What each plan sees — and doesn't see
A plain-English breakdown of exactly what SmishAlert collects on each plan and what it never touches.
Unknown-sender messages are immediately converted to coded fingerprints; correlation happens at the sender and message-content level only. No user identity is attached on personal/consumer plans - it feeds anonymous campaign intelligence. Only on a corporate plan with a company-managed device is there user-attributed insight into who is being targeted. On Personal, nothing leaves your device.
Report-Only / Personal collects
- Only messages and screenshots a user explicitly reports
- Report timestamp, classification verdict, and the submitted sender + body
- On a corporate-managed device, reports are user-attributed to the employee; on consumer Personal, nothing leaves the device at all
Workforce / Unknown Guard collects
- Every unknown-sender message, immediately converted to a coded fingerprint at capture time
- An ambiguous-content snippet only where the fingerprint is inconclusive
- Device metadata (carrier, OS version, app version) — no advertising IDs
- User-attributed insight on a corporate-managed device; anonymous campaign intelligence on consumer Unknown Guard
No plan ever collects
- Anything from your contacts or known senders
- Photos, location, address book, browsing, or other phone data
- Third-party messaging apps (WhatsApp, Signal, Slack, Teams) unless you screenshot and submit
- Full message content (only fingerprints + ambiguous snippets leave the device on Workforce)