Deployment modes: Personal, Workforce, and Compliance

SmishAlert runs in one of three deployment modes. The mode is delivered via MDM configuration (or the personal-use default when there's no MDM context), so what procurement reviews is what users experience on day one.

Personal mode

On-device only and privacy-maximal. For individual iPhone/Android users and un-enrolled BYOD employees using the consumer App Store / Play download. SmishAlert sees only the messages and screenshots a user explicitly reports—nothing from contacts, photos, location, or other apps. It does not produce defensible exposure measurement, so a pilot run entirely in Personal mode measures reporting culture, not actual exposure.

Workforce mode (default for organizations)

Every unknown sender reviewed—the system of record the exposure pilot is built for. For organizations of 200–2,500 employees on a managed fleet, pushed via MDM. On iOS, every unknown-sender SMS/iMessage body and sender is captured via the Message Filter extension; on Android, employees report into the same Workforce dashboard. SmishAlert never sees messages from contacts or known senders, photos, location, address book, or employees who aren't enrolled.

Compliance mode (preview — regulated industries)

Everything in Workforce mode, plus capture of known-sender messages through a supervised messaging policy with real-time review and retention aligned to record-keeping rules (e.g., FINRA/SEC, HIPAA, DOL). It requires formal employee consent and supervisor-visible disclosure, is configured explicitly (never on by default), and is a design-partner program today—not generally available.

The full field-by-field data flow for each mode is on the Trust page (https://www.smishalert.ai/trust) and summarized in the Trust, Privacy & Security section of this help center.