A mobile phone number counts as Personally Identifiable Information (PII). When you pass us a user’s mobile phone number, you are asking us to process that data on your behalf, in order for us to deliver the authentication services you have requested. We require that you confirm you have the necessary permissions applicable to relevant jurisdiction(s) from your end-users for us to process it. For more details on your responsibilities, please see our Terms.
How you obtain that permission may vary by territory (you are responsible for understanding the laws in the countries where you operate), but typically having a check box that the user clicks to agree to your terms of service, having the data processing rights clearly called out in your terms of service, and being able to show the audit trail of capturing each user’s consent, should be enough. If in doubt, you should solicit independent legal advice regarding this subject.