DPA

Terms of Service

Last updated: 23 June 2026

1. Acceptance

By creating a Sigil account or using the Sigil API, you agree to these Terms of Service. If you do not agree, do not use the service.

2. What Sigil is

Sigil is a phone number verification API. You send a phone number, we send an SMS with a one-time code, your user enters the code, we confirm it matched. That's it.

3. Your responsibilities

You must have a legitimate reason to verify a phone number, e.g. confirming a user's identity during signup.
You must not use Sigil to spam, harass, or send unsolicited messages.
You must not attempt to reverse-engineer, abuse, or circumvent rate limits or security controls.
You are responsible for keeping your API keys secret. Any use under your key is your responsibility.
You must comply with all applicable laws in your jurisdiction, including those governing electronic communications and data protection.

4. Credits and billing

Sigil operates on a prepaid credit model. Credits are purchased in advance and deducted when an SMS is successfully dispatched. Credits are non-refundable except where required by law. If SMS delivery fails, the credit is automatically refunded to your account.

5. Service availability

We aim for high availability but make no uptime guarantees. Sigil is provided "as is." We are not liable for any losses arising from service interruptions, delayed SMS delivery, or incorrect verification results.

6. Prohibited uses

You may not use Sigil for:

Verifying numbers without the consent of the number's owner
Fraud, identity theft, or impersonation
Any purpose that violates applicable law

We reserve the right to suspend or terminate accounts that violate these terms without notice.

7. Limitation of liability

To the maximum extent permitted by law, Sigil's total liability for any claim arising from these terms or use of the service shall not exceed the amount you paid in the 30 days preceding the claim.

8. Changes

We may update these terms. Continued use after changes constitutes acceptance. Material changes will be communicated by email.

9. Contact

Questions? Email [email protected].

Privacy Policy

Last updated: 23 June 2026

1. What we collect

When you create an account we collect your email address and a hashed password. We never store plain-text passwords.

When you use the verification API, we log the following per verification event:

A SHA-256 hash of the phone number (not the number itself)
The event type (sent, verified, rejected)
Credits used
Timestamp

We do not store the actual phone numbers that are verified.

2. How we use it

To authenticate you and operate your account
To send transactional emails (email verification, password reset, low-credit alerts)
To track credit usage and generate your usage history

We do not sell your data. We do not use it for advertising.

3. Third-party services

Postmark: transactional email delivery
Cloudflare: infrastructure, DDoS protection, edge storage
SMS provider: delivery of verification codes to phone numbers

Each of these is a data processor operating under appropriate agreements.

4. Retention

Account data is retained until you delete your account. When you delete your account, your email and API keys are permanently removed. Usage logs are anonymised (phone hashes replaced with "deleted") and retained for audit purposes.

5. Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing [email protected] or by deleting your account from the dashboard.

6. Cookies

Sigil uses a single HttpOnly session cookie to keep you logged in to the dashboard. No tracking cookies, no analytics, no third-party scripts on the dashboard.

7. Contact

Privacy questions: [email protected].