Privacy Policy

This Privacy Policy explains how mySMS360 ("mySMS360," "we," "us," or "our") collects, uses, discloses, and protects information when you use our storage management platform and related services (the "Service"). By using the Service you agree to the practices described here.

Who we serve

mySMS360 is software for self-storage operators (our "customers"). Operators use the Service to manage their own facilities, units, tenants, billing, and reporting. When an operator stores information about their tenants in mySMS360, the operator is the controller of that data and mySMS360 acts as a processor on the operator's behalf.

Information we collect

• Account information. Operator names, email addresses, phone numbers, facility details, and login credentials (passwords are stored only as salted hashes — we never store them in plain text).
• Operational data. Information operators enter to run their facilities: units, rentals, tenant contact records, invoices, payments, leads, notes, documents, and audit logs.
• Usage and device data. Standard log data such as IP address, browser type, pages accessed, and timestamps, used to operate, secure, and improve the Service.
• Payment metadata. Records of invoices and payment status. We do not collect or store full card numbers — see "Payments" below.

How we use information

We use the information we collect to provide and operate the Service, authenticate users, process billing, send transactional notifications (email and SMS) that operators configure, maintain security and audit trails, provide support, and improve the platform. We do not sell tenant data, and we do not use operator or tenant data for advertising.

Payments

Payments are processed by Stripe. Each operator connects their own Stripe account, and card data is handled directly by Stripe under its PCI-DSS compliance. mySMS360 never receives or stores full card numbers — we only see payment metadata such as amount, status, and the last four digits returned by Stripe. Stripe's handling of payment data is governed by Stripe's own privacy policy.

Third-party processors and integrations

We rely on a small number of trusted third-party service providers to deliver the Service, including infrastructure hosting, database storage, email delivery, and SMS delivery. These providers process data only as needed to perform services for us and are bound by appropriate confidentiality and security obligations.

QuickBooks Online (optional). An operator may choose to connect their QuickBooks Online company to mySMS360. This connection is established with the operator's explicit consent through Intuit's OAuth 2.0 flow and uses the least-privilege accounting scope. QuickBooks data is accessed on a read basis to support synchronization, and any access or refresh tokens are stored encrypted at rest. mySMS360 never returns these tokens to the browser, and an operator can disconnect the integration at any time from Settings, which removes the stored credentials.

Security

We take the security of your data seriously. Sensitive credentials and third-party secrets are encrypted at rest using AES-256 encryption with per-tenant key derivation, so one operator's secrets are cryptographically isolated from another's. All data in transit is protected with TLS. The platform is multi-tenant with strict facility-level isolation, and write operations are recorded in audit logs. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard safeguards.

Data portability and retention

Your data is yours. mySMS360 provides one-click data export so an operator can download their records at any time — we never charge for or block data portability. We retain operational data for as long as an account is active and as needed to provide the Service. When an operator closes their account, we delete or anonymize their data within a reasonable period, except where we are required to retain it to comply with legal obligations.

Your choices and rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information. Operators can manage most data directly within the Service. Tenants whose data is held by an operator should contact that operator, who controls the data. For any privacy request you can also contact us using the details below.

Children's privacy

The Service is intended for businesses and is not directed to children under 13. We do not knowingly collect personal information from children.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be communicated through the Service or by email.

Contact us

Questions about this policy or your data? Email us at support@mysms360.com.

See also our Terms of Service.