1. Who We Are
Gentle Push (“we”, “us”, “our”) operates the push notification platform available at this site. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.
2. Data We Collect
We collect the minimum information needed to run the Service:
- Account data — your name and email address when you create an account or log in via the one-time-code flow.
- Push subscription tokens — the browser-issued endpoint and cryptographic keys that allow us to deliver push notifications to your subscribers on your behalf. These are stored securely and never shared outside the delivery path.
- Device metadata — browser name, OS, and device type collected at subscription time to help you understand your audience.
- Usage data — delivery status events (sent, opened, failed) linked to notifications, to power your analytics dashboard.
- Payment data — if you subscribe to the Organisation tier, your payment details are processed exclusively by Stripe. We store only a Stripe customer reference — not your card number or financial data.
3. How We Use Your Data
- Authentication: your email is used to send one-time login codes and to identify your account.
- Push delivery: subscription endpoints and keys are used solely to send notifications you trigger from the dashboard or API.
- Analytics: delivery events are aggregated to show you open rates and subscriber growth in your dashboard.
- Billing: Stripe customer references are used to manage paid subscriptions and give you access to the billing portal.
- Transactional email: we may send you system emails (e.g. login codes, billing confirmations) via our SMTP provider.
We do not use your data for advertising and we never sell or rent your data or your subscribers’ data to any third party.
4. Third-Party Services
To operate the Service we rely on:
- Apple Push Notification service (APNs) — to deliver push notifications to iOS/macOS devices. Apple receives the device push token and notification payload. Apple’s privacy policy applies.
- SMTP provider — to send transactional emails (login codes, receipts). Only your email address and the email content are transmitted.
- Stripe — to process subscription payments for the Organisation tier. Stripe operates under its own privacy policy and PCI DSS certification.
We do not use SMS providers. We have removed Twilio integration from the active codebase.
5. Cookies & Local Storage
We use browser localStorage (not HTTP cookies) to:
- Store your authentication JWT token so you stay logged in across page loads.
- Remember your preferred theme (light or dark mode).
- Record that you have acknowledged this Privacy Policy (so the banner does not repeat).
None of this data leaves your device or is accessible to third parties. There is no tracking, analytics, or advertising technology on this site.
6. Data Retention
We retain your account data for as long as your account is active. Push subscription records are retained until you or your subscriber deletes them. Notification delivery logs are retained for up to 12 months for analytics purposes and are then automatically purged.
One-time login codes expire within 15 minutes and are permanently deleted after use.
7. Your Rights
You have the right to:
- Access — request a copy of the data we hold about you.
- Correction — update your name, email, or profile details in the dashboard Settings page.
- Deletion — request that we delete your account and all associated data. We will action deletion requests within 30 days.
- Portability — receive your subscriber list in a machine-readable format on request.
To exercise any of these rights, email us at the address below.
8. Security
Data is stored in a server-side SQLite database with access restricted to authenticated API calls. API keys and JWTs are used for all authenticated operations. Push subscription keys are cryptographic secrets used only for delivery and are never exposed via the API. We use HTTPS in production deployments.
9. Changes to This Policy
We may update this Privacy Policy occasionally. The “Last updated” date at the top will change, and a notice will appear in the dashboard for material changes. Continued use of the Service after changes are published constitutes acceptance of the updated Policy.
10. Contact
For privacy questions, data requests, or anything else related to this Policy, please contact: