Privacy Policy
Last updated: February 3, 2026
This Privacy Policy explains how the PhoneMCP mobile application and the associated backend software collect, use, and protect your information.
App Permissions
PhoneMCP requires the following Android permissions. Here's exactly what each permission is used for:
SEND_SMS (Send Text Messages) - REQUIRED
Why this is required: This is the core functionality of PhoneMCP—to send text messages on your behalf when requested by your AI chatbot.
How it works:
- When your AI chatbot (ChatGPT, Claude, or Gemini CLI) requests to send a text message, PhoneMCP receives that request via Firebase Cloud Messaging
- The message is sent from your phone using your carrier's SMS service
- You remain in complete control—you can stop the service at any time via the app
This permission is mandatory for the app to function.
RECEIVE_SMS (Receive Text Messages) - OPTIONAL
Why this is requested: To enable tools that allow your AI chatbot to request recent text messages from your phone.
How it works:
- When your AI chatbot requests recent messages, the app retrieves them from your device
- Messages pass through the PhoneMCP backend server but are not stored
- Without this permission, message retrieval features will not work
READ_CONTACTS (Access Your Contacts) - OPTIONAL
Why this is requested: To display contact names in the app, in the message history window—for example, showing "John Doe" instead of "+1-555-0123".
How it works:
- Contact lookups happen only on your device—contact data never leaves your phone
- The app does not upload, store, or transmit any contact information to servers
- Without this permission, you'll see phone numbers instead of contact names in the message list
Information We Collect
1. Account Information
When you sign in to PhoneMCP using Google Sign-In, the following information is collected as part of the standard OAuth authentication process:
- Email address - Used to authenticate your account and link your phone to your AI chatbot sessions
- Name - Retrieved from your Google account for display purposes
- Profile picture - Retrieved from your Google account for display purposes
Please review Google's Privacy Policy for information about how Google handles your data during the OAuth process.
2. Device Information
The following device information is collected:
- Device identifier (Android ID) - Used to uniquely identify your device for message routing
- Device name - The name you assign to your device in the app (e.g., "Pixel8a")
- Firebase Cloud Messaging (FCM) token - Used to deliver SMS sending requests to your device
Data Sharing and Third Parties
Information Not Shared
The app and the associated backend software do not sell, rent, or trade your personal information to third parties. Your contacts are never shared with anyone.
Third-Party Services
PhoneMCP integrates with the following third-party services:
- Google Sign-In: For authentication (see Google's Privacy Policy)
- Firebase (Google): For authentication, cloud messaging, and crash reporting (see Firebase Privacy Policy)
- AI Chatbot Providers: PhoneMCP connects your phone to AI services (ChatGPT, Claude, Gemini CLI). These services have their own privacy policies:
Using another chatbot? Make sure you read their privacy policies.
Note: When you send SMS messages through AI chatbots, the message content is visible to the AI provider. PhoneMCP does not control how these providers handle your data.
Data Retention
Data that flows through the PhoneMCP backend:
- Account information: Retained while your account is active. Deleted when you sign out and unregister your device
- Outgoing SMS messages: Pass through the server to reach your device but are not stored. They are delivered and immediately discarded
- Incoming SMS messages (when requested via AI tools): Pass through the server to reach your AI chatbot but are not stored
- Crash reports: Retained for 90 days for debugging purposes, then automatically deleted