Privacy Policy

This Privacy Policy explains how the PhoneMCP mobile application and the associated backend software collect, use, and protect your information.

App Permissions

PhoneMCP requires the following Android permissions. Permissions are requested only when you start the service, not during app installation or first launch.

SEND_SMS (Send Text Messages) - REQUIRED

How it works:

• When your AI chatbot (ChatGPT, Claude, or Gemini CLI) requests to send a text message, PhoneMCP receives that request via Firebase Cloud Messaging
• The message is sent from your phone using your carrier's SMS service
• You remain in complete control—you can stop the service at any time via the app

This permission is mandatory for the app to function.

RECEIVE_SMS (Receive Text Messages) - REQUIRED

How it works:

• When your AI chatbot requests to receive a message (such as retrieving a verification code), the app monitors incoming SMS
• Incoming SMS monitoring is active while the service is running (started via the "START" button)
• Messages are forwarded to your AI chatbot only when it actively requests them
• Messages pass through the PhoneMCP backend server but are not stored
• Without this permission, message retrieval features will not work

This permission is mandatory for the app to function.

READ_SMS (Read Text Messages) - REQUIRED

How it works:

• When you send a text message from your phone's messaging app, PhoneMCP detects it and forwards it to your AI chatbot for context
• This enables your AI chatbot to see both sides of a conversation—messages you receive and messages you send
• Outgoing SMS monitoring is active while the service is running (started via the "START" button)
• Messages pass through the PhoneMCP backend server but are not stored

This permission is mandatory for the app to function.

READ_CONTACTS (Read Contacts) - OPTIONAL

How it works:

• When an SMS is forwarded to your AI chatbot, PhoneMCP looks up the phone number in your contacts to include the contact name
• Contact names are sent alongside the SMS so your AI chatbot can refer to people by name instead of phone number
• Your contacts list is never uploaded, stored, or shared—lookups happen entirely on your device
• If you deny this permission, the app works normally but phone numbers will appear without names

This permission is optional. The app works without it.

Information We Collect

1. Account Information

When you sign in to PhoneMCP using Google Sign-In, the following information is collected as part of the standard OAuth authentication process:

• Email address - Used to authenticate your account and link your phone to your AI chatbot sessions
• Name - Retrieved from your Google account for display purposes
• Profile picture - Retrieved from your Google account for display purposes

Please review Google's Privacy Policy for information about how Google handles your data during the OAuth process.

2. Device Information

The following device information is collected:

• Device identifier (Android ID) - Used to uniquely identify your device for message routing
• Device name - The name you assign to your device in the app (e.g., "Pixel8a")
• Firebase Cloud Messaging (FCM) token - Used to deliver SMS sending requests to your device

Data Sharing and Third Parties

Information Not Shared

The app and the associated backend software do not sell, rent, or trade your personal information to third parties. Your contacts are never shared with anyone.

Third-Party Services

PhoneMCP integrates with the following third-party services:

• Google Sign-In: For authentication (see Google's Privacy Policy)
• Firebase (Google): For authentication, cloud messaging, and crash reporting (see Firebase Privacy Policy)
• AI Chatbot Providers: PhoneMCP connects your phone to AI services (ChatGPT, Claude, Gemini CLI). These services have their own privacy policies:
  • OpenAI (ChatGPT) Privacy Policy
  • Anthropic (Claude) Privacy Policy
  • Gemini CLI Privacy Policy

  Using another chatbot? Make sure you read their privacy policies.

Note: When you send SMS messages through AI chatbots, the message content is visible to the AI provider. PhoneMCP does not control how these providers handle your data.

Data Retention

Data that flows through the PhoneMCP backend:

• Account information: Retained while your account is active. Deleted when you sign out and unregister your device
• Outgoing SMS messages (AI-initiated): Pass through the server to reach your device but are not stored. They are delivered and immediately discarded
• Incoming and outgoing SMS messages (synced to AI): Temporarily stored on the server for up to 5 minutes to allow your AI chatbot to retrieve them, then automatically deleted
• Crash reports: Retained for 90 days for debugging purposes, then automatically deleted

Account and Data Deletion

You have the right to request deletion of your account and associated data at any time.

How to Delete Your Account

You can delete your account and data through two methods:

• Open the PhoneMCP app
• Tap "Sign Out" to unregister your device and stop the service
• Your account information and device registration will be immediately deleted from our servers

If you've uninstalled the app or cannot access it, you can request account deletion by emailing us at:

hello@phone-mcp.com

Please include "Account Deletion Request" in the subject line and provide the email address associated with your PhoneMCP account.

What Gets Deleted

When you delete your account, the following information is removed:

• Your email address and account information
• Device identifier and device name
• Firebase Cloud Messaging (FCM) token
• Any crash reports associated with your account

Deletion Timeline

Account deletion through the app is immediate. Email requests are typically processed within 48 hours during business days. You will receive a confirmation email once your account has been deleted.