Textly
Sign inGet started

Last updated June 2026

Privacy policy

This policy explains what personal data Textly handles, why, and for how long. It covers both the people who use Textly and the recipients of messages sent through it.

Who we are

Textly (Textly.co.uk) provides a business texting platform. For the accounts and people who sign in to Textly, we act as a data controller. For the recipient phone numbers and message content that a customer uploads and sends, the customer is the controller and Textly is a processor acting on their instructions.

What we collect

  • Account details: business name, the email address you sign in with, and your plan.
  • Twilio connection details you provide. Your Auth Token is encrypted at rest and never shown again.
  • Contact lists you create: phone numbers and any names you add.
  • Messages you send, and the delivery status returned for each one.
  • Consent records: who confirmed recipient consent for a send, the time, and the IP address it was confirmed from.

Consent and your responsibility

Before each send you must confirm that the recipients have agreed to receive promotional, marketing or other correspondence from the sender. You are responsible for holding a lawful basis for contacting every number you message through Textly. We record this confirmation against each send.

Why we keep logs, and for how long

We retain message logs, delivery statuses and consent records so that you have a record of what was sent, and so that we can investigate misuse, spam, scam or other abusive messaging. This is part of how we keep the platform trustworthy and meet our own legal obligations.

Logs are retained for up to 24 months, after which they are deleted or anonymised unless we are required to keep them longer for a legal or regulatory reason, or to deal with an ongoing dispute or investigation.

Who we share data with

We use Twilio as our messaging carrier. Numbers and message content are passed to Twilio in order to deliver your messages. We use Google Firebase for authentication and data storage. We do not sell personal data.

Security

Access to the platform requires sign in. Sensitive credentials such as your Twilio Auth Token are encrypted at rest. Data access is restricted to your own account, and Textly staff access is limited to what is needed to run the service and act on compliance.

Your rights

Individuals have rights over their personal data, including access, correction and erasure. If you are a recipient and want to know which business holds your number, contact that business directly. For requests about data Textly controls, or to raise a concern, contact us using the details below.

Contact

Questions about this policy can be sent to privacy@textly.co.uk.