Privacy Policy
Last Updated: January 17, 2026
Version: 1.1
1. Introduction
Notifer ("we", "us", or "our"), operated by NexoLab Igor Barkowski (Gdańsk, Poland), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our notification service. We comply with the General Data Protection Regulation (GDPR) and other applicable global privacy laws.
2. Data We Collect
We collect information only to the extent necessary to provide our Service:
- Account Information: Email address, username, and encrypted password (or OAuth identifiers from Google/Apple if used for login).
- Notification Content: The content of the messages you send through our API/Service.
- Device Information: Push notification tokens, device identifiers, platform (iOS/Android), device name, and app version.
- Technical Data: IP address, browser type, and operating system (collected automatically for security and support).
- Communication Data: If you contact us via our support chat (Crisp), we collect the conversation history and associated metadata.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your data based on:
- Contractual Necessity: To provide the Service you signed up for.
- Legitimate Interest: For security, fraud prevention, and providing customer support.
- Legal Obligation: To comply with tax and accounting laws (e.g., via Paddle).
- Consent: For optional marketing communications (opt-in only).
4. Third-Party Data Processors
We share data with selected partners only to perform specific tasks. All our partners are compliant with strict privacy standards:
| Partner | Purpose | Data Location | Data Shared |
|---|---|---|---|
| OVH Cloud | Core Hosting & Databases | Germany (Frankfurt) | All Service and User Data |
| Paddle.com | Payments & Tax Compliance | UK / Global | Billing info, Email address |
| Expo | Push Notifications (iOS/Android) | USA | Push tokens, Device IDs, Message content |
| Crisp IM SARL | Support Chat & CRM | EU (France) | Email, Username, Subscription plan |
| SMTP2GO | Email Delivery | USA / Global | Recipient email, notification content |
| Google Analytics | Usage Analytics | USA / Global | Anonymized usage data (optional, can opt-out) |
5. Data Retention
- Notification History: Stored for up to 60 days (depending on your plan), then permanently and automatically deleted.
- Account Data: Retained as long as your account exists. If you delete your account, personal data is purged within 90 days.
- Support Conversations: Stored in Crisp until the user account is deleted or upon request.
- IP Addresses: Retained for 7 days for security purposes.
6. International Data Transfers
Your data is primarily stored on secure servers in Germany (OVH). However, some data may be transferred outside the EEA:
- Expo (USA): We use Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework to ensure your data receives equivalent protection.
- Paddle (UK): Transfers to the UK are covered by the European Commission's adequacy decision.
- SMTP2GO (USA): We use Standard Contractual Clauses (SCCs) to ensure equivalent data protection.
- Google Analytics (USA): Covered by EU-US Data Privacy Framework; you can opt-out via cookie settings.
7. Security
We implement robust security measures:
- Encryption: All data is encrypted in transit using TLS (SSL) and at rest.
- Authentication: Secure password hashing (bcrypt), JWT tokens.
- Isolation: User topics and messages are logically separated in our database.
- Infrastructure: We use professional-grade data centers (OVH) with strict physical and digital access controls.
8. Your Rights
Regardless of your location, you have the following rights:
- Right to Access: Obtain a copy of your personal data.
- Right to Rectification: Correct inaccurate information.
- Right to Erasure: Request deletion of your data ("Right to be forgotten").
- Right to Portability: Receive your data in a structured, machine-readable format (JSON).
- Right to Withdraw Consent: Where processing is based on consent.
- Right to Object: Object to processing based on legitimate interest.
- Right to Complain: File a complaint with your local supervisory authority (e.g., UODO in Poland).
To exercise these rights, please contact us at support@notifer.io.
9. Cookie Policy
This section explains what cookies we use, why we use them, and how you can control them.
9.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and provide functionality.
9.2 Types of Cookies We Use
Essential Cookies (Required)
These cookies are necessary for the Service to function and cannot be disabled.
| Name | Purpose | Duration |
|---|---|---|
accessToken | JWT authentication token (localStorage) | Session / 7 days |
refreshToken | Token refresh for persistent login (localStorage) | 30 days |
theme | Your preferred color scheme (light/dark) | Persistent |
notifer_cookie_consent | Your cookie preferences | 1 year |
Functional Cookies (Optional)
These cookies enable additional features. You can disable them in Cookie Settings.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
crisp-client/* | Crisp IM SARL | Live chat support widget, conversation history | 6 months |
Analytics Cookies (Optional)
These cookies help us understand how you use the Service. You can opt-out via Cookie Settings.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics | Distinguishes unique users | 2 years |
_ga_* | Google Analytics | Persists session state | 2 years |
Note: Google Analytics data is anonymized (anonymize_ip: true) for GDPR compliance.
9.3 Managing Your Cookie Preferences
You can manage your cookie preferences at any time:
- Cookie Banner: Click "Cookie Settings" when the banner appears
- Browser Settings: Configure your browser to block or delete cookies
- Opt-Out Links: Google Analytics Opt-out
Note: Disabling essential cookies will prevent you from using the Service.
9.4 Third-Party Cookies
Some cookies are set by third-party services we use:
- Google Analytics: See Google Privacy Policy
- Crisp: See Crisp Privacy Policy
- Paddle: See Paddle Privacy Policy (payment pages only)
10. U.S. Privacy Rights (CCPA/CPRA)
We do not "sell" your personal information as defined under California law. We only share data with service providers as described in Section 4 to provide the Service. California residents have additional rights under the CCPA/CPRA, which we respect.
11. Children's Privacy
Notifer is not intended for users under 16 years old. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us at support@notifer.io.
12. Changes to This Policy
We may update this Privacy Policy occasionally. For material changes:
- We will provide notice via email or app notification
- Changes will be posted on this page with an updated date and version
Continued use of the Service after changes constitutes acceptance.
13. Contact Information
- Company: NexoLab Igor Barkowski
- Email: support@notifer.io
- Phone: +48 739 567 348
- Address: Gdańsk, Poland
Last updated: January 17, 2026 | Version: 1.1