Back to Home

PRIVACY POLICY

Effective Date: September 29, 2025
Last Updated: September 29, 2025

1. INTRODUCTION

This Privacy Policy ("Policy") governs the data collection, processing, and privacy practices of the Paddle Notifications mobile application ("App," "Service," "we," "us," or "our") developed and operated by the Developer ("Company"). By installing, accessing, or using the App, you ("user," "you," or "your") expressly consent to the collection, use, disclosure, and retention of your information as described in this Policy.

This Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy laws. We reserve the right to update this Policy at any time, and continued use of the App after changes constitutes acceptance of those changes.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

When you use our App, you voluntarily provide the following information:

  • Paddle API Credentials: Your Paddle API key for authentication with Paddle services
  • Webhook Configuration: Webhook URLs and webhook secrets for receiving Paddle event notifications
  • Account Information: Email address (if provided for support purposes)
  • User Preferences: App settings and notification preferences

2.2 Information Collected Automatically

The App automatically collects certain information through your use:

  • Device Information: Device model, operating system version, unique device identifiers (IDFA/IDFV), screen resolution
  • Push Notification Tokens: Apple Push Notification service (APNs) tokens for delivering notifications
  • Usage Analytics: App usage patterns, feature interactions, session duration, crash reports
  • Performance Data: App performance metrics, network latency, error logs
  • Firebase Analytics Data: Anonymous usage statistics and crash reporting

2.3 Information We Do NOT Collect

We explicitly do not collect:

  • Financial information or payment card details
  • Social Security numbers or government identifiers
  • Biometric data beyond Face ID/Touch ID authentication (stored locally only)
  • Location data
  • Contact lists or address books
  • Photos or media files

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

We use collected information for the following purposes:

  • Service Provision: To enable core App functionality including Paddle webhook integration and push notifications
  • Authentication: To securely connect to your Paddle account and validate API credentials
  • Notification Delivery: To send real-time alerts about Paddle events (subscriptions, payments, refunds, etc.)
  • Security: To protect against unauthorized access and maintain service integrity
  • Performance Optimization: To improve App performance and user experience
  • Technical Support: To diagnose issues and provide customer support

3.2 Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you
  • Legitimate Interests: Our legitimate business interests that do not override your rights
  • Consent: Where you have provided explicit consent
  • Legal Obligation: To comply with applicable laws and regulations

4. DATA STORAGE AND SECURITY

4.1 Storage Location and Duration

  • Local Storage: Sensitive credentials (API keys, webhook secrets) are stored locally on your device using iOS Keychain Services with hardware-level encryption
  • Cloud Storage: Non-sensitive preferences may be synced via iCloud (if enabled)
  • Retention Period: Data is retained only while you actively use the App. Uninstalling the App removes all locally stored data

4.2 Security Measures

We implement industry-standard security measures including:

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • iOS Security Features: Keychain Services, biometric authentication, App Transport Security
  • Access Controls: Credentials never leave your device except for authorized API calls
  • Regular Updates: Security patches and vulnerability fixes

4.3 Data Breach Procedures

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours via the App and/or email, as required by GDPR Article 34.

5. DATA SHARING AND DISCLOSURE

5.1 Third-Party Services

We share data only with the following essential service providers:

  • Firebase (Google LLC): Analytics, crash reporting, and performance monitoring
  • Apple Inc.: Push notification delivery via APNs
  • Paddle.com Market Limited: API authentication and webhook verification

5.2 Legal Disclosures

We may disclose your information when:

  • Required by law, subpoena, or court order
  • Necessary to protect our rights, property, or safety
  • Investigating suspected fraud or security issues
  • Part of a merger, acquisition, or asset sale (with notice)

5.3 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. YOUR PRIVACY RIGHTS

6.1 Rights Under GDPR (EU/EEA Residents)

You have the right to:

  • Access (Article 15): Obtain copies of your personal data
  • Rectification (Article 16): Correct inaccurate data
  • Erasure (Article 17): Request deletion ("right to be forgotten")
  • Restrict Processing (Article 18): Limit how we use your data
  • Data Portability (Article 20): Receive data in a portable format
  • Object (Article 21): Object to certain processing activities
  • Withdraw Consent: Revoke consent at any time

6.2 Rights Under CCPA/CPRA (California Residents)

California residents have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by us
  • Opt-Out of sale or sharing of personal information
  • Non-Discrimination for exercising privacy rights
  • Correct inaccurate personal information
  • Limit Use of sensitive personal information

6.3 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: Contact via App
  • Response Time: Within 30 days (GDPR) or 45 days (CCPA)

7. CHILDREN'S PRIVACY

The App is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will promptly delete such information. Parents believing we have information about their child should contact us immediately.

8. INTERNATIONAL DATA TRANSFERS

If you access the App from outside the United States, your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place including:

  • Standard Contractual Clauses approved by the European Commission
  • Compliance with EU-US Data Privacy Framework principles

9. COOKIES AND TRACKING

The App does not use cookies. We use Firebase Analytics which may collect anonymous identifiers for analytics purposes. You can disable analytics collection in the App settings.

10. THIRD-PARTY LINKS

The App may contain links to Paddle.com or other third-party services. We are not responsible for the privacy practices of these external sites. Review their privacy policies before providing personal information.

11. CHANGES TO THIS POLICY

We reserve the right to modify this Policy at any time. Material changes will be notified via:

  • In-app notifications
  • Email (if provided)
  • Prominent notice in the App

Continued use after changes constitutes acceptance of the modified Policy.

12. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE DEVELOPER BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, OR OTHER INTANGIBLE LOSSES ARISING FROM YOUR USE OF THE APP OR THIS PRIVACY POLICY.

OUR TOTAL LIABILITY FOR ALL CLAIMS RELATED TO THIS PRIVACