Privacy Policy

Last updated: March 2025

What we collect

The backend stores the minimum data required to route push notifications to your device:

Your device's APNs push token — provided by Apple, used to deliver notifications.
A SHA-256 digest of your device webhook secret and user webhook secret. These are one-way hashes; the raw secrets are never transmitted to or stored by the server.
An optional human-readable device label (e.g. "iPhone 15 Pro") that you choose.

That is the complete list. No email address, no name, no account, no analytics.

What we do not collect

Notification contents — the message, title, and any other payload fields pass through the server in-flight and are never logged or persisted.
Your raw webhook secret — generated on-device, stored in your private iCloud. The server only ever sees its SHA-256 hash.
IP addresses or request metadata — requests are processed by Cloudflare Workers; no access logs are written by the application.
Notification history — history is stored on your device only (via SwiftData). Deleting the app removes it.

Where data is stored

Device records (APNs token + digests + label) are stored in Cloudflare KV, a globally-distributed key-value store operated by Cloudflare, Inc. Data is replicated across Cloudflare's edge network.

Your raw webhook secrets are synced across your own devices using iCloud CloudKit (Apple's private database). This data lives in your personal iCloud account and is inaccessible to us.

How data is used

The stored data has exactly one purpose: when a webhook request arrives at /api/v1/:secret, the server hashes the secret, looks up the corresponding APNs token, and forwards the notification to Apple's Push Notification service (APNs). Nothing else.

Third parties

Apple (APNs) — notifications are delivered via Apple's infrastructure. Apple's privacy policy governs their handling of push tokens.
Cloudflare — the worker and KV storage run on Cloudflare's platform. Cloudflare may log metadata at the network layer per their own privacy policy.

There are no advertising networks, analytics SDKs, or data brokers involved.

Data deletion

You can remove your device's stored record at any time from within the app (Settings → Unregister device). This deletes the APNs token and both digests from Cloudflare KV. The device will stop receiving notifications immediately.

Deleting the iOS app removes all local notification history and your webhook secrets from iCloud.

Security

Webhook secrets are generated using a cryptographically secure random number generator (SecRandomCopyBytes) and are 32 characters long. Only their SHA-256 hash reaches the server, so a database breach would not expose your webhook URL.

All traffic between the app, the server, and APNs uses TLS.

Children

This service is not directed at children under 13. We do not knowingly collect data from minors.

Changes

If this policy changes materially, the updated date at the top will reflect that. Continued use of the service after changes constitutes acceptance.

Contact

Questions? Open an issue or reach out via the app's support link.