AI SMS Forwarder โ forward SMS to multiple phone numbers & email with AI voice filters.
Welcome to AI SMS Forwarder. Your privacy is not a feature we bolt on โ it is the foundation of how this app works. This Privacy Policy explains what information the app processes, why, how long it stays around, and the choices you have. It applies to users worldwide.
This Policy covers the AI SMS Forwarder Android application, our website at toolsforoffice.com, and any supporting backend services we operate for this app (collectively, the "Service"). It does not cover third-party services that you choose to integrate (e.g., OpenAI, your own SMTP provider, your carrier) โ those are governed by their own policies.
We design the app to collect as little as possible. The table below shows the full picture.
| Category | What | Where it lives | Why |
|---|---|---|---|
| ๐จ SMS content | Sender, body, timestamp of received SMS | On your device (local). Only sent to our servers if you enable cloud AI or email forwarding. | Match your filters and forward |
| ๐ข Recipient phone numbers | Numbers you configure | On your device | Outbound SMS forwarding |
| โ๏ธ Recipient emails | Addresses you configure | On your device; transmitted with the forwarded content through our SMTP relay at send-time only | Email forwarding |
| ๐๏ธ Voice recordings | Recordings you make to create voice-based filter rules | On-device if you use Android transcription; on our server if you use Backend AI | Turn speech into filter logic |
| ๐ OpenAI API key | The key you save in Preferences | On your device, encrypted | Call OpenAI directly from your phone |
| ๐ Webhook / API endpoint | The POST or WebSocket URL (and any auth headers/tokens) you configure | On your device, encrypted; SMS content sent directly to this URL at send-time only | Advanced/developer SMS forwarding to your own backend |
| ๐ณ Wallet & billing | Purchase history, top-ups, usage counts | Our servers (for paying users) | Run your wallet & plan |
| ๐งพ Account identifiers | Email, device ID, app version | Our servers (for paying users) | Authentication & support |
| ๐ Diagnostics | Crash logs, non-identifying performance data | Our servers | Keep the app stable |
The app offers two ways to turn your spoken instruction (e.g., "forward any SMS from my bank to my wife and my email") into a working filter rule:
Your phone does the speech-to-text locally. The audio never reaches our servers.
The audio is streamed to our server, transcribed, and converted into a filter rule. The audio is processed in memory and the rule is returned to your device. We do not keep the raw audio beyond the processing window (see Retention below), and we do not use your audio to train models.
If you save an OpenAI API key in Preferences, calls go from your phone to OpenAI directly โ we do not see the key or the responses. Alternatively you can add money to our wallet and we bill you per API request, or enroll in a monthly plan.
When you enable email forwarding, matched SMS content is transmitted from your device to our SMTP relay over TLS. We send the email to the recipient(s) you configured and then discard the body within 24 hours. We log only minimal metadata (timestamp, destination domain, delivery status) to operate the service and bill correctly.
For advanced/developer users, the app offers an optional feature to forward matching SMS directly to a custom HTTP POST endpoint or WebSocket URL that you configure โ for example, your own Node.js backend or internal service.
You choose the destination, so you are responsible for its security and legitimacy. We recommend using HTTPS/WSS and authenticated endpoints. Any credentials, tokens, or headers you configure for this feature are stored encrypted on your device and used only to authenticate requests to the endpoint you set up.
Because this feature transmits content to a destination outside our control, Section 17 (Disclaimers & Limitations) applies in full โ we cannot see, moderate, or secure data once it reaches your configured endpoint.
| Data type | Retention on our servers |
|---|---|
| ๐จ Forwarded SMS content (email path) | Less than 24 hours, then permanently deleted |
| ๐๏ธ Voice recordings (Backend AI) | Less than 24 hours, then permanently deleted |
| ๐ Webhook/WebSocket forwarded content | Not retained by us โ sent directly device-to-endpoint, never stored on our servers |
| ๐งพ Wallet / billing records | As long as required by tax and accounting law (typically 7 years in India) |
| ๐ Crash & diagnostic logs | Up to 90 days |
| โ๏ธ Support emails | Up to 24 months |
We do not sell your personal information. Ever. We share data only with:
Our primary data processing takes place in India. When you use Backend AI or email forwarding, your data may transit through servers located in other regions (including the EU and the United States) operated by our infrastructure providers. Where required, we rely on lawful transfer mechanisms โ for EU/UK users, Standard Contractual Clauses (SCCs) and the UK Addendum; for other regions, the mechanisms recognised under local law.
