. 06454097, with its registered seat at Viktora Huga 377/4, Smichov, 150 00 Prague 5, Czech Republic (“we”).

We are creators of Texter application (“App”) and by this Privacy policy, we would like to inform you about how we process your personal data through this App.

We recommend that you read this information carefully. If you have any questions, you can contact us at any time using the contact details below. As we are company located in European union, the processing of personal data is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

 

A. TABLE OF CONTENTS

Our goal is to ensure maximum transparency in the processing of your personal data. We have divided this document into the following sections:

  • the personal data processed, including examples of the data processed (part B);
  • the purposes of the processing of personal data, as well as the legal bases and periods of processing (part C);
  • sharing of personal data (part D);
  • Your rights in data processing and how to exercise them (part E);
  • the possibility to lodge a complaint (part F); and
  • amendments to this document (part G).

 

B. PERSONAL DATA PROCESSED

When you use our App, personal data may be processed. As we want to be as transparent as possible, we divided personal data that we process about you as personal data controller into these categories:

  • Identifiers, such as user ID, device identifier, IP address, and where identity verification has been completed, a verification session reference ID linking to your verified identity record held by Veriff OÜ.
  • Contact info, such as e-mail address only if a user contacts customer support.
  • Purchases information, such as payments related solely to the App.
  • User content, such as the content of SMS messages sent or received through the Service, customer support requests, and files or attachments shared through customer support.
  • Telecommunications data, such as virtual phone numbers assigned to your account, destination numbers called or messaged, call duration, call timestamps, message delivery status, and call and message routing metadata.
  • Usage data, such as app launches, taps, scrolling information, or other information about how the user interacts with the app.
  • Diagnostics data, such as crash logs, timezone id, language, ios version or other technical information about your device.
  • Customer support data, such as identification of issue, messages between you and us, attached files and additional information, information about solution of your issues.

 

Please do not use our App to upload sensitive personal information beyond what is required for identity verification purposes. This includes health data, genetic data, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or data concerning sexual orientation. Biometric data and identity document data collected as part of our mandatory identity verification process is handled separately as described in the Identity Verification section below.

The App is not designated for children. By downloading or installing the App, you declare that you are older than 18 years old and are solely responsible for any damage or loss that we may suffer because of his untruthful declaration.

 

C. IDENTITY VERIFICATION

Where you wish to access certain features of the Service, including outbound voice calls to specific destinations, we may require you to complete identity verification. This processing involves special category personal data as defined under Article 9 GDPR, specifically biometric data used for identity verification purposes.

For this purpose we process the following categories of personal data:

  • Government-issued identity document (passport, national ID card, or equivalent)
  • Facial image and liveness check video recording
  • Extracted identity data: first name, last name, date of birth, document number, document type, and issuing country
  • Verification session reference ID and decision outcome

Identity verification is performed by our data processor Veriff OÜ, incorporated in Estonia, acting under our instructions pursuant to a Data Processing Agreement. Veriff processes your identity document and biometric data on our behalf. Their privacy policy is available at https://www.veriff.com/privacy-policy.

The legal basis for this processing is compliance with our legal obligations under applicable telecommunications regulations, and our legitimate interest in preventing fraud and ensuring the security of our telecommunications services.

Verification session data including document images, facial images, and video recording is retained by Veriff OÜ for a period of two years in active storage, after which it is archived for a further period in accordance with Veriff's data retention policy. We retain the verification session reference ID and extracted identity fields in our own systems for the duration of our legal retention obligations under applicable telecommunications regulations.

Identity verification data may be disclosed to law enforcement authorities, telecommunications regulators, or judicial authorities in response to a lawful request, including requests made pursuant to mutual legal assistance treaties or other applicable international legal cooperation frameworks.

You have the right to withdraw consent to the processing of your biometric data at any time by contacting us at texter@apptoro.agency. However, withdrawal will result in suspension of access to verification-dependent features of the Service. Withdrawal does not affect the lawfulness of processing carried out before withdrawal, nor does it affect our right to retain records where required by applicable law.

Identity verification decisions are made through automated processing by Veriff OÜ, with human review available for borderline cases. An automated decline decision will result in suspension of access to verification-dependent features. You have the right to request human review of an automated verification decision by contacting us at texter@apptoro.agency.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. Identity verification data is processed by Veriff OÜ under industry-standard security practices including ISO 27001 certification and SOC 2 Type II attestation. However no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

 

D. PURPOSES OF THE PROCESSING OF PERSONAL DATA

We process your personal data as a data controller for the processing purposes, legal bases and periods set out below.

In this section, we describe the processing of your data related to the provision of our App.

