Legal

Privacy Policy

Last updated
On this page

Baghdad OTP is a backend service that delivers one-time passcodes (OTPs) over WhatsApp on behalf of the applications that integrate with our API. This Privacy Policy explains what information we handle, why we handle it, and the choices you have. Because Baghdad OTP is an API rather than a consumer login product, we deliberately keep the data we process to the minimum needed to send a verification code.

Information we collect

We collect a limited set of information, centered on the data required to deliver a passcode:

  • Phone numbers. The phone number that an application provides so we can deliver a one-time passcode to that recipient over WhatsApp.
  • Delivery metadata. Basic technical details such as the time a code was requested, its delivery status (for example, sent or failed), and expiry — used only to operate the service and troubleshoot delivery.

We do not collect names, message content beyond the passcode itself, or any marketing or behavioral profiles.

How we use your information

Phone numbers are used only for OTP authentication. Specifically, we use the information above to:

  • Generate a one-time passcode and deliver it to the provided number over WhatsApp.
  • Confirm whether delivery succeeded so the requesting application can complete verification.
  • Protect the service against abuse, such as spam or fraudulent sending.

We never use phone numbers for marketing, advertising, promotions, or any purpose unrelated to delivering the requested authentication code.

Sharing of information

We do not sell, rent, or share your phone number with third parties for their own purposes. The only transmission of the number is to the WhatsApp messaging platform, used strictly to deliver the passcode you requested — it is never used for advertising or shared for any other purpose. We may disclose information only where required by law.

How we store and protect data

Data is stored securely. We protect information using encryption in transit, access controls, and standard operational safeguards. One-time passcodes are short-lived and expire automatically, and we retain phone numbers only for as long as needed to provide the authentication service or as required by law.

Data retention and deletion

We keep data only as long as necessary for the purposes described above. You — or an application acting on a user's behalf — can request deletion of associated data at any time. See our Data Deletion page for instructions.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact us

If you have questions about this Privacy Policy or how your data is handled, contact us at support@baghdadotp.com.