← Back to Home

Privacy Policy

Last updated: January 28, 2026

1. Introduction

AirPush ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our OTA update platform service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Profile picture (if using OAuth)
  • Organization name

2.2 Application Data

When you use our service, we store:

  • Application metadata (name, bundle ID, platform)
  • JavaScript bundles and assets you upload
  • Release configurations and deployment history
  • API keys (securely hashed)

2.3 Usage Analytics

We collect aggregated, anonymized data about how your app users receive updates:

  • Update download counts
  • Success/failure rates
  • Device platform distribution (iOS/Android)
  • App version distribution

Important: We do not collect personally identifiable information (PII) from your end users. Device IDs are anonymized using one-way hashing.

2.4 Technical Data

We automatically collect:

  • IP addresses (for security and rate limiting)
  • Browser type and version
  • Access timestamps
  • API request logs

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our services
  • Process and deliver OTA updates to your users
  • Send service-related communications
  • Detect and prevent fraud and abuse
  • Analyze usage patterns to improve performance
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

4.1 Service Providers

  • Supabase: Database and authentication
  • Cloudflare: CDN, edge computing, and storage
  • Resend: Transactional emails
  • Stripe: Payment processing

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests.

5. Data Security

We implement industry-standard security measures:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • API keys are hashed before storage
  • Regular security audits and penetration testing
  • Row-level security (RLS) for database access control

6. Data Retention

Data TypeRetention Period
Account dataUntil account deletion + 30 days
Bundle filesUntil deleted + 30 days
Analytics data90 days (aggregated indefinitely)
Audit logs1 year
API request logs30 days

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your data
  • Portability: Export your data in a machine-readable format
  • Objection: Opt out of certain data processing

To exercise these rights, contact us at privacy@airpush.dev.

8. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security (CSRF protection)
  • User preferences (theme, language)

We do not use third-party tracking cookies or sell data to advertisers.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

10. Children's Privacy

Our service is not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through a prominent notice on our website. Your continued use after such modifications constitutes acceptance.

12. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

Our legal basis for processing includes: contract performance, legitimate interests, consent, and legal obligations.

14. Contact Us

For privacy-related inquiries:

  • Email: privacy@airpush.dev
  • Support: support@airpush.dev

15. Data Protection Officer

For formal data protection requests, you may contact our Data Protection Officer at dpo@airpush.dev.

Terms of ServiceHome