Skip to content

Privacy Policy

PushWard is an independent project run by mac-lucky, based in Poland. This policy explains what we collect, what we don't, and what you can do about it.

What we collect

When you sign in with Apple, we receive only an opaque identifier -- no email, no name. The iOS app sends us your device push tokens (so we can deliver Live Activities and notifications), basic device info (OS version, app version, model, locale, permission state) for diagnostics, and the activities and notifications you create through the API.

What we don't collect

No email, name, phone, address, or location. No advertising identifiers, IDFA, or cross-app tracking. No cookies. No third-party analytics, crash reporters, or SDKs of any kind. The iOS app talks only to Apple and to api.pushward.app.

How your data is handled

We process this data to operate the service (contractual basis) and to protect it from abuse (legitimate interest). API tokens and integration keys are stored as SHA-256 hashes -- we never see your plaintext tokens. Push delivery telemetry hashes destination tokens too, and payload contents are never logged. IP addresses are used transiently for rate limiting and discarded.

Where your data lives

Application data is hosted in the EU (Frankfurt). Push tokens transit Apple's APNs infrastructure (US-based), covered by the EU-US Data Privacy Framework and Standard Contractual Clauses. The only third parties that touch your data are Apple (Sign in with Apple and push delivery) and Cloudflare (DNS and TLS for pushward.app). We do not sell, rent, or share your data for advertising.

How long we keep it

Activities you create through the API are automatically deleted once their TTL expires. Everything else exists for as long as your account does -- delete your account from inside the iOS app and everything tied to you (devices, activities, tokens, integration keys) is removed by database cascade. Backups roll over within 30 days.

Your rights

Under the GDPR you can access, correct, export, or delete your data, restrict or object to processing, and lodge a complaint with the Polish data protection authority (UODO, uodo.gov.pl). Email [email protected] to exercise any of these rights -- we respond within 30 days. You can also delete your account directly from the iOS app at any time.

Changes & contact

If we change this policy, the updated version will be posted here. Questions: [email protected] · GitHub.