This policy applies to the Pushcut („we“, „us“) iOS app, the web API api.pushcut.io, and the website www.pushcut.io („app“, „service“, „website“).

Information we collect

Your data

When you start using the Pushcut app an account is created using a unique identifier representing your device. This identifier is unique to Pushcut and only used to provide our service.
In order to deliver your push notifications we need to store another token that identifies your device to the notification system. In addition, if you are logged into iCloud, we store a similar anonymous identifier representing your iCloud account in order to synchronize your data across all devices linked to this iCloud token.

All data you enter when using the app (like your notifications, shortcut names, and URI secret) as well as basic account data (like the names of your devices or your subscription level and duration) is stored connected to this account. You can see, edit and remove this data using the app.

We do not collect or store your name or email address.

Usage and analytics data

We may collect information about general app/service usage, such as how long individual screens are used, or how many notifications are defined - as well as general analytics information like operating system version, device model and geography (country) information.

Server logs and backups

While using Pushcut certain operations produce server logs, such as logging in, purchasing a subscription, or pushing a notification, or visiting the website. These logs may include your IP address. For further information about the nature of these logs, their retention, and information about backups see the section about data processors in this policy.

Support cases or feedback

If you contact us for support or feedback via email we may keep a copy of this email for the purpose of referencing to it in further communication with you.

What we do with the information

We collect the information as described in this policy to

• operate our service as described and provide support
• detect potential problems with our service or app
• learn about usage and customer behavior to understand how to best improve Pushcut
• monitor and analyze security-relevant information to detect malicious activities

We will not share personal information with any outside party other than described in this policy.

We may share anonymous, aggregate statistics to outside parties, like how many users are subscribed or how many notifications have been delivered.

We may disclose your personal data in the unlikely case where we believe such action is necessary

• to comply with a legal obligation such as a court order
• to protect against legal liability
• to prevent or investigate possible wrongdoing or illegal activities in connection with our service

Security

We use industry-standard techniques to keep you data secure, for instance

• data can only be accessed using JWT-based authorization issued for your unique device identifier
• all communication between app and servers is secured using HTTPS
• user data is stored in encrypted databases on Google Cloud Platform servers

By design, anyone with access to your secret URL can send you a push notification. You are responsible for keeping this URL secure. You may use the „Generate New Secret“ feature in the app in case it has been compromised.

Data location and data processors

Your data is transferred, stored, and processed on Google Cloud Plattform servers in several countries around the world, including the United States of America. Different laws may be applicable to your data depending on where it is processed, stored, or used.

We rely on the following third-party services to operate Pushcut

• Firebase (Authentication, Cloud Functions/Messaging/Firestore, Google Analytics, Hosting)
  Privacy and Security in Firebase

Links to other sites

Our website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that site.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Further compliance

We do not knowingly store information of people under the age of 16 without their parents consent. In no way are we attempting to appeal to children with our products.

If you are based in the EU or EEA, the GDPR explicitly defines certain rights you have, including the right to

• revoke your consent
• view and obtain a copy of your data
• delete your data

Please use the contact information provided in this policy for GDPR-based requests.

If you request deletion your account and personal data will be removed promptly. Certain logs of your IP address or anonymous account identifiers will be deleted from backup systems within 180 days.

By using our app, service or website you consent to the processing of your data according to this policy.

Contact

For questions or requests concerning your privacy, contact us under

privacy@pushcut.io

or

Simon Leeb
Wiesenstraße 27
4600 WELS
AUSTRIA

Changes to this policy

We may update our privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the effective date.