Privacy Policy

1. What we collect

For organizations: We collect your email address, organization name, and any branding assets you upload (logo, brand color). We store hashed passwords, never plaintext.

For end users:We collect your device's Apple Push Notification token and a randomly generated device UUID. We do not require an account, email, or any personal information from end users.

2. How we use your data

• To deliver push notifications you've subscribed to
• To display organization profiles within the bzzz app
• To authenticate organization members on the dashboard
• To monitor and prevent abuse of the API

3. What we don't do

• We don't sell your data to anyone
• We don't track end users across apps or websites
• We don't use your data for advertising
• We don't store notification content after delivery

4. Data storage

Your data is stored on servers hosted by Vercel and Neon (PostgreSQL), both located in the EU. All data is encrypted in transit (TLS) and at rest. API keys are hashed with SHA-256. We never store them in plaintext.

5. Data deletion

Organizations can delete their account and all associated data from the dashboard settings. End users can unsubscribe from any organization at any time. Uninstalling the app removes the device registration.

6. Third-party services

We use Apple Push Notification service (APNs) to deliver notifications. We use Upstash Redis for rate limiting. We do not use any analytics or tracking services.

7. Contact

Questions about this policy? Email us at privacy@bzzz.sh