PushFire Privacy Policy

This Privacy Policy describes how Flywheel Studio LLC, operating as PushFire ("PushFire," "we," "us," or "our"), collects, uses, shares, and protects information when you ("you," "client," or "user") use our push notification platform and related tools (the "Service"). By using the Service, you agree to this Privacy Policy.

Effective Date: February 17, 2026

Last Updated: February 17, 2026

This Policy covers:

• Clients – businesses, developers, or organizations that sign up for and use PushFire.
• End-Users – individuals who receive push notifications sent through our Clients' applications.
• Website Visitors – individuals who browse our marketing website at pushfire.app.

For Client data, PushFire acts as a data controller. For End-User data processed on behalf of Clients, PushFire acts only as a data processor. Clients are responsible for their own privacy policies and for obtaining all necessary rights and consents from their end-users.

When Clients use PushFire, we collect:

a. Account Registration Information – Information you provide when creating an account, such as your name, email address, company name, and optional contact information.

b. Payment Information – Payment details (e.g., billing name, billing address, and tokenized card details) are processed securely by Stripe. PushFire does not store full credit card numbers.

c. Firebase Configuration Data – Firebase Cloud Messaging (FCM) credentials, project identifiers, and service account keys that you provide to connect PushFire with your Firebase project.

d. Workflow and Campaign Data – Notification workflows, campaign configurations, audience segments, scheduling rules, and related content you create within the platform.

e. Usage and Analytics Data – Information about how you interact with the Service, including pages visited, features used, notification delivery metrics, and performance data.

When Clients use PushFire to send push notifications, we may process the following End-User data on their behalf:

• Device Tokens – Firebase Cloud Messaging device registration tokens provided by Client applications.
• Audience Segments – Tags, attributes, or identifiers that Clients assign to their end-users for targeting purposes.
• Notification Delivery Data – Delivery status, open rates, and interaction data for push notifications.

PushFire processes this data solely on the Client's instructions. We do not use End-User data for our own marketing or advertising purposes.

We use the information we collect to:

• Provide, maintain, and improve the PushFire platform and its features.
• Process payments and manage your account and subscription.
• Send transactional communications such as billing receipts, security alerts, and service updates.
• Deliver push notifications on behalf of Clients to their designated End-Users.
• Monitor and analyze usage trends to improve the Service.
• Detect, prevent, and address fraud, abuse, or technical issues.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information to third parties.

We may share information in the following circumstances:

• Service Providers – We use third-party vendors to help operate our Service, including Stripe (payment processing), Firebase/Google Cloud (notification delivery), Vercel (hosting), and Supabase (database and authentication). These providers access data only as needed to perform their services and are contractually bound to protect it.
• Legal Requirements – We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers – In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With Your Consent – We may share information for other purposes with your explicit consent.

Our website uses cookies and similar technologies for:

• Essential Cookies – Required for the website and platform to function properly (e.g., authentication, session management).
• Analytics Cookies – We use Google Analytics to understand how visitors interact with our website. This data is aggregated and anonymized where possible.

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data – Retained for the duration of your account plus 30 days after deletion to allow for account recovery.
• Payment Records – Retained for 7 years as required for tax and accounting compliance.
• Notification Delivery Logs – Retained for 90 days, then automatically purged.
• Usage Analytics – Retained in aggregated form indefinitely; individual-level data is retained for 12 months.

When data is no longer needed, we securely delete or anonymize it.

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Secure authentication via Supabase Auth with support for multi-factor authentication.
• Role-based access controls within the PushFire platform.
• Regular security reviews and monitoring of our infrastructure.
• Firebase service account keys are encrypted at rest and never exposed in client-side code.

While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@pushfire.app.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access – Request a copy of the personal data we hold about you.
• Correction – Request correction of inaccurate or incomplete data.
• Deletion – Request deletion of your personal data, subject to legal retention requirements.
• Portability – Request your data in a structured, machine-readable format.
• Objection – Object to certain processing activities, including direct marketing.
• Restriction – Request that we limit how we process your data in certain circumstances.

To exercise any of these rights, contact us at privacy@pushfire.app. We will respond within 30 days.

For EU/EEA Residents (GDPR): You have the right to lodge a complaint with your local data protection authority.

For California Residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. PushFire does not sell personal information.

PushFire is operated from the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

PushFire is not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@pushfire.app.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify active Clients via email for significant changes.
• Post the revised policy on our website.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

PushFire (Flywheel Studio LLC)

Email: privacy@pushfire.app

Website: https://www.pushfire.app