OTP Buddy

Last updated: April 2, 2026

Privacy Policy

OTP Buddy helps you receive email-based verification codes (OTPs) as text messages. This policy explains what we access, what we store, and how we protect your information.

Purpose-limited Gmail access

We only use the Google permissions you approve to read messages for OTP forwarding—not for advertising or unrelated profiling.

Minimal retention

OTPs and message content are processed to deliver your SMS and are not kept for analytics or resale.

No sale of personal data

We do not sell, rent, or trade your personal information to data brokers or marketers.

Information we do not collect or use for OTP Buddy

OTP Buddy is not a VPN and does not route your general internet traffic. In operating this service, we do not collect, log, or store:

  • Websites you visit or general browsing history
  • DNS queries unrelated to delivering OTP Buddy
  • Your IP address for behavioral profiling or ad targeting
  • Network traffic content outside what is needed to read Gmail messages you authorize
  • Connection logs that link unrelated online activity to your identity

Information we collect to provide OTP Buddy

To connect your mailbox, detect OTP messages, and send SMS, we collect only what is reasonably necessary:

  • Google account identifiers — such as your Google user ID and email address, obtained when you sign in with Google.
  • OAuth tokens — stored securely (encrypted at rest where applicable) to maintain access you have granted to Gmail until you revoke it or delete your account.
  • Phone number — the number you provide in E.164 format so we can deliver OTP SMS via our messaging provider.
  • Email content and metadata (transient) subject, sender, and body text from messages we process solely to determine whether a message contains an OTP and to extract the code for forwarding. We do not use this content to build advertising profiles.
  • Limited operational logs — for example errors, delivery status, and security events. These logs are not used to track unrelated personal behavior.

Important: Gmail access is granted by you through Google's consent screen. You can revoke OTP Buddy's access at any time in your Google Account settings. Revoking access stops new processing immediately.

How we use your information

  • Authenticating you and maintaining your OTP Buddy account
  • Reading authorized Gmail messages to detect and extract OTPs you choose to forward
  • Sending SMS through a certified messaging provider (e.g. Twilio or similar)
  • Security, abuse prevention, and service reliability
  • Customer support when you contact us

Data sharing and subprocessors

We do not sell your personal information. We may share limited data with service providers strictly to operate OTP Buddy:

  • Google — for Sign in with Google and Gmail API access you authorize.
  • SMS / communications providers — to deliver text messages to your phone number.
  • Hosting and database providers — to store account data and tokens with encryption and access controls.

We may disclose information when required by valid legal process, or to protect the rights, safety, and security of our users and the service.

Security

We use industry-standard protections including encryption in transit (HTTPS/TLS), secured credentials, and restricted access to production systems. No method of storage or transmission is 100% secure; we work to reduce risk and respond to issues promptly.

Retention and deletion

We retain account and token data for as long as your account is active or as needed to provide the service. OTP message content is not retained for marketing purposes. You may request deletion of your account and associated data by contacting us; some records may be retained where required by law.

Your rights

You have control over your information, including the ability to:

  • Access or request a copy of personal data we hold about you
  • Request correction of inaccurate information
  • Delete your OTP Buddy account and ask us to remove associated data
  • Revoke Google access directly in your Google Account
  • Opt out of non-essential communications where applicable

California (CCPA): You may have rights to know, delete, and opt out of certain sharing of personal information.

EU/UK (GDPR): You may have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority.

International users

If you use OTP Buddy from outside the United States, your information may be processed in the United States or other countries where we or our providers operate, which may have different data protection laws.

Children

OTP Buddy is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. For material changes, we will provide additional notice as appropriate.

Contact us

Questions about OTP Buddy and your privacy?

Business address:
21915 W Firemist Ct
Cypress, TX 77433
United States

← Back to OTP Buddy