Privacy Policy

1. Introduction

At Burner, we are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal data. This Privacy Policy explains our data practices in accordance with UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018.

Burner is a virtual phone number and call forwarding platform. We take data protection seriously, particularly given the sensitive nature of telecommunications data.

2. Data Controller Information

Burner operates from England, United Kingdom. As the data controller, we determine how and why your personal data is processed.

3. Data We Collect

We collect the following types of information when you use Burner:

3.1 Authentication Data (via Google OAuth)

When you sign in with your Google account, we collect:

  • Full name
  • Email address
  • Profile picture URL
  • Google account identifier (for authentication purposes)

3.2 Virtual Number Data

  • Virtual phone numbers you purchase (number, country, purchase date)
  • Forwarding destination configurations
  • Number status and renewal information

3.3 Call Data

  • Call detail records (caller number, destination, timestamps)
  • Call duration and status
  • Per-call billing amounts
  • Call recordings (if recording features are enabled by you)

3.4 Financial Data

  • Wallet balance and top-up history
  • Number purchase and renewal transactions
  • Call billing records

Note: We do not store your full credit card details. All payment processing is handled securely by Stripe.

3.5 Technical Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Timestamps of your activity

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

Consent

By creating an account and using Burner, you consent to our collection and use of your data as described in this policy.

Contract Performance

Processing is necessary to provide the virtual number and call forwarding services you've requested, including account creation, number provisioning, call routing, and billing.

Legitimate Interests

We process certain data for our legitimate interests in operating, improving, and securing the platform, including analytics, fraud prevention, and service optimisation.

5. How We Use Your Data

We use your personal data to:

  • Provide and operate the Burner service
  • Authenticate your account and maintain your session
  • Provision virtual phone numbers and configure call forwarding
  • Route incoming calls to your verified forwarding destinations
  • Process per-minute call billing and wallet transactions
  • Maintain call history and billing records
  • Verify ownership of forwarding destination numbers via OTP
  • Analyse usage patterns to improve the platform
  • Detect and prevent fraud, abuse, and security threats
  • Process payments and manage your wallet
  • Comply with legal obligations

6. Data Storage & Security

6.1 Where We Store Your Data

  • User Data & Metadata: Stored in secure databases with encryption at rest
  • Call Records: Stored in secure databases with access controls
  • Call Recordings: Stored in secure cloud storage with encryption (if enabled)
  • Session Data: Stored in encrypted session cookies

We use UK and EU data centres where possible, though some data may be processed outside the UK/EU by third-party services (see Section 11).

6.2 Security Measures

  • Database records encrypted at rest
  • All data transmitted over secure HTTPS connections (TLS/SSL encryption)
  • Google OAuth for secure authentication (no passwords stored by Burner)
  • OTP verification for forwarding destinations
  • Regular security audits and updates
  • Access controls limiting who can access your data

7. Data Sharing

We do not sell your personal data to third parties. We may share your data in the following limited circumstances:

7.1 Third-Party Service Providers

  • Google: Authentication services
  • Telephony Providers: Virtual number provisioning and call routing
  • Stripe: Payment processing
  • Cloud Providers: Hosting and data storage

7.2 Legal Requirements

We may disclose your data if required by law, court order, or legal process, or to protect the rights, property, or safety of Burner, our users, or the public.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can update or correct your personal data through your account settings or by contacting us.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and associated data. Some data may be retained as required by law or for legitimate business purposes.

Right to Data Portability

You can request a machine-readable copy of your data to transfer to another service.

Right to Object

You can object to processing of your data based on legitimate interests.

Right to Withdraw Consent

You can withdraw your consent to data processing at any time by deleting your account.

To exercise any of these rights, please raise a support ticket.

9. Data Retention

We retain your personal data as follows:

  • Account Data: Retained until you delete your account
  • Call Records: Retained until you delete your account or as required by telecommunications regulations
  • Call Recordings: Retained until you delete them or your account
  • Technical Logs: Typically retained for 90 days for security and analytics purposes
  • Payment Records: Retained as required by law for accounting purposes

After account deletion, we make reasonable efforts to remove your personal data, though some data may persist in backups for a limited period.

10. Cookies & Tracking

Burner uses cookies and similar technologies to provide and improve our service. For detailed information about the cookies we use, please see our Cookie Use Policy.

Essential cookies (for authentication and security) are necessary for the service to function. You can manage non-essential cookies through your browser settings, though this may limit platform functionality.

11. International Data Transfers

While we make efforts to store data in the UK and EU, some of our third-party service providers (particularly telephony providers and Stripe for payments) may process data outside the UK/EU. When data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK authorities
  • Transfers to countries with adequate data protection laws
  • Service providers with strong security and privacy commitments

12. Children's Privacy

Burner is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a user is under 18, we will take steps to delete their account and data.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date and make reasonable efforts to notify you through the platform.

Your continued use of Burner after any changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact & Complaints

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please raise a support ticket.

You also have the right to lodge a complaint with the UK's supervisory authority for data protection:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

Last Updated: February 2026