Legal
Privacy Policy
Last updated: 2026-06-07.
What we collect
- Account: Telegram user ID, username, display name.
- Auth: encrypted session cookie (HttpOnly, signed with itsdangerous). For anonymous accounts: hashed access codes - we never store plaintext.
- Transactions: invoice IDs, payment amounts, payment status. No card data, no wallet addresses stored by us (those live with NOWPayments / Heleket).
- Usage: number purchases, SMS message bodies (only the ones you received through the service, only the most recent one per number).
What we don't collect
- No full names unless you provide them.
- No phone numbers of your personal devices.
- No tracking pixels or third-party analytics (no Google Analytics, no Facebook pixel).
- No biometrics, no KYC documents.
How we use your data
Only to operate the service: deliver SMS, charge your balance, send you notifications, and provide support. We never sell or rent your data.
Cookies
- Session cookie (nexaverify_sess) - encrypted, HttpOnly, 30-day expiry.
- CSRF cookie (nexaverify_csrf) - for double-submit CSRF protection.
- Theme preference — stored in
localStorage, not a cookie.
Data retention
Numbers that have expired or been released are kept for 90 days for dispute resolution, then deleted. Invoices and transactions are kept for 5 years for tax/regulatory reasons.
Your rights
You can request a full export of your data or deletion of your account by contacting us on Telegram. We respond within 7 days.
Contact
@khalif_wwh