Privacy Policy
Last updated: 18 April 2026
1. Who We Are
Pushpush (pushpu.sh) is a push notification delivery service operated by Tom Ashworth, an individual based in the United Kingdom.
Tom Ashworth is the data controller for the personal data processed through Pushpush.
Contact: privacy@pushpu.sh
2. What We Collect
This section lists every category of data collected by Pushpush. The
categories here match the declarations in the iOS app’s privacy manifest
(PrivacyInfo.xcprivacy): User ID, Device ID, and Email Address,
each collected for App Functionality purposes and not used for tracking.
Identity data (User ID)
When you sign up, we receive a pseudonymous user ID (the Kinde sub claim, e.g. kp_xxxxxxxx) from our authentication provider, Kinde, via the ID token. This ID is used to scope your topics, tokens, and org membership. Pushpush does not store your name.
Email address
Your email address is collected from the Kinde ID token at sign-in. Pushpush stores the email alongside your user record so we can address team invites and transactional emails. Kinde also retains the email as part of your Kinde account.
Device data (Device ID)
When you enable push notifications in the iOS app, we collect:
- Your APNs device token (a 64-character hex string assigned by Apple). The token is hashed server-side before being stored, so the raw APNs token is only held transiently in memory while routing a push to Apple.
- The list of topics your device is subscribed to
Message content / notification metadata
When you publish a message via the API, we process:
- Topic name
- Title and body text
- Priority level
- Tags
- Click URL, action button URLs, attachment URLs, and icon URLs
Technical data
Our infrastructure automatically logs:
- IP addresses
- HTTP request metadata (method, path, status code, response duration, remote address)
Auth tokens
Pushpush issues JWT tokens containing your org identifier, subject, issued-at time, and expiry. The iOS app stores these in the device Keychain. OAuth transient state (auth codes, PKCE challenges) is stored in Firestore with a 5-minute TTL and automatically deleted after expiry.
Payment data
Personal plans are billed through Apple’s App Store as an in-app purchase. Apple handles all payment data directly; Pushpush only receives an opaque originalTransactionId and subscription status from App Store Server Notifications.
Team plans are billed by Kinde Billing, with Stripe underneath. Pushpush never receives or stores your card number — Kinde and Stripe collect card details directly.
Data stored only on your device
The following data stays on your device and is never sent to our servers:
- Last-seen message IDs (stored in UserDefaults)
- Dismissed message IDs (stored in UserDefaults)
- Kinde session cookies (may persist in Safari from the OAuth sign-in flow)
3. How We Use Your Data
| Purpose | Data used |
|---|---|
| Authenticate you and issue tokens | Kinde user ID, email (via Kinde), OAuth state |
| Deliver messages to your topics | Message content, topic subscriptions |
| Send push notifications to your device | APNs device token (hashed), notification content |
| Process payments (Personal) | Opaque transaction ID (via Apple App Store) |
| Process payments (Teams) | Payment data (via Kinde Billing / Stripe) |
| Send team invites | Recipient email address (via Postmark) |
| Prevent abuse and maintain security | IP addresses, request logs, auth tokens |
| Debug issues | Request logs, technical metadata |
4. Lawful Basis
| Processing activity | Lawful basis | Explanation |
|---|---|---|
| Authentication and token issuance | Contract performance | Necessary to provide the service you signed up for |
| Message storage and delivery | Contract performance | Core function of Pushpush |
| Push notification delivery | Contract performance | Core function of Pushpush |
| Payment processing | Contract performance | Necessary to fulfil paid subscriptions |
| Security logging and abuse prevention | Legitimate interest | Protecting the service and its users from misuse |
| Infrastructure request logging | Legitimate interest | Diagnosing errors and maintaining service reliability |
5. Who We Share Your Data With
We do not sell your data. We do not use your message content or personal data to train AI models. We share data only with the following processors, each of which is necessary to operate the service.
| Processor | Data shared | Purpose | Location |
|---|---|---|---|
| Kinde (Kinde Australia Pty Ltd) | User credentials, email, user ID, auth tokens, org membership | Authentication via OAuth 2.0 PKCE, team org management, Kinde Billing | Australia |
| Google Cloud Firestore (Google Cloud EMEA Limited) | All API requests, messages, hashed device tokens, logs, IP addresses | Hosting, storage, compute (Cloud Run, Firestore) | europe-west1, Belgium |
| Apple APNs (Apple Inc.) | APNs device tokens, notification content (title, body, priority) | Push notification delivery via APNs | United States |
| Apple App Store (Apple Inc.) | Opaque transaction ID, subscription status | Personal plan in-app purchase billing | United States |
| Stripe (Stripe Inc., via Kinde Billing) | Payment card details, billing information | Team plan subscription payment processing (only; never for Personal plans) | United States |
| Postmark (ActiveCampaign LLC) | Recipient email address, invite link | Transactional email for team invites | United States |
6. International Transfers
Your data originates in, or is controlled from, the United Kingdom. Some processors operate outside the UK.
