Privacy Policy

This Privacy Policy explains how Bitnix Limited (“Pinglet”, “we”, “us” or “our”) collects, uses, shares and protects personal data when you use the Pinglet website at pinglet.co.uk, the Pinglet apps for iOS and Android, and the Pinglet API and dashboard (together, the “Service”).

Pinglet turns a single HTTP request into a native push notification. We have built the Service to collect as little personal data as possible: we do not run advertising, we do not use third-party analytics or tracking SDKs, and people who only receive notifications do not need an account.

1. Who this policy is for

There are two ways people use Pinglet, and we handle data differently for each:

• Senders — people who create a Pinglet account to create topics, generate publish keys and send notifications. Senders provide an email address and a password.
• Receivers — people who open a share link or scan a QR code to subscribe to a topic in the Pinglet app. Receiving notifications does not require an account; we do not ask receivers for a name, email address or any login.

2. The data we collect

2.1 Account data (Senders)

• Email address — used to sign in, to verify your account and to send service-related messages.
• Password — stored only as a salted Argon2id hash. We never store, log or have access to your plain-text password.
• Account settings — your plan (free or commercial), theme preference, and whether your email has been verified.

2.2 Sign-in and session data (Senders)

When you sign in to the dashboard we create a session. We store a hashed session token, a CSRF token, the IP address and the browser user-agent associated with the session, and an expiry time. The session cookie set in your browser is strictly necessary to keep you signed in.

2.3 Publish keys, topics and subscriptions

• Publish / API keys — shown to you once on creation and stored by us only as a SHA-256 hash, alongside a label, scope and timestamps. We cannot recover a key once it is created.
• Topics and namespaces — the names and display names you choose for your channels.
• Subscriptions — a record linking a device to the topics it subscribes to, so we know where to deliver notifications.

2.4 Device and push-registration data (Receivers and Senders)

To deliver push notifications, the app registers your device with us. We store:

• A push token from Apple Push Notification service (APNs) and/or Firebase Cloud Messaging (FCM). This token is encrypted at rest. It lets us deliver notifications to your specific device; it is not used to identify you personally.
• Your platform (iOS or Android).
• An anonymous device identifier (a random value we generate) and timestamps for when the device was created and last seen.

We do not collect your device model, OS version, app version, locale, timezone, advertising identifier (IDFA/IDFV/Android Advertising ID) or any similar device fingerprint.

2.5 Notification content

When a Sender publishes a notification, we process and temporarily store its content so it can be delivered and shown in the app’s history. This includes the title, body, priority (silent, normal, urgent), level (error, warning, success, info), any optional structured data, and any tap-through URL. Notification content is retained only for a limited period and then automatically deleted (see Retention).

Senders choose what to put in their notifications. Please do not include sensitive personal data or secrets in notification content. Senders are responsible for having a lawful basis to send the content they publish and for the people they invite or share links with.

2.6 Usage and technical data

• Usage metering — a per-month count of notifications sent, used to apply plan limits.
• IP addresses — processed to operate the Service, apply rate limits and protect against abuse. IP addresses are also stored as part of session records (see 2.2).
• Server logs — our servers produce operational logs to run and debug the Service.

2.7 Data stored on your device (the app)

The app keeps some information locally on your device — your subscriptions, a cache of recent notifications per topic, read/unread state and appearance preferences. This stays on your device and is not transmitted to us beyond what is described above. You can clear it at any time by resetting or uninstalling the app.

2.8 Support and contact data

If you contact us through our support form or by email, we process the name, email address and message content you provide so we can respond to and resolve your enquiry. We keep this correspondence only for as long as needed to deal with your query and for a reasonable period afterwards (see Retention).

3. What we do not do

• We do not show ads or use advertising identifiers.
• We do not use third-party analytics, behavioural tracking, crash-reporting or session-recording SDKs. Firebase Analytics and Ads are explicitly disabled in our apps; we use Firebase only for message delivery.
• We do not sell or rent your personal data.
• We do not request access to your location, contacts, photos, microphone or health data. (The app requests camera access only when you choose to scan a subscription QR code.)

4. How and why we use your data

Under the UK GDPR and EU GDPR we rely on the following lawful bases:

5. Sharing and third parties

We share data only with the providers needed to run the Service. These act as our processors (or, for the platform notification networks, as independent controllers of the delivery channel):

• Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM) — to deliver notifications to your device. The notification’s content and your device’s push token pass through these networks. See Apple’s and Google’s privacy information.
• Our hosting and database provider — [hosting provider], which stores the data described above on our behalf within the European Economic Area (EEA).
• SMTP2GO — our email delivery provider, used to send account verification and invitation emails.
• Bunny.net (BunnyCDN) — our content delivery network, which serves this website and processes support-form submissions in transit before they reach us.
• Google Fonts — this website loads a web font from Google’s servers, which involves your browser sending your IP address to Google when the page loads.

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety and security of Pinglet, our users or the public. If Pinglet is involved in a merger, acquisition or sale of assets, data may be transferred as part of that transaction.

We have not integrated a payment processor. Commercial plans are arranged directly with us; if that changes we will update this policy to name the payment provider.

6. International transfers

Your account and notification data is stored within the European Economic Area (EEA). However, some of our providers — including Apple and Google for notification delivery, SMTP2GO for email, and Google Fonts on this website — may process data outside the UK and the EEA, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum, the EU Standard Contractual Clauses, and/or the providers’ certification under the EU–U.S. and UK Data Privacy Framework.

7. How long we keep data

• Notification content — kept according to your plan and then deleted automatically: 24 hours on the free Personal plan and 30 days on the Commercial plan.
• Account data — kept for as long as you have an account, and deleted on request (see Your rights).
• Device registrations — automatically removed after a period of inactivity, or when the device unsubscribes or is unregistered.
• Sessions — expire automatically (typically within 7 days) and are then deleted.
• Email verification and invitation tokens — expire within 24 hours.
• Idle topics — with no subscribers and no messages are removed after a period of inactivity.
• Support correspondence — kept for as long as needed to handle your enquiry and for a reasonable period afterwards, then deleted.

8. How we protect your data

• All traffic to the Service is encrypted in transit using HTTPS/TLS.
• Passwords are stored as salted Argon2id hashes.
• Push tokens are encrypted at rest.
• Publish keys and session tokens are stored only as one-way hashes.

No system can be guaranteed perfectly secure, but we work to protect your data using appropriate technical and organisational measures.

9. Your rights

If you are in the UK or the EEA, you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased;
• restrict or object to our processing;
• data portability;
• withdraw consent where we rely on it.

To exercise any of these rights, contact us through our support form. Because receivers use Pinglet without an account, we may need additional information (such as a device’s subscription details) to locate any data relating to you. You can also stop all processing for a device at any time by unsubscribing or uninstalling the app.

If you have a concern we have not resolved, you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to your local EU supervisory authority.

10. Children

Pinglet is not directed to children and is not intended for use by anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.

12. Contact us

If you have any questions about this policy or how we handle your data, contact:

Bitnix Limited
Prior House, 129 High Street, Prestatyn, LL19 9AS
Contact us via our support form