Privacy Policy

Last Updated: November 3, 2025

Introduction

NexoLab Igor Barkowski operates the notifer.io website and mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

We are committed to transparency and protecting your privacy. This policy is written in plain language to help you understand exactly what data we collect and why.

Data We Collect

1. Account Information

When you create an account, we collect:

• Email address - for login and important service notifications
• Username - your chosen display name
• Password - stored as a secure hash (we cannot see your actual password)
• OAuth data - if you sign in with Google (provider ID and email)

2. Device Information (Mobile Apps)

When you use our mobile apps, we collect:

• Push notification token - required to send notifications to your device
• Device ID - unique identifier from your device manufacturer
• Platform - iOS or Android
• Device name - (optional) e.g., "iPhone 14 Pro"
• App version - to provide support and fix bugs

3. Usage Data

When you use the Service, we automatically collect:

• Messages - content you publish to topics (stored for 30 days)
• Topics - names of topics you create or subscribe to
• Timestamps - when you create topics, send messages, or log in
• IP address - temporarily logged for security and debugging (typically deleted within 7 days)

4. Cookies and Analytics

We use:

• Essential cookies - for authentication (JWT tokens) - required for the Service to work
• Google Analytics - to understand how people use our Service (anonymized data)

You can control analytics cookies through our cookie banner.

How We Use Your Data

We use your data solely to provide and improve the Service:

1. Deliver notifications - send messages to your devices in real-time
2. Authentication - verify your identity and keep your account secure
3. Service functionality - manage topics, subscriptions, and message history
4. Customer support - help you when you contact us with issues
5. Service improvement - analyze usage patterns to fix bugs and add features
6. Legal compliance - comply with applicable laws and regulations

We never:

• ❌ Sell your data to third parties
• ❌ Use your message content for advertising
• ❌ Share your data except as described in this policy

Data Sharing and Third Parties

We share your data only with service providers necessary to operate Notifer:

Expo Push Notifications

• Purpose: Send push notifications to iOS and Android devices
• Data shared: Push tokens, device IDs, message content (temporary)
• Location: United States
• Legal basis: EU-US Data Privacy Framework
• More info: Expo Privacy Policy

Cloud Infrastructure

• Providers: OVHCloud or similar hosting services
• Purpose: Host our servers and databases
• Data shared: All Service data (encrypted at rest)
• Location: European Union

Payment Processing (Paid Plans)

• Provider: AutoPay
• Purpose: Process subscription payments
• Data shared: Email, billing information

Analytics

• Provider: Google Analytics
• Purpose: Understand Service usage
• Data shared: Anonymized usage data (no message content)
• Control: You can opt-out via cookie settings

International Data Transfers

We are based in Poland (European Union).

Some of our service providers are located outside the EU:

• Expo Push Service: United States (covered by EU-US Data Privacy Framework)

We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• EU-US Data Privacy Framework participation
• Encryption in transit and at rest

Data Retention

After deletion, data may remain in backups for up to 90 days before permanent deletion.

Your Rights (GDPR)

Under European data protection law (GDPR), you have the right to:

1. Access Your Data

Request a copy of all personal data we hold about you.

How: Settings → Account → Download My Data

2. Rectification

Correct inaccurate or incomplete data.

How: Settings → Account → Edit Profile

3. Erasure ("Right to be Forgotten")

Request deletion of your account and all associated data.

How: Settings → Account → Delete Account

Note: After deletion, we cannot recover your data.

4. Data Portability

Download your data in JSON format.

How: Settings → Account → Download My Data

5-8. Other Rights

You may also:

• Restrict processing of your data
• Object to processing
• Withdraw consent (e.g., for marketing emails)
• File a complaint with UODO (uodo.gov.pl)

Contact: support@notifer.io

Data Security

We take security seriously:

• ✅ Encryption: HTTPS for all connections, encrypted database storage
• ✅ Authentication: Secure password hashing (bcrypt), JWT tokens
• ✅ Access control: Private topics protected by authentication
• ✅ Regular updates: Security patches applied promptly
• ✅ Monitoring: Automated alerts for suspicious activity

However, no system is 100% secure. We recommend:

• Use strong, unique passwords
• Enable two-factor authentication (coming in v1.1)
• Don't publish sensitive data to public topics

Children's Privacy

Notifer is not intended for users under 18 years old. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us at support@notifer.io.

Changes to This Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated "Last Updated" date.

Material changes will be communicated via:

• Email notification
• In-app announcement
• Banner on notifer.io

Continued use of the Service after changes constitutes acceptance.

Contact Us

Questions or concerns about privacy?

• Support: support@notifer.io

Summary: We collect only what's necessary to provide Notifer. Your message content is yours, stored for 30 days, and never used for advertising. You can export or delete your data anytime.

Questions? Contact us at support@notifer.io