Privacy

Last updated: 4 March 2026

1. Who We Are

Pushpush (pushpu.sh) is a push notification delivery service operated by Tom Ashworth, an individual based in the United Kingdom.

Tom Ashworth is the data controller for the personal data processed through Pushpush.

Contact: privacy@pushpu.sh

2. What We Collect

Identity data

When you sign up, we receive a pseudonymous user ID from our authentication provider, Kinde (e.g. kp_xxxxxxxx). This ID is used to scope your topics and tokens. Pushpush does not store your name.

Email address

Your email address is collected and stored by Kinde during registration. Pushpush itself does not store your email, but Kinde holds it on our behalf as a sub-processor.

Device data

When you enable push notifications in the iOS app, we collect:

Your APNs device token (a 64-character hex string assigned by Apple)
The list of topics your device is subscribed to

Message content

When you publish a message via the API, we process:

Topic name
Title and body text
Priority level
Tags
Click URL, action button URLs, attachment URLs, and icon URLs

Technical data

Our infrastructure automatically logs:

IP addresses
HTTP request metadata (method, path, status code, response duration, remote address)

Auth tokens

Pushpush issues JWT tokens containing your org identifier, subject, issued-at time, and expiry. The iOS app stores these in the device Keychain. OAuth transient state (auth codes, PKCE challenges) is stored in Firestore with a 5-minute TTL and automatically deleted after expiry.

Payment data

Payment is processed by Stripe. Pushpush never receives or stores your card number. Stripe collects your payment card details and billing information directly.

Data stored only on your device

The following data stays on your device and is never sent to our servers:

Last-seen message IDs (stored in UserDefaults)
Dismissed message IDs (stored in UserDefaults)
Kinde session cookies (may persist in Safari from the OAuth sign-in flow)

3. How We Use Your Data

Purpose & data used:

Authenticate you and issue tokens
Kinde user ID, email (via Kinde), OAuth state
Deliver messages to your topics
Message content, topic subscriptions
Send push notifications to your device
APNs device token, notification content
Process payments
Payment data (via Stripe)
Prevent abuse and maintain security
IP addresses, request logs, auth tokens
Debug issues
Request logs, technical metadata

4. Lawful Basis

Processing activity, lawful basis and explanation:

Authentication and token issuance
Contract performance
Necessary to provide the service you signed up for
Message storage and delivery
Contract performance
Core function of Pushpush
Push notification delivery
Contract performance
Core function of Pushpush
Payment processing
Contract performance
Necessary to fulfil paid subscriptions
Security logging and abuse prevention
Legitimate interest
Protecting the service and its users from misuse
Infrastructure request logging
Legitimate interest
Diagnosing errors and maintaining service reliability

5. Who We Share Your Data With

We do not sell your data. We do not use your message content or personal data to train AI models. We share data only with the following processors, each of which is necessary to operate the service.

Processor, data shared, purpose and location:

Kinde (Kinde Australia Pty Ltd)
User credentials, email, user ID, auth tokens
Authentication via OAuth 2.0 PKCE
Australia
Google Cloud (Google Cloud EMEA Limited)
All API requests, messages, device tokens, logs, IP addresses
Hosting, storage, compute (Cloud Run, Firestore)
europe-west1, Belgium
Apple (Apple Inc.)
APNs device tokens, notification content (title, body, priority)
Push notification delivery via APNs
United States
Stripe (Stripe Inc.)
Payment card details, billing information
Payment processing
United States

6. International Transfers

Your data originates in, or is controlled from, the United Kingdom. Some processors operate outside the UK.

Transfer and mechanism:

UK to Australia (Kinde)
Australia does not have a UK adequacy decision.
UK to Belgium (Google Cloud)
Adequate — data at rest in the EEA. Google's US parent covered by DPA, SCCs, and UK Extension to EU-US Data Privacy Framework
UK to United States (Apple APNs)
UK Extension to EU-US Data Privacy Framework
UK to United States (Stripe)
UK Extension to EU-US Data Privacy Framework

7. How Long We Keep Your Data

Data and retention period:

Messages
30 days (auto-deleted from Firestore)
Device tokens
Until you delete your account or unregister the device
Topic subscriptions
Until you delete your account or unregister the device
Access tokens
7 days
Refresh tokens
30 days
MCP tokens
Up to 30 days (or no expiry for CI/automation use cases)
Infrastructure logs
2 years
Payment records
Per Stripe's retention policy
Kinde account data
Until you delete your Kinde account

8. Your Rights

Under UK data protection law, you have the right to:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — ask us to delete your data (see Account Deletion below).
Restriction — ask us to limit how we process your data.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interest.
Complaint — lodge a complaint with the Information Commissioner's Office (see Contact below).

To exercise any of these rights, email privacy@pushpu.sh. We will respond within 30 days.

9. Account Deletion

You can request account deletion by emailing privacy@pushpu.sh or using the delete option in the iOS app.

When you delete your account:

Your device tokens and topic subscriptions are deleted immediately.
Any remaining messages expire within 30 days (or sooner if they have already reached their TTL).
Access and refresh tokens expire naturally (7 and 30 days respectively).
Infrastructure logs containing your IP address are retained for up to 2 years.
Your Kinde account is separate. To delete it, contact us at support@pushpu.sh and we will request deletion on your behalf, or contact Kinde directly.

Account deletion is completed within 30 days of your request.

10. Children

Pushpush is not intended for anyone under the age of 16. We do not knowingly collect data from children. If we become aware that a user is under 16, we will delete their account and associated data promptly.

11. Cookies and Similar Technologies

The Pushpush iOS app does not use cookies. It does not include any analytics SDKs, advertising identifiers, or tracking technologies.

During sign-in, the app opens a Safari-based OAuth flow. Safari may retain session cookies from Kinde. These cookies are managed by Safari and are not accessible to the Pushpush app.

The MCP OAuth flow may also store session cookies in your browser during authentication. These are used solely for the authentication process.

The Pushpush API does not set cookies.

12. Security

All data in transit is encrypted with TLS.
Data at rest in Firestore is encrypted by Google Cloud.
Auth tokens are stored in the iOS Keychain.
Pushpush does not store passwords. Authentication is delegated to Kinde.
JWTs are signed with HMAC-SHA256.
No analytics, crash reporting, or advertising SDKs are included beyond Apple's built-in mechanisms.

13. Data Breaches

In the event of a personal data breach that poses a risk to your rights:

We will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach.
We will notify affected users without undue delay.

14. Changes to This Notice

If we make material changes to this privacy notice, we will notify you by email (via Kinde) or through an in-app notice. The "Last updated" date at the top will always reflect the most recent revision.

15. Contact

For any privacy-related questions or requests:

Email: privacy@pushpu.sh

To lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO) Website: ico.org.uk Helpline: 0303 123 1113