Privacy policy

1. Introduction

This Privacy Policy explains how Pushproof (“we”, “the publisher”) processes personal data when you use:

• our website pushproof.dev;
• the dashboard at app.pushproof.dev;
• the API at api.pushproof.dev;
• the open-source SDK integrated into your mobile apps.

We do not sell your personal data. Application services and databases are hosted in France.

2. Data controller

3. Data collected

3.1. Account data (dashboard)

• Email address (login identifier)
• OTP codes and short-lived session tokens
• Login history
• Invited team members (email, owner/viewer role)

3.2. Billing data

• Stripe customer ID, subscription status, payment history
• Plan, quotas and receipt volume consumed

Payment card details are processed directly by Stripe, not by our servers.

3.3. Service technical data

• App name and identifier (bundle ID, API keys)
• Delivery receipts: campaign ID, platform (iOS/Android), timestamp
• Hashed device fingerprint (device_id_hash) — never the raw ID
• Hashed opaque user ID (user_id_hash), only if you send it (Pro plan)
• Server logs (IP address, timestamps, API requests) for security and diagnostics

3.4. Data we do not collect

• No passwords — email OTP login only.
• No push notification content (title, body, full payload).
• No location, contacts or address book data.

4. Purposes and legal bases

Purpose	Legal basis
Account creation, authentication, OTP emails	Contract performance (Art. 6(1)(b) GDPR)
Service delivery (receipt ingestion, stats, dashboard)	Contract performance
Subscription and billing (Stripe)	Contract · Legal obligation (accounting)
Support, security and abuse prevention	Legitimate interest (Art. 6(1)(f))
Website analytics (if added)	Consent (Art. 6(1)(a)), when required

5. Processors

• OVH (France) — website, dashboard and API hosting
• Clever Cloud (France) — PostgreSQL, ingestion queue (Pulsar), object storage (Cellar)
• Resend — transactional email (OTP, team invites)
• Stripe — payments and subscriptions

If you use the user_id feature (Pro plan), see also our Data Processing Agreement (DPA).

6. Transfers outside the EU

Application data is hosted in France. Some processors (e.g. Resend, Stripe) may process data outside the EEA under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

7. Retention

• Active account: retained while active, then deleted or anonymised within a reasonable period after closure.
• OTP codes: a few minutes, then deleted.
• Delivery receipts: per your plan — aggregates kept while the account is active.
• Technical logs: up to 12 months unless a security incident requires longer retention.
• Billing records: 10 years as required by accounting law.

8. Your rights

Under the GDPR you have rights of access, rectification, erasure, restriction, objection, portability and withdrawal of consent (where applicable).

Contact: contact@pushproof.dev. We generally respond within one month.

You may lodge a complaint with your supervisory authority (e.g. CNIL in France: www.cnil.fr).

9. Security

• TLS/HTTPS encryption;
• short-lived authentication tokens;
• per-account data isolation (multi-tenant);
• device and user IDs hashed at ingestion;
• separate API keys for mobile ingestion vs backend read access.

10. Cookies

The website and dashboard use cookies or local storage strictly necessary for operation (session, language preference). Analytics cookies may be added later on the marketing site with consent when required by law.

11. Your end-user data

When you integrate Pushproof into your mobile app, you remain the data controller for your end users regarding data you choose to send (notably an opaque user_id).

Pushproof then acts as a processor on your behalf, as described in the DPA and Terms of use.

Never send email, name or phone number in plain text in the user_id field.

12. Changes

We may update this policy to reflect service or legal changes. Significant changes will be notified by email or via the dashboard.

13. Contact

• Email: contact@pushproof.dev
• Terms of use
• Data Processing Agreement