Privacy Policy

Easy A2P — easya2p.app  |  Effective April 2026

1. Who We Are

This Privacy Policy describes how Gary Vogt Consulting, a sole proprietorship located in Sacramento, California ("Company," "we," "us," or "our") collects, uses, and protects information in connection with the Easy A2P app, accessible at easya2p.app (the "Service").

If you have questions about this Policy, contact us at [email protected] or 888-996-4227.

2. Information We Collect

2.1 Information You Provide Directly

• Email Address: Used for authentication and maintaining your non-expiring Credit ledger.
• SMS consent preferences: Whether you opted in to marketing and/or non-marketing SMS messages.
• Agreement records: The version of the Terms of Service you agreed to and the timestamp of agreement.
• Transaction Data: History of credit purchases processed via our third-party payment processor (Stripe). The Company does not receive or store full payment card numbers. We receive only a Stripe customer ID and one-time payment confirmation.

2.2 Information Collected Automatically

• Usage data: Credit usage and feature interactions may be logged server-side for billing verification and abuse prevention.
• Server logs: Standard server logs maintained by Railway may include IP addresses, request timestamps, and user agent strings.
• Email delivery data: When we send transactional emails, Resend may record delivery status and related metadata.

2.3 Submitted Content

When you use Review Existing Copy or Draft Fresh Copy modes, you submit business content including campaign descriptions, sample messages, opt-in form language, and other A2P registration materials. This content is processed via AI and immediately discarded. We do not store your raw business content. See Section 4 for details.

3. How We Use Your Information

We use the information we collect to: authenticate your account via one-time verification codes or Google OAuth; manage your credit balance; provide customer support; deliver the Service's analysis and draft generation features; process one-time credit purchases; send transactional emails including verification codes and account notifications; send SMS messages if you have opted in; ensure compliance with A2P 10DLC messaging standards; detect and prevent fraud and abuse; and comply with legal obligations.

4. What We Do NOT Store

• We do not store EINs, Social Security Numbers, or highly sensitive PII.
• Once AI processing is complete, the submitted business drafts are deleted from our application layer.
• We do not store your clients' business names, website URLs, addresses, or other identifying information submitted through the Service.
• We do not store passwords. Authentication uses one-time verification codes or Google OAuth only.
• We do not store full payment card numbers or government-issued ID numbers.
• We do not build behavioral profiles or data products from submitted content.

5. Third-Party Processors

We share data with the following third-party service providers as necessary to deliver the Service:

Provider	Purpose	Data Shared
Anthropic, Inc. anthropic.com/privacy	AI processing of submitted content	User-submitted A2P registration content (processed, not retained)
Stripe, Inc. stripe.com/privacy	One-time payment processing	Email address, payment card data (handled entirely by Stripe)
Resend resend.com/privacy	Transactional email delivery	Email address, email content, delivery status
Railway Corp. railway.app/privacy	Application hosting	Server traffic including IP addresses and request data
Supabase supabase.com/privacy	User account data storage and authentication	Email, credit balance, plan, consent records, timestamps
Google policies.google.com/privacy	OAuth authentication (Sign in with Google)	Email address, display name (only when user chooses Google sign-in)
Microsoft Clarity privacy.microsoft.com/privacystatement	Anonymized product analytics (heatmaps, session replays) to improve user experience	Anonymized interaction data: clicks, scrolls, mouse movements, page views, browser/device metadata. Form fields, password inputs, and personal identifiers are masked by default. Loaded only when you grant Analytics consent.

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

6. SMS / Text Messaging Program

Gary Vogt Consulting operates a text messaging program to send account notifications, product updates, and/or marketing messages to opted-in customers.

You may opt out at any time by replying STOP to any message. You will receive one confirmation message and no further messages will be sent.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Additional SMS program terms:

• Your phone number (if provided) and SMS consent preferences are stored solely for delivering the messages you consented to receive.
• Text HELP for assistance, or contact [email protected] or 888-996-4227.
• Message and data rates may apply. Message frequency varies.

For privacy inquiries related to SMS, contact us at [email protected] or 888-996-4227.

7. Cookies and Local Storage

Easy A2P uses a small number of cookies and browser storage mechanisms. You control which optional categories load via our cookie banner and the “Cookie Preferences” link at the bottom of every page. Your choice is remembered for 12 months, after which we will ask again.

