Privacy Policy

This Privacy Policy explains how NitroPush ("we", "us", or "our") collects, uses, and protects information when you use the NitroPush platform, including the admin dashboard, REST API, CLI, and native SDK ("Service"). By using the Service you agree to the practices described here.

1. Information We Collect

Account information

When you register or log in, we collect your email address, name (optional), and authentication credentials. If you authenticate via Google OAuth we receive your email address and profile name from Google.

Usage and analytics data

We collect information about how you use the dashboard — pages visited, actions taken, features used — to improve the Service. This data is associated with your account.

SDK telemetry

When you integrate the NitroPush SDK into your mobile app, the SDK sends telemetry events to our API on behalf of your end-users. These events may include:

• Event type (e.g. app_started, update_check, install_completed)
• App version and OTA version
• Device platform (iOS / Android), OS version, device model
• A client-generated unique device identifier (clientUniqueId)
• Network type and approximate device memory
• IP address (used for rate limiting; not stored long-term)

You are responsible for disclosing this data collection to your own end-users in your app's privacy policy.

Log and infrastructure data

We collect server logs including IP addresses, request paths, timestamps, and HTTP status codes for security and operational purposes. These logs are retained for up to 90 days.

Payment information

We use a third-party payment processor for billing. We do not store full payment card details on our servers. The processor's privacy policy governs the handling of your payment data.

2. How We Use Your Information

• Provide, maintain, and improve the Service.
• Authenticate your account and keep it secure.
• Send transactional emails (OTP codes, billing receipts, service notices).
• Deliver in-app and notification integrations (Slack, Discord) that you configure.
• Analyse aggregate usage patterns to guide product decisions.
• Detect and prevent abuse, fraud, and security incidents.
• Comply with legal obligations.

We do not sell your personal data to third parties.

3. Data Sharing

We share data only in the following circumstances:

• Service providers. We use sub-processors (cloud infrastructure, email delivery, payment processing) who access data only to perform services on our behalf and are bound by confidentiality obligations.
• Legal requirements. We may disclose data when required by law, court order, or to protect the rights, property, or safety of NitroPush, our users, or others.
• Business transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

4. Data Retention

We retain account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes (e.g. billing records for up to 7 years).

SDK telemetry events are retained for up to 12 months for analytics and then aggregated or deleted.

5. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• TLS encryption for all data in transit.
• Encryption at rest for database and object storage.
• HMAC-signed session tokens; no long-lived credentials stored in browsers.
• Role-based access control within the platform.
• Regular security reviews of infrastructure and dependencies.

No security measure is perfect. In the event of a data breach affecting your personal data we will notify you as required by applicable law.

6. Cookies and Local Storage

The admin dashboard uses a single session cookie (nitropush_admin_session) to maintain your logged-in state. This cookie is HTTP-only, Secure, and SameSite=Lax. We do not use advertising or tracking cookies.

The marketing website (nitropush.org) does not set cookies.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict processing of your data.
• Receive a portable copy of your data.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at contact@nitropush.org. We will respond within 30 days.

8. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

9. International Transfers

Your data may be processed in countries outside your own. Where we transfer data across borders we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or via a notice in the dashboard at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the most recent revision.

11. Contact

Questions or concerns about this Privacy Policy? Reach us at contact@nitropush.org.