← back to plingpush.com

Privacy policy

Last updated: March 30, 2026

Pling ("we", "our", "the app") is a push notification and SSH terminal app for iOS. Your privacy matters to us. This policy explains what data we collect, how we use it, and what we don't touch.

1. Information we collect

We collect only what's necessary to provide the service:

• Apple ID identifier — used for Sign in with Apple authentication. We receive an opaque user ID, and optionally your name and email if you choose to share them.
• API token — a SHA-256 hashed token stored on our server to authenticate push requests. The raw token is stored in your device's iOS Keychain.
• Device token — your APNs device token, used to deliver push notifications to your device.
• Push notification content — titles and messages you send via the API are stored temporarily for delivery and retained for up to 90 days (Pro) or 7 days (free).
• Subscription status — your Pro/free tier, synced via Apple's StoreKit.

2. Information we do NOT collect

We want to be explicit about what we don't touch:

• SSH credentials — passwords, private keys, and known hosts are stored exclusively in the iOS Keychain on your device. They never leave your phone.
• Terminal session content — we do not log, transmit, or store anything you type or see in SSH/Mosh sessions.
• Location data — we don't request or collect your location.
• Analytics or tracking — no third-party analytics SDKs, no ad networks, no fingerprinting.
• Contacts, photos, or files — we don't access these unless you explicitly pick a photo for your avatar.

3. How we use your information

• Authenticate your account (Sign in with Apple)
• Deliver push notifications to your device via APNs
• Enforce rate limits and prevent abuse
• Sync your subscription tier

4. Data storage and security

• Backend: Cloudflare Workers + D1 (SQLite). Data is processed at Cloudflare's edge, closest to you.
• API tokens: stored as SHA-256 hashes. We cannot recover your raw token.
• SSH keys: stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly. They never leave your device.
• iCloud sync: if enabled, hosts and snippets sync via CloudKit. SSH keys can optionally sync via iCloud Keychain.
• E2E encryption: Pro users can enable end-to-end encryption for push notification content using P-256 ECIES.

5. Third-party services

• Apple Push Notification service (APNs) — delivers push notifications.
• Apple Sign in with Apple — authenticates your account.
• Apple StoreKit — handles subscriptions.
• Cloudflare — hosts our API backend.

We do not use any third-party analytics, advertising, or tracking services.

6. Data retention

• Push notification records are automatically deleted after 7 days (free) or 90 days (Pro).
• Rate limit counters are cleaned up daily.
• Account deletion removes all associated data (notifications, tokens, devices, hosts) immediately.

7. Your rights

You can at any time:

• Delete your account — in Settings, which permanently removes all server-side data.
• Revoke your API token — immediately stops all push notifications.
• Sign out — clears your session.
• Uninstall the app — removes all local data including Keychain credentials.

8. Children's privacy

Pling is not directed at children under 13. We do not knowingly collect data from children.

9. Changes to this policy

We may update this policy occasionally. Changes will be posted on this page with an updated date.

10. Contact

Questions? Email us at hello@plingpush.com.