Plans: Report-Only and Workforce (corporate); Personal and Unknown Guard (consumer)
Two active plans, named per channel. The plan determines exactly what SmishAlert sees—and what it never sees. Compliance is coming in Phase 2.
SmishAlert ships two active plans. Corporate (provisioned via the web admin + MDM) calls them Report-Only and Workforce, billed per seat annually ($4.99 / $7.99 per user per month committed annually, about $59 / $95 per seat per year), and they include campaign correlation across employees plus the admin intelligence console. Consumer (iOS App Store) calls the same two behaviors Personal ($49.99/year) and Unknown Guard ($79.99/year) — annual-only, and they provide message review, LLM feedback, and link checks for that one user only. The audiences never overlap, so the names differ by channel.
Report-Only (corporate) / Personal (consumer)
User-attributed reporting only; no unknown-sender capture and no network defer. On the consumer Personal plan, nothing leaves the device — on-device ML filtering only. Android ships Report-Only through corporate provisioning only (no consumer Play billing yet). A pilot run entirely in Report-Only measures reporting culture, not actual exposure.
Workforce (corporate) / Unknown Guard (consumer)
Every unknown-sender message is reviewed off-device as a coded fingerprint (plus an ambiguous-content snippet where needed), with network defer engaged. On iOS this is the Message Filter extension. On a corporate-managed device this is user-attributed for the org; on the consumer Unknown Guard plan it is anonymous. Unknown-sender auto-capture is iOS-only today; Android's Workforce contribution is user-attributed reporting until capture R&D lands.
Compliance — coming in Phase 2
A future Compliance plan (regulated industries: FINRA/SEC, HIPAA, DOL) will capture the full messaging stream via a relay channel, not the device. It is reserved for Phase 2 and is not yet available to order.
Privacy posture
Unknown-sender messages are immediately converted to coded fingerprints; correlation happens at the sender and message-content level only. No user identity is attached on personal/consumer plans - it feeds anonymous campaign intelligence. Only on a corporate plan with a company-managed device is there user-attributed insight into who is being targeted. On Personal, nothing leaves your device.
The full field-by-field data flow for each plan is on the Trust page (https://www.smishalert.ai/trust) and summarized in the Trust, Privacy & Security section of this help center.