Security Details

All traffic between your browser and our servers uses encryption in transit (TLS). Sensitive data is stored with encryption at rest. We store SMS message content (including verification codes) for audit purposes so you have visibility into delivery and activity. In practice this is low risk: codes typically expire quickly, and the content usually does not identify which account is being accessed. For retention details, see our Privacy Policy.

For more on how we collect and protect your information, see our Privacy Policy.

Admins manage who can receive codes. Account owners add or remove approved recipients (relay users). Only people you explicitly add can receive verification codes sent to your MultiMFA number. We use role-based access controls so that administrative functions are restricted to account owners and designated admins.

When someone leaves your team or no longer needs access, you can remove them from the number so they stop receiving codes immediately.

Track recipient access history. The dashboard provides visibility into when messages were received and delivered. Incoming and outgoing SMS activity is logged so you can see which numbers received codes and when. This supports audit-friendly visibility without depending on one person’s phone or manual screenshots.

No dependence on one personal phone. Your MultiMFA number is dedicated to verification codes and is managed from the dashboard. You control which recipients get codes via SMS or email. Shared accounts don’t rely on a single device or shared personal numbers—everything is managed in one place with clear ownership and offboarding.