1. Introduction

iotpush ("we", "our", or "us") is operated by DaSecure Solutions LLC, San Francisco, CA. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the iotpush website (iotpush.com) and mobile application (collectively, the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your email address and password (stored securely via Supabase Auth with bcrypt hashing).

Push Notification Tokens

If you enable push notifications, we store your device's Expo push token to deliver notifications. This token does not contain personal information and is used solely for notification delivery.

Messages & Topics

We store the topics you create and messages sent through the API. Message content is provided by you or your devices and is stored to provide message history functionality.

Subscriber Information

If you add webhook URLs or email addresses as subscribers, these endpoints are stored to deliver notifications.

Payment Information

Payment details are collected and processed directly by Stripe. We do not store your full credit card number on our servers. We receive only a summary (last four digits, card brand, expiration) for display in your account dashboard.

Usage Data

We may collect information about how you interact with the Service, including IP address, browser type, pages visited, and feature usage, to improve the Service.

3. How We Use Your Information

To provide and maintain the Service
To send push notifications to your subscribed devices
To deliver messages to your configured webhooks and email addresses
To authenticate your account and protect your topics
To process payments and manage your subscription
To communicate with you about your account or the Service
To detect and prevent fraud, abuse, and security threats
To improve the Service based on usage patterns

4. Data Storage & Security

Your data is stored securely using Supabase (hosted on AWS). All data is encrypted in transit via TLS/SSL. Passwords are hashed using bcrypt. We implement row-level security policies to ensure users can only access their own data.

5. Third-Party Services

We use the following third-party services:

Supabase — Database and authentication
Stripe — Payment processing
Expo / APNs / FCM — Push notification delivery
Resend — Email notification delivery
Vercel — Web hosting and edge functions

Each third-party service is governed by its own privacy policy. We encourage you to review their policies.

6. Cookies

We use essential cookies to maintain your session and authenticate your account. We may also use analytics cookies to understand how the Service is used. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent parts of the Service from functioning properly.

7. Data Retention

We retain your data for as long as your account is active. You may delete your account and all associated data at any time by contacting us. Messages are retained indefinitely unless you delete them from the dashboard. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

8. Your Rights

You have the right to:

Access your personal data
Correct inaccurate personal data
Delete your account and all associated data
Export your data in a portable format
Opt out of email notifications
Revoke push notification permissions at any time via device settings
Object to data processing where applicable

9. CCPA & GDPR

California Residents (CCPA): You have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your personal information.

EEA Residents (GDPR): You have the right to access, rectify, erase, restrict processing, and port your data. Our lawful basis for processing is contract performance and legitimate interest. To exercise any of these rights, contact us at support@iotpush.com.

10. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy, contact us at support@iotpush.com