Regardless of where you live, you can always email contact@toolsforoffice.com to access, correct, or delete your data, withdraw consent, or close your account. Below are the additional rights granted by the main privacy laws around the world.
Rights of access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with your Supervisory Authority (e.g., the ICO in the UK, the CNIL in France). Our lawful bases are contract, legitimate interests, consent (for AI voice & marketing), and legal obligation.
Right to access, correction, erasure, grievance redressal, and nomination. You may contact our Grievance Officer at contact@toolsforoffice.com.
Right to know, delete, correct, opt-out of sale/sharing, limit use of sensitive personal information, and non-discrimination. We do not sell or share personal information as those terms are defined under CCPA.
Access, correction, withdraw consent, and file a complaint with the Office of the Privacy Commissioner of Canada.
Confirmation, access, correction, anonymisation, portability, deletion, and to lodge a complaint with the ANPD.
ARCO rights (Access, Rectification, Cancellation, Opposition) under the Federal Law on Protection of Personal Data (LFPDPPP).
Right to disclosure, correction, discontinuance, and a complaint to the PPC.
Access, correction, deletion, suspension of processing, and complaint to the PIPC.
Right to know, decide, access, copy, correct, delete, and to object. Cross-border transfer conditions apply.
Access and correction, withdraw consent, and complaint to the PDPC.
Access, rectification, erasure, restriction, portability, objection, and complaint to the PDPC.
Access, correction, and complaint to the OAIC (AU) or OPC (NZ).
Access, correction, objection, and complaint to the Information Regulator.
Rights under the UAE PDPL, Saudi PDPL, and equivalent laws โ access, correction, deletion, objection.
AI SMS Forwarder is not directed at children under the age of 16 (or the age of digital consent in your country, whichever is higher). We do not knowingly collect data from children. If you believe a child has provided us data, please contact us and we will delete it.
๐ด Wrong recipient risk. If you configure the wrong phone number or email, your SMS โ including OTPs and other sensitive content โ may be forwarded to the wrong person. You are solely responsible for verifying recipients. AI Future Gen Pvt Ltd cannot be held responsible for loss, harm, or unauthorized access arising from incorrect recipient configuration.
๐ด Webhook/API forwarding risk. If you configure SMS forwarding to a custom webhook (HTTP POST) or WebSocket endpoint โ especially one you did not set up yourself, or that was provided to you by a third party โ you are solely responsible for that destination's security, legitimacy, and handling of your data. Configuring this feature at someone else's instruction is a known scam pattern used to intercept OTPs and banking SMS; the app warns you about this before the feature can be enabled. AI Future Gen Pvt Ltd cannot be held responsible for data intercepted, misused, or lost once it reaches an endpoint you configured. Note that this app will mandatorily push to the Webhook these data: from(received from) ,sms body,msg received time, battery percent, forwarding time, IMIE1 hash, mobile number on which received. If any of those data deems private, kindly don't use this app
๐ด Security incidents. Although we implement industry-recognised safeguards, no system is immune to compromise. To the maximum extent permitted by law, we cannot be held liable for losses arising from hacking, unauthorized access, or compromise of our systems, your device, your email provider, your carrier, your configured webhook/WebSocket endpoint, or the networks between them.
๐ด Third-party services. OpenAI, SMTP providers, your own webhook/API backends, mobile carriers, and operating system vendors all have their own policies. We are not responsible for their acts or omissions.
Nothing in this Policy excludes liability that cannot be excluded under applicable law (for example, liability for gross negligence, willful misconduct, or death/personal injury under local consumer laws).
We may update this Policy to reflect new features, legal requirements, or operational practices. When we make material changes, we will notify you through the app or by email before the change takes effect. The "Last updated" date at the top of this page always reflects the current version.
For all data requests, please include your app account email and the country you reside in so we can route your request correctly.