Processing of personal data in our App

D.1 Provision of App functionalities

We primarily process personal data to provide you with our App and to treat you as a customer, when you download the App and agree with our Terms & Conditions, or when you order our paid services connected with App. Personal data is processed to authenticate you as the user, enable our features, customize what you see and use, perform customer support, ensure functionality of our App. We also use your personal data to customize the App to your preferences and save them. This enables us to make it easier for you to browse the App and to customize the App for you in terms of location, language options, device of choice, etc. As part of this, we may also send you messages about the conclusion and performance of a contract, new product and service releases, payment reminders or approvals, etc.

For this purpose, we process these categories of personal data:

  • Identifiers, Contact info, Purchases information, User content, Usage data, Diagnostics data, Customer support data, Telecommunications data

The legal basis for this processing is the performance of the contract between you and us and the need to take steps at your request before entering the contract.

The data are processed for the duration of the mutual relationship and for the period necessary for the performance of the obligations under such contract and for a maximum of three years from the last activity in the App.

D.2 Improving our App

We may process data about how you use our App, what features you use most, other analytics, effectiveness of features etc., so that we can better understand how you use them and trends in their use and then improve and further develop them to your satisfaction.

For this purpose, we process these categories of personal data:

  • Identifiers, Purchases information, User content, Usage data, Diagnostics data, Customer support data.

The legal basis for this processing is our legitimate interest in improving our App, and the data is processed for a maximum of 3 years from the date of collection.

D.3 Internal records, statistics, and protection of our rights

We may process your data for the purposes of keeping internal records within our company, recording subscriptions made, producing statistical reports, protecting our rights and legal claims, and to ensure that only you use our App in accordance with their terms.

For this purpose, we process these categories of personal data:

  • Identifiers, Contact info, Purchases information, Usage data, Diagnostics data, Customer support data, Telecommunications data.

The data is processed for a maximum of 5 years after the last activity in the App, or for a maximum of 5 years after the collection of personal data if no contract has been concluded. In the event of a legal dispute, data may be retained until final resolution of the dispute.

D.4 Support and promotion of our products and services

We may process the data you provide when you review, register, or purchase our products and services to inform you about our other products, services or promotions, news, announcements, new releases, etc.

For this purpose, we process these categories of personal data:

  • Identifiers, Purchases information, User content, Usage data, Diagnostics data, Customer support data.

The legal basis for this processing is our legitimate interest in supporting and promoting our products and services. The data is processed until a maximum of 2 years after the termination of the contract concluded with you.

D.5 Fulfilling legal obligations

We may also process your personal data in order to comply with our legal obligations, particularly in the area of tax and accounting. At the same time, we need to be prepared to provide cooperation to state authorities if we are required to do so by law.

For this purpose, we process these categories of personal data:

  • Identifiers, Contact info, Purchases information, User content, Usage data, Diagnostics data, Customer support data, Telecommunications data.

The legal basis for this processing is the fulfillment of our legal obligations. The data is processed for the period required by law. Telecommunications metadata including call records, message delivery data, and related telecommunications data is retained for the duration of your active use of the Service and for a period of 2 years following account closure or last activity, after which it is deleted unless retention is required for ongoing legal proceedings or outstanding regulatory requests. Identity verification records are retained in accordance with the Identity Verification section of this Policy.

 

E. SHARING OF PERSONAL DATA

We may share your personal data with other companies in our group who also process data in accordance with this document and help us with better analytics.

At the same time, we may share personal information with third parties who help us provide our App to you. These parties act as our data processors and process personal data for us, within the scope of our processing purposes set out above. Those data processors may be:

  • A company which provides us with cloud storage services;

  • A company assisting us with promoting and marketing our own App and services;

  • A company providing solution for collecting user feedback and surveys;

  • A company providing solution for customer support;

  • A company providing App development and support;

  • Veriff OÜ, Niine 11, 10414 Tallinn, Estonia — our identity verification processor, processing government-issued identity documents, biometric data, and extracted identity fields on our behalf pursuant to a Data Processing Agreement. Veriff is an EU-based company subject to GDPR.

  • Telecommunications carrier partners providing voice call routing and SMS message delivery infrastructure. These processors handle call routing data, telecommunications metadata, and call records as necessary to provide the Service. Current carriers are located in the United States and process data under Standard Contractual Clauses.;

We may share your personal data, including identity verification records, call records, and telecommunications metadata, with law enforcement authorities, telecommunications regulators, judicial authorities, or other governmental bodies where we are required to do so by applicable law or pursuant to a lawful request, including requests made under mutual legal assistance treaties or equivalent international legal cooperation mechanisms. We may also share such data where we believe in good faith that disclosure is necessary to prevent fraud, illegal activity, or harm to others. We will endeavour to notify you of such requests where permitted by applicable law. We may also share your data with persons who have suffered harm as a result of your use of the Service where required by a court or regulatory authority.