| Transfer | Mechanism |
|---|---|
| UK to Australia (Kinde) | Australia does not have a UK adequacy decision. We are working with Kinde to put appropriate safeguards (Standard Contractual Clauses) in place. |
| UK to Belgium (Google Cloud) | Adequate — data at rest in the EEA. Google’s US parent covered by DPA, SCCs, and UK Extension to EU-US Data Privacy Framework |
| UK to United States (Apple APNs) | UK Extension to EU-US Data Privacy Framework |
| UK to United States (Apple App Store) | UK Extension to EU-US Data Privacy Framework |
| UK to United States (Stripe) | UK Extension to EU-US Data Privacy Framework |
| UK to United States (Postmark) | UK Extension to EU-US Data Privacy Framework |
7. How Long We Keep Your Data
We retain personal data for as long as your account is active. On account deletion, your data is purged from live systems immediately; encrypted backups are rotated and purged within 90 days.
| Data | Retention period |
|---|---|
| Messages | 30 days (auto-deleted from Firestore) |
| Device tokens | Until you delete your account or unregister the device |
| Topic subscriptions | Until you delete your account or unregister the device |
| Access tokens | 7 days |
| Refresh tokens | 30 days |
| MCP tokens | Up to 30 days (or no expiry for CI/automation use cases) |
| Infrastructure logs | 2 years |
| Payment records | Per Apple / Kinde / Stripe retention policies |
| Kinde account data | Until you delete your Kinde account |
| Encrypted backups | Purged within 90 days of account deletion |
8. Your Rights
Under UK data protection law, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data (see Account Deletion below).
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Complaint — lodge a complaint with the Information Commissioner’s Office (see Contact below).
To exercise any of these rights, email privacy@pushpu.sh. We will respond within 30 days.
9. Account Deletion
You can delete your Pushpush account in the iOS app under Settings › Delete Account, or by emailing privacy@pushpu.sh.
When you delete your account:
- Your device tokens and topic subscriptions are deleted immediately.
- Any remaining messages expire within 30 days (or sooner if they have already reached their TTL).
- Access and refresh tokens expire naturally (7 and 30 days respectively).
- Infrastructure logs containing your IP address are retained for up to 2 years.
- Encrypted backups containing your data are purged within 90 days.
- Your Kinde account is separate. To delete it, contact us at support@pushpu.sh and we will request deletion on your behalf, or contact Kinde directly.
Account deletion is completed within 30 days of your request.
10. Children
Pushpush is not intended for anyone under the age of 16. We do not knowingly collect data from children. If we become aware that a user is under 16, we will delete their account and associated data promptly.
11. Cookies and Similar Technologies
The Pushpush iOS app does not use cookies. It does not include any analytics SDKs, advertising identifiers, or tracking technologies.
During sign-in, the app opens a Safari-based OAuth flow. Safari may retain session cookies from Kinde. These cookies are managed by Safari and are not accessible to the Pushpush app.
The MCP OAuth flow may also store session cookies in your browser during authentication. These are used solely for the authentication process.
The Pushpush API does not set cookies.
12. Security
- All data in transit is encrypted with TLS.
- Data at rest in Firestore is encrypted by Google Cloud.
- Auth tokens are stored in the iOS Keychain.
- Pushpush does not store passwords. Authentication is delegated to Kinde.
- JWTs are signed with HMAC-SHA256.
- No analytics, crash reporting, or advertising SDKs are included beyond Apple’s built-in mechanisms.
13. Data Breaches
In the event of a personal data breach that poses a risk to your rights:
- We will notify the Information Commissioner’s Office within 72 hours of becoming aware of the breach.
- We will notify affected users without undue delay.
14. Changes to This Notice
If we make material changes to this privacy notice, we will notify you by email (via Kinde) or through an in-app notice. The “Last updated” date at the top will always reflect the most recent revision.
15. Contact
For any privacy-related questions or requests:
Email: privacy@pushpu.sh
To lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO) Website: ico.org.uk Helpline: 0303 123 1113