Textual Privacy Policy

Last Updated: May 4, 2026

This Privacy Policy ("Policy") explains how Textual, LLC and its affiliates ("Textual," "we," "us," or "our") collect, use, and protect information about you ("personal information") in connection with our text-to-buy commerce platform, our website at https://www.textual.com, and any related products or services that link to this Policy (collectively, the "Service").

Textual is a marketing engagement platform that operates a business-to-business-to-consumer (B2B2C) model. We are not a data broker, and we do not monetize personal information. The privacy and security of the information you entrust to us is paramount.

Our Commitment to You

We do not sell or share mobile information, personal information, or any other consumer data with third parties, affiliates, or partners for marketing or promotional purposes. We only share data with third parties when it is strictly necessary to deliver our Service, and only under binding agreements that ensure confidentiality. Under no circumstances will mobile information be shared or sold for advertising, marketing, or promotional use.

This commitment applies to all categories of personal information we collect, including but not limited to mobile phone numbers, SMS opt-in data, message content, names, email addresses, and any other identifiers you provide to us or that are provided to us by our business customers on behalf of their end users.

Textual’s Role: Controller vs. Processor

Textual as a Data Controller. For purposes of applicable data protection laws, Textual is the "data controller" of personal information collected directly through our website, our marketing activities, and the administration of customer accounts. This Policy describes those activities.

Textual as a Data Processor. When our business customers use our platform to communicate with their own end users (for example, when a brand sends text-to-buy messages to its subscribers), Textual acts as a "data processor" or "service provider." We process that data only on behalf of, and under the documented instructions of, our customer, who is the data controller. This Policy does not describe that processing—please consult the privacy policy of the brand that sent you the message.

Table of Contents

1. Information We Collect

2. How We Use Information

3. SMS, Mobile Information, and Messaging

4. How We Share Information

5. Cookies and Analytics

6. Your Choices and Communication Preferences

7. Your Privacy Rights

8. Data Security

9. Data Retention

10. Children

11. Third-Party Websites and Services

12. Changes to This Policy

13. Contact Us

14. Region-Specific Disclosures (California, GDPR)

1. Information We Collect

Information You Provide Directly

• Account and contact information: name, email address, password, company name, company URL, business phone, business address, job title, and similar information you provide when registering for an account, requesting a demo, or contacting us.
• Mobile information and SMS opt-in data: mobile phone number and the consent record (date, time, source, and language of opt-in) when you sign up to receive text messages from us or from a Textual customer through our platform.
• Message content: the text of messages you send to or receive from us, and (in our processor capacity) messages exchanged between our customers and their subscribers through the platform.
• Transaction information: records of services purchased, ordered, or considered, and limited payment information. Card details are entered directly into our third-party payment processor; we receive only the last four digits, card brand, and transaction metadata.
• Communications: information you provide when you contact support, request a demo, complete a form, or respond to a survey.

Information Collected Automatically

• Log data: IP address, browser type and version, operating system, device type, referring URL, and timestamps.
• Usage data: pages viewed, features used, links clicked, campaign performance metrics, and similar interaction data.
• Approximate location: general geographic region inferred from IP address. We do not collect precise GPS location.
• Cookies and similar technologies: see Section 5 below.

Information from Limited Third-Party Sources

We may receive limited information from authentication providers when you log in using single sign-on, from publicly available business directories for sales and account-verification purposes, and from service providers who perform functions on our behalf. We do not purchase consumer mobile lists, and we do not augment our subscriber data with information bought from data brokers.

2. How We Use Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve the Service.
• To process transactions, deliver messages, and fulfill our contractual obligations to customers.
• To authenticate users, secure accounts, and prevent fraud or abuse.
• To respond to inquiries, provide customer support, and communicate about your account or the Service.
• To send you administrative messages (such as billing notices, security alerts, and changes to our terms or this Policy).
• To send you marketing communications about Textual’s own products and services, where permitted by law and subject to your right to opt out.
• To analyze usage of the Service in aggregate, in order to improve features, performance, and reliability.
• To comply with legal obligations and enforce our Terms of Service.