We require all third parties with whom we share personal data to implement appropriate technical and organisational measures to protect personal data, and we enter into data processing agreements with processors as required by applicable law. However, we cannot guarantee the actions of independent third-party controllers once data has been lawfully transferred to them.

Where we transfer your personal data to recipients outside the European Economic Area, we do so only where an appropriate safeguard is in place, including European Commission adequacy decisions, Standard Contractual Clauses, or other mechanisms permitted under applicable data protection law. Our telecommunications carrier partners in the United States process data under Standard Contractual Clauses.

We do not share, sell, or transfer the content of your messages, your phone number, your SMS opt-in or consent information, or your telecommunications data to any third parties or affiliates for their marketing or promotional purposes. Telecommunications data is shared only with our carrier partners solely to deliver the calls and messages you make through the Service.

 

F. YOUR RIGHTS IN PROCESSING AND THE POSSIBILITY OF EXERCISING THEM

Just as we have rights and obligations when processing your personal data, you have certain rights when processing your personal data as set out in the following paragraphs. You have the right to (i) request access to your personal data; (ii) withdraw your consent; (iii) request rectification of your personal data; (iv) request erasure of your personal data; (v) request restriction of the processing of your personal data; (vi) request portability of your personal data; (vii) object to the processing of your personal data; or (viii) lodge a complaint with the relevant supervisory authority.

In all matters related to the processing of your personal data, whether it is a question, the exercise of rights, sending a complaint to our hands, etc., you can contact us at texter@apptoro.agency.

Your request will be processed without undue delay, at most within 1 month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further 2 months. We will, of course, always inform you of any such extension and the reason for it.

You also have the right to lodge a complaint with the supervisory authority as described below.

F.1 Right of access

You have the right to obtain confirmation from us as to whether or not we are processing your personal data.

If we process your personal data, you also have the right to request access to information about the purpose and scope of the processing, the recipients of the data, the duration of the processing, the right to rectification, erasure, restriction of processing and to object to the processing, the right to lodge a complaint with a supervisory authority and the sources of the personal data (this information is already provided in this document).

You can also ask us for a copy of the personal data we process. We provide the first copy free of charge; further copies may be subject to a fee. The scope of the data provided may be limited so as not to interfere with the rights and freedoms of others.

F.2 Right to withdraw consent

You have the right to withdraw your consent to the processing of personal data at any time. However, the withdrawal of consent does not affect the lawfulness of the processing prior to such consent, nor does it lead to the termination of the processing of personal data that has already been anonymized.

F.3 Right to rectification

You have the right to request us to correct inaccurate personal data concerning you. Depending on the purpose of the processing, you may also have the right to have incomplete personal data completed, including by providing an additional declaration.

F.4 Right to erasure (right to be forgotten)

You have the right to request the deletion of your personal data in cases where:

  • we no longer need your personal data for the purposes for which it was collected or processed;
  • you withdraw the consent on the basis of which the personal data was processed and there is no further reason for processing it:
  • you object to processing and there are no other overriding reasons for processing, or you object to processing for direct marketing purposes;
  • personal data is processed in violation of the law.

However, you cannot exercise this right where the processing is necessary for compliance with our legal obligations or tasks entrusted to us in the public interest or for the establishment, exercise, or defense of legal claims.

F.5 Right to restriction of processing

You have the right to request restriction of the processing of your personal data in cases where:

  • you contest the accuracy of your personal data; in this case, you may request a restriction of processing until the accuracy of the personal data has been verified;
  • the processing is contrary to the law and instead of erasure, you request a restriction of the processing of personal data;
  • we no longer need your personal data for the purposes for which it was collected or processed, but you require it for the establishment, exercise, or defense of legal claims;
  • you have objected to the processing of your personal data; in this case, you may request a restriction of processing until it is verified that our legitimate interests prevail.

F.6 Right to portability

You have the right to obtain a copy of your personal data that we process by automated means on the basis of your consent or for the performance of a contract. We will transmit this data in a commonly used and machine-readable format to you or to a controller designated by you, if technically feasible. The scope of the data provided may be limited so as not to interfere with the rights and freedoms of others.

F. 7 Right to object

You have the right to object to the processing of your personal data that we process on the basis of our legitimate interest. We will stop processing your data if there are no other overriding reasons for processing or if the processing is not necessary for the establishment, exercise, or defense of legal claims or if you object to processing for direct marketing purposes.

 

G. RIGHT TO FILE A COMPLAINT

In addition to the possibility of exercising your rights with our company, you can also file a complaint with the relevant supervisory authority, which is the Office for Personal Data Protection located at Pplk. Sochora 27, 170 00 Prague 7.

 

H. CHANGES TO THIS INFORMATION

This processing information is effective as of 15/6/2026. We are entitled to change this processing information from time to time, so please check it regularly. We will post any changes to this document on our website.