This policy applies to the Pushcut („we“, „us“) iOS app, the web API api.pushcut.io, and the website www.pushcut.io („app“, „service“, „website“).

Information we collect

Your data

When you start using the Pushcut app an account is created using a unique identifier representing your device. This identifier is unique to Pushcut and only used to provide our service.
In order to deliver your push notifications we need to store another token that identifies your device to the notification system. In addition, if you are logged into iCloud, we store a similar anonymous identifier representing your iCloud account in order to synchronize your data across all devices linked to this iCloud token.

All data you enter when using the app (like your notifications, names of shortcuts and HomeKit scenes, or your custom sounds and images) as well as basic account data (like the names of your devices, subscription level and duration, or your API keys and URL secret) is stored connected to this account. You can view, edit and remove this data using the app.

We do not collect or store your name or email address. If location triggers are turned on, your current location is exclusively used to trigger on-device notifications or background actions you previously configured. Your location is never stored or sent to servers in any way.

Usage and analytics data

We collect anonymized, aggregate information about general app/service usage, such as how frequently individual features are used, or how many notifications are delivered - as well as general analytics information like operating system version, device model and general geography information (ie: which country or territory). The website collects anonymized, aggregate analytics information such as page views or referral sources. This information is not linked to individual user data in any way.

Server logs and backups

While using the Pushcut app certain operations produce server logs, such as logging in, purchasing a subscription, or pushing a notification. These logs may include identifiers that are linked to your account or device. For further information about the nature of these logs, their retention, and information about backups see the section about data processors in this policy.

Support cases or feedback

If you contact us for support or feedback via email we may keep a copy of this email for the purpose of referencing to it in further communication with you.

What we do with the information

We collect the information as described in this policy to

• operate our service as described and provide support
• detect potential problems with our service or app
• learn about usage and customer behavior to understand how to best improve Pushcut
• monitor and analyze security-relevant information to detect malicious activities

We will not share personal information with any outside party other than described in this policy.

We may share anonymous, aggregate statistics to outside parties, like how many users are subscribed or how many notifications have been delivered.

We may disclose your personal data in the unlikely case where we believe such action is necessary

• to comply with a legal obligation such as a court order
• to protect against legal liability
• to prevent or investigate possible wrongdoing or illegal activities in connection with our service

Access for third-party services

Third-party integrations can only access your data after you provide explicit authorization for each individual service. Any service with authorization (OAuth 2.0) or an active API key can access your data (like notifications, shortcut and HomeKit scenes names, device names) and send notifications to your devices.

You can review and revoke access for each individual service in the Account section of the app at any time.

Security

We use industry-standard techniques to keep you data secure, for instance

• data can only be accessed using JWT-based authorization issued for your unique device identifier
• all communication between app and servers is secured using HTTPS
• user data is stored securely on Google Cloud Platform servers
• API access for third-party services is secured using access tokens (eg: OAuth 2.0)

By design, anyone with access to your secret URL can send you a push notification. You are responsible for keeping this URL secure. You may use the „Generate New Secret“ feature in the app in case it has been compromised.

Data location and data processors

Your data is transferred, stored, and processed on Google Cloud Plattform servers in several countries around the world, including the United States of America. Different laws may be applicable to your data depending on where it is processed, stored, or used.

We rely on the following third-party services to operate Pushcut

• Firebase (Authentication, Cloud Functions/Messaging/Firestore/Storage, Google Analytics for Firebase, Hosting)
  Privacy and Security in Firebase

• Google Analytics (Anonymized, aggregate website usage only)

Links to other sites

Our website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that site.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Further compliance

We do not knowingly store information of people under the age of 16 without their parents' consent. In no way are we attempting to appeal to children with our products.

If you are based in the EU or EEA, the GDPR explicitly defines certain rights you have, including the right to

• revoke your consent
• view and obtain a copy of your data
• delete your data

You can delete your account in the Account section in the app directly. Please use the contact information provided in this policy for other GDPR-based requests.

If you request deletion your account and personal data will be removed promptly. Certain server logs containing anonymous account identifiers will be deleted from backup systems within 180 days.

By using our app, service or website you consent to the processing of your data according to this policy.

Contact

For questions or requests concerning your privacy, contact us under

privacy@pushcut.io

or

Simon Leeb
Wiesenstraße 27
4600 WELS
AUSTRIA

Changes to this policy

We may update our privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the effective date.