3. SMS, Mobile Information, and Messaging

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Mobile opt-in data and consent records are not sold, rented, or shared with any third party for any purpose other than the direct delivery of the messaging service you signed up for.

How we use mobile numbers and SMS data

We use mobile numbers and SMS-related information solely to:

• Deliver the text messages you (or, where Textual acts as a processor, the brand’s subscribers) have opted in to receive.
• Process replies, including transactional confirmations, customer support, and STOP/HELP keyword responses.
• Maintain records of consent, opt-in, and opt-out as required by the Telephone Consumer Protection Act (TCPA), the CTIA Messaging Principles and Best Practices, and applicable carrier requirements.
• Detect and prevent fraud, abuse, or violations of our Acceptable Use Policy.

Subprocessors used to deliver SMS

To physically deliver text messages, we use messaging infrastructure providers (for example, our SMS aggregator and mobile carriers). These subprocessors are contractually bound to use mobile information only to deliver messages on our behalf, to keep it confidential, and not to use it for their own marketing or promotional purposes. They do not receive permission to sell, share, rent, or otherwise commercialize mobile information.

Opting out

You can opt out of marketing text messages at any time by replying STOP to any message. You can request help by replying HELP. Message and data rates may apply. After you opt out, we will retain your opt-out record so we do not message you again, but we will not use your number for any other purpose.

4. How We Share Information

We do not sell or share personal information for cross-context behavioral advertising, targeted advertising, or any other marketing or promotional purpose. We do not exchange personal information with affiliates or partners for their independent marketing use.

We share personal information only in the following limited circumstances, and only when strictly necessary:

a. Service Providers and Subprocessors

We share information with vendors that perform services on our behalf and that are strictly necessary to operate the Service—for example, cloud hosting providers, SMS delivery infrastructure, payment processors, customer-support tooling, error monitoring, and security services. Each such provider is bound by a written contract that:

• Limits their use of personal information to performing the services we have requested;
• Prohibits them from selling, sharing, or using the information for their own marketing or promotional purposes;
• Requires them to maintain confidentiality and appropriate security safeguards.

b. Our Business Customers (When We Act as a Processor)

When you interact with a brand that uses Textual’s platform (for example, by texting in to a brand’s shortcode), the message content and your mobile number are made available to that brand because the brand is the controller of that communication. Our handling of that data is governed by our Data Processing Agreement with the brand and by the brand’s own privacy policy.

c. Legal and Safety

We may disclose information when we have a good-faith belief that disclosure is necessary to (i) comply with a valid legal process, subpoena, court order, or applicable law; (ii) enforce our Terms of Service; (iii) protect the rights, property, or safety of Textual, our users, or the public; or (iv) detect, prevent, or address fraud, security, or technical issues.

d. Corporate Transactions

If Textual is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, personal information may be transferred as part of that transaction. We will require any successor entity to honor the commitments made in this Policy or to provide you with notice and a meaningful choice before any materially different treatment of your information.

e. With Your Consent

We may share information with third parties when you direct us to do so or have given us your consent (for example, when you ask us to integrate your Textual account with a connected service such as Shopify or Salesforce Commerce Cloud).

5. Cookies and Analytics

Our website uses cookies and similar technologies (such as pixels and local storage) for essential site functionality, security, performance measurement, and analytics. We do not use cookies to build advertising profiles for sale to third parties.

We may use first-party analytics providers (such as a web analytics platform) to understand aggregate usage of our website. These providers act as our service providers under written contracts that prohibit them from using the information for their own purposes.

You can control cookies through your browser settings or, where presented on our site, through our cookie preferences tool. Disabling certain cookies may affect website functionality.

6. Your Choices and Communication Preferences

• Marketing emails: unsubscribe at any time by clicking the unsubscribe link in any marketing email or by emailing help@textual.com.
• Marketing text messages: reply STOP to any message to opt out.
• Account information: log in to your Textual account to review and update most of your account information at any time.
• Cookies: use your browser controls or our cookie preferences tool to manage cookies.