Categories:

• Strictly Necessary (always on): Session authentication, CSRF protection, Stripe payment processing, and our own browser localStorage used to cache your account email, credit balance, and active project while you use the app. These are required for Easy A2P to work and cannot be disabled. Stored either in localStorage (our own) or as first-party session cookies (ours or Stripe's).
• Analytics (optional, off by default): Google Analytics 4 and Microsoft Clarity. When you opt in, Google sets first-party cookies (_ga, _ga_<property-id>) to distinguish unique visitors across sessions, and Microsoft Clarity sets first-party cookies (_clck, _clsk) to record anonymized session data including mouse movements, clicks, scrolls, and page views for the purpose of improving usability. Form fields, password inputs, and personal identifiers are masked by default in Clarity recordings. We use this data in aggregate to understand which pages are useful, where users get stuck, and which features see real use. No PII is sent to Google or Microsoft.
• Marketing & Advertising (optional, off by default): Reserved for future Google Ads remarketing and personalization. Currently not active — no marketing cookies are set today regardless of your preference. The toggle exists so your preference is already on record when we start advertising.

Google Consent Mode v2. Before you make a choice (and always if you choose Reject All), Easy A2P signals to Google via Consent Mode v2 that cookie storage is denied. In that state, Google may receive cookieless, aggregated pings used for statistical modeling; no cookies are set and no personal identifiers are transmitted. If you click Accept All or enable the Analytics toggle, we update the consent signal to granted and the cookies described above are set.

Revoking consent. Click “Cookie Preferences” in the footer of any page to change your choice at any time. If you downgrade Analytics from on to off, we clear Google Analytics cookies from your browser immediately; it may take Google up to 72 hours to fully remove the associated record from their systems.

Do Not Track. Easy A2P does not use cross-site tracking cookies or sell your data. We honor Global Privacy Control (GPC) browser signals: if your browser sends GPC, we treat it as a Reject All choice unless you explicitly opt in afterwards.

8. Data Retention

• Account data (email, credit balance, consent records): We retain your account email and credit history for as long as your account is active. Because Easy A2P credits never expire, we maintain this ledger indefinitely unless you explicitly request account deletion.
• Payment records: Retained by Stripe per their data retention policy. We retain transaction records for tax and accounting purposes for a minimum of 7 years.
• Server logs: Retained per Railway's infrastructure policies, typically 30–90 days.
• Submitted content: Not retained after processing. No retention period applies.

9. Your Privacy Rights

Depending on your location, you may have the following rights: Right to Know what personal data we hold; Right to Delete your personal data; Right to Correct inaccurate data; Right to Opt Out of marketing SMS at any time by texting STOP; Right to Non-Discrimination for exercising any privacy rights. To exercise these rights, contact us at [email protected]. We will respond within 45 days.

10. California Privacy Rights (CCPA/CPRA)

Under the CCPA, California residents have the right to request access to their data and the right to request deletion. We do not sell or share personal information with third parties.

If you are a California resident, you have additional rights under the CCPA as amended by the CPRA, including: Right to Know categories and specific pieces of personal information collected; Right to Delete; Right to Correct; Right to Opt Out of Sale/Sharing (we do not sell or share personal information for cross-context behavioral advertising); Right to Limit Use of Sensitive Personal Information; Right to Non-Discrimination.

Categories of personal information collected: identifiers (email address); commercial information (purchase records and credit balance); internet activity (server log data); inferences (account usage patterns for billing verification).

We do not knowingly sell or share personal information of California residents.

11. Do Not Sell or Share My Personal Information

Gary Vogt Consulting does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising. This policy applies to all users regardless of location.

12. Children's Privacy

The Service is intended for use by adults 18 years of age and older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from a person under 18, we will delete it promptly. Contact [email protected] if you believe we may have information about a minor.

13. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including: HTTPS encryption for all data in transit; server-side API proxy that prevents exposure of processing credentials; no server-side storage of submitted content; one-time verification codes and Google OAuth for authentication eliminating password storage; rate limiting on all endpoints; and server-side user database protected by Row Level Security.

No security measure is perfect. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where required by law, provide advance notice via email or in-app notification. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact Us

Easy A2P — Gary Vogt Consulting
Email: [email protected]
Phone: 888-996-4227
Sacramento, California

We will respond to all privacy inquiries within 45 days.