Cobinar Phone ("we", "us", "our") is a product of Cobinar. This policy explains what data we collect when you use phone.cobinar.com and console.phone.cobinar.com, how we use it, and your rights.
Account data. When you create a developer account we collect your name, email address, and profile photo (if you sign in with Google).
Virtual phone identity. Each account is assigned a unique virtual phone number (e.g. +999 482 918 102). This number is generated at random and is not derived from any personal attribute.
Usage data. We log OTP request metadata — virtual phone number addressed, timestamp, status (pending / verified / failed / expired) — for analytics, billing, and security. We never log the OTP code itself; only a salted hash is stored and it is deleted after verification or expiry.
Application credentials. We store salted hashes of Client Secrets and API Keys. Plaintext values are shown exactly once at creation time and are not retained by us.
We do not sell personal data. We do not use it for advertising.
We use Firebase Authentication and Cloud Firestore (Google) to store developer accounts and application data. We use Cloudflare Workers to process API requests at the edge. Both providers maintain their own security and privacy programs.
OTP request records are retained for 90 days, then automatically deleted. Account data is retained while your account is active. You may request deletion at any time.
You may request a copy of the data we hold about you, correction of inaccurate data, or deletion of your account and associated data. Email privacy@cobinar.com.
All traffic is encrypted in transit via TLS. Secret credentials are stored only as salted SHA-256 hashes. OTP codes are hashed before storage and never returned by the API. Access to production Firestore is restricted to service-account credentials held exclusively by our Cloudflare Workers.
Questions? Email privacy@cobinar.com or write to Cobinar, privacy team, c/o cobinar.com.