Even if you opt out of marketing communications, we will still send you transactional and administrative messages necessary to operate your account or to comply with law (for example, billing notices, security alerts, and legally required disclosures).

7. Your Privacy Rights

Depending on where you reside, you may have some or all of the following rights with respect to the personal information we hold about you:

• Right to access: request confirmation of whether we process your personal information and a copy of that information.
• Right to correction: request that we correct inaccurate or incomplete information.
• Right to deletion: request that we delete personal information we hold about you, subject to legal exceptions.
• Right to portability: request a copy of your information in a structured, commonly used, machine-readable format.
• Right to opt out of marketing: opt out of marketing communications at any time, as described in Section 6.
• Right to non-discrimination: we will not discriminate or retaliate against you for exercising any of these rights.

Because Textual does not sell or share personal information for cross-context behavioral advertising or for monetary or other valuable consideration, the right to opt out of "sale" or "sharing" effectively applies by default to all users.

To exercise any of these rights, please email help@textual.com. We will need to verify your identity before fulfilling certain requests, and we may decline requests where permitted or required by law (for example, where we cannot verify your identity).

8. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, access controls, logging, vulnerability management, and ongoing security review of our subprocessors. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations (including TCPA and carrier-mandated record-keeping for SMS consent), resolve disputes, and enforce our agreements. When personal information is no longer required, we delete or de-identify it in accordance with our retention schedule.

10. Children

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact help@textual.com and we will promptly delete it.

11. Third-Party Websites and Services

The Service may contain links to, or integrations with, third-party websites and services (for example, e-commerce platforms or social networks). Those third parties have their own privacy practices, and Textual is not responsible for their content or practices. We encourage you to review their policies before providing them with your information.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting a prominent notice on our website, by email, or through the Service. Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the updated Policy.

13. Contact Us

If you have questions, requests, or concerns about this Policy or our privacy practices, please contact us:

Textual, LLC

520 W Idaho St

Boise, ID 83702

Email: help@textual.com

14. Region-Specific Disclosures

California Residents

These supplemental disclosures apply to residents of California under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA").

Categories of personal information we collect

In the past 12 months, we have collected the following categories of personal information, as defined by the CCPA:

• Identifiers (name, email address, mobile phone number, IP address, account ID).
• Customer records (contact and billing information).
• Commercial information (records of services purchased, ordered, or considered).
• Internet or other electronic network activity (browser, device, and usage data).
• Geolocation data (approximate location derived from IP address only).
• Professional or employment-related information (business contact details).
• Inferences drawn from the above to support and improve the Service.

Sale or sharing of personal information

In the past 12 months, Textual has not sold or shared personal information as those terms are defined under the CCPA. We do not disclose personal information to third parties in exchange for monetary or other valuable consideration, and we do not share personal information with third parties for cross-context behavioral advertising.

Sensitive personal information

We do not use or disclose sensitive personal information for purposes that would require us to offer a "Right to Limit" under the CCPA.

California rights

California residents have the rights described in Section 7 above, including the right to know, the right to correct, the right to delete, the right to opt out of sale or sharing (which we honor by default), and the right to non-discrimination. To exercise these rights, email help@textual.com. You may also designate an authorized agent to make a request on your behalf, subject to our verification of the agent’s authority.

European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

Textual is based in the United States and primarily serves customers in North America. To the extent the GDPR or UK GDPR applies to our processing of your personal information, our legal bases include: (i) the performance of a contract with you; (ii) compliance with a legal obligation; (iii) our legitimate interests in operating, securing, and improving the Service, where those interests are not overridden by your rights; and (iv) your consent, where required.

You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact help@textual.com.

Other U.S. State Privacy Laws

Residents of states with comprehensive privacy laws (including, without limitation, Colorado, Connecticut, Texas, Utah, and Virginia) have rights similar to those described in Section 7 and the California section above. Because Textual does not sell personal information, does not share personal information for targeted advertising, and does not engage in profiling that produces legal or similarly significant effects, no separate opt-out mechanism is required for those activities. To exercise any other applicable rights, contact help@textual.com.