Indiana Undocumented Youth Alliance “Indy Rapid Response” Messaging Service Privacy Policy
Last updated: 8/14/2025
Effective Date: 8/14/2025
This document contains the formal privacy policy, plain-language SMS copy, and opt-in and opt-out automation setup for Twilio Studio.
This Policy:
Hosted by Indiana Undocumented Youth Alliance (“IUYA, “we,” “ours,” “us”), “Indy Rapid Response” (“IRR,” “the hotline,” “the service”) is a voice and SMS-based hotline for use by communities in Indianapolis, wider Marion County, and surrounds, to share and verify timely information related to the safety conditions of constituent neighborhoods.The operation of the hotline is conducted completely by volunteers and in accordance with all local regulations and state and federal laws. Our service employs Twilio Messaging API and is in compliance with Twilio’s privacy policy requirements and acceptable use policy.
The purpose of this Privacy Policy is to describe the collection, use, and disclosure of information provided by individuals (“users”) who contact IRR via our SMS-based hotline, and to document the consent gathering, opt-in, and opt-out processes of the service.
1. Implied Consent and Incoming Messages
IUYA does not use the hotline in any way to conduct promotion of any services or events, for-profit or otherwise. Hotline operators have no means of or purpose for initiating outreach to individuals. The hotline functions solely on the basis of contact initiated by an individual via incoming messages to the hotline. Incoming messages to the hotline constitute both consent and proof of consent.
This implied consent is limited only to that particular conversation, and without obtaining additional consent, messages are not sent that are outside of that conversation.
Our opt-in and opt-out processes exist to protect users who unintentionally contact the hotline and to provide simple and plain-language means of revoking consent.
2. Information We Collect When you use the Service
We collect:
- Message Content: text messages, images, and other media users send to the hotline.
- Contact information: user phone number and any other information provided voluntarily by users.
- Metadata: date, time, and delivery status of messages.
We do not collect location data unless that information is explicitly shared by users.
3. How We Use Your Information
We process user information only to:
- Respond to user inquiries
- Provide requested support
- Clarify the nature of user requests through follow-up questions
- Verify pertinent details of user-submitted information through follow-up questions
- Evaluate and improve the service through the internal use of anonymized transcripts
4. How We Share Your Information
We do not sell, rent, trade, or otherwise disseminate the personal information of users. We may share user information only:
- With explicit consent from the user
- If required to comply with legal obligations
- To protect the safety of users or others in situations of imminent harm
5. Data Retention
We retain message content and metadata for 90 days, unless otherwise required by law. After this period, data is deleted or anonymized.
6. Data Security
Messages are transmitted and stored via our secure service provider, Twilio, which uses industry-standard safeguards.
7. Third-Party Processing
Our service uses Twilio to send and receive messages. Twilio’s handling of your information is subject to their own privacy policy: https://www.twilio.com/legal/privacy.
8. Your Rights
In accordance with and unless otherwise required by applicable laws, users have the right to:
- Request access to their personal information
- Request correction or deletion of personal information
- Withdraw consent to receiving messages
- Withdraw consent to their information being processed
- File a complaint with a relevant data protection authority
9. Changes to the Policy
We may update this privacy policy to remain in compliance with all applicable laws and regulations, including Twilio policy. Users will be notified on the effective date of any changes to the privacy policy.
10. Plain-Language SMS Copy
Initial auto-reply upon receiving incoming message from users:
“Hi, you’ve reached Indy Rapid Response. We keep your messages private and only use them to respond to you. We never send messages first, sell your info, or use it for any for-profit. Your messages are stored securely and deleted after 90 days unless you request deletion sooner. Reply YES to continue, or STOP to opt out. Message and data rates may apply. View our privacy policy <here>.”
If Yes:
“From Indy Rapid Response: You’re in! You can message us any time and consent to receiving messages. Reply STOP at any time to opt out. We keep your messages private and secure. We’ll never shae withouyr consent, unless required by law or to prevent serious harm. Message and data rates may apply. View our privacy policy <here>.”
If STOP:
“From Indy Rapid Response: You’re now opted out and will no longer receive messages from Indy Rapid Response. Text again any time to restart. Message and data rates may apply. View our privacy policy <here>.”
11. Acceptable Use Policy
The service operates in compliance with Twilio’s acceptable use policy, which can be found here: https://www.twilio.com/en-us/legal/aup.
Volunteer operators agree to not engage in any of the following prohibited activities:
- Engaging or encouraging any activity that is illegal, deceptive, harmful, a violation of others’ rights, or harmful to Twilio or any other third-party’s operations or reputation, including:
- Violations of Laws or Standards. Violating laws, regulations, governmental orders, industry standards, or telecommunications providers’ requirements or guidance in any applicable jurisdiction, including any of the foregoing that require (a) consent be obtained prior to transmitting, recording, collecting, or monitoring data or communications or (b) compliance with opt-out requests for any data or communications.
- Interference with the Services. Interfering with or otherwise negatively impacting any aspect of the Services or any third-party networks that are linked to the Services.
- Reverse Engineering. Reverse engineering, copying, disassembling, or decompiling the Services.
- Falsification of Identity or Origin. Creating a false identity or any attempt to mislead others as to the identity of the sender or the origin of any data or communications.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us at: admin@iuya.org