What each plan sees — and doesn't see

A plain-English breakdown of exactly what SmishAlert collects on each plan and what it never touches.

Unknown-sender messages are immediately converted to coded fingerprints; correlation happens at the sender and message-content level only. No user identity is attached on personal/consumer plans - it feeds anonymous campaign intelligence. Only on a corporate plan with a company-managed device is there user-attributed insight into who is being targeted. On Personal, nothing leaves your device.

Report-Only / Personal collects

  • Only messages and screenshots a user explicitly reports
  • Report timestamp, classification verdict, and the submitted sender + body
  • On a corporate-managed device, reports are user-attributed to the employee; on consumer Personal, nothing leaves the device at all

Workforce / Unknown Guard collects

  • Every unknown-sender message, immediately converted to a coded fingerprint at capture time
  • An ambiguous-content snippet only where the fingerprint is inconclusive
  • Device metadata (carrier, OS version, app version) — no advertising IDs
  • User-attributed insight on a corporate-managed device; anonymous campaign intelligence on consumer Unknown Guard

No plan ever collects

  • Anything from your contacts or known senders
  • Photos, location, address book, browsing, or other phone data
  • Third-party messaging apps (WhatsApp, Signal, Slack, Teams) unless you screenshot and submit
  • Full message content (only fingerprints + ambiguous snippets leave the device on Workforce)

← Back to Help Center