Phone-Check.app is built to protect account data, API credentials, billing workflows, and phone validation requests. This page summarizes the security practices we use without making extra audit-status claims that are not shown on the site.
We use HTTPS for website and API traffic, apply security updates, monitor infrastructure health, and separate production systems from development workflows. Infrastructure changes are reviewed and managed through versioned configuration where practical.
API keys should be treated like passwords. Store them in server-side environment variables or a secrets manager, rotate keys when team members change, and remove keys that are no longer used. Account owners can revoke compromised keys from the dashboard or by contacting support.
Phone numbers submitted for validation are processed to return validation results and operate the service. We design the product to avoid turning submitted validation lists into a customer database. Operational logs, aggregated metrics, billing records, and fraud-prevention records may be retained as described in the Privacy Policy.
You can request account deletion or personal data deletion from the settings area or by contacting support. Learn more here.
Please send any security related information or inquiries (including vulnerability disclosures) tosecurity@phone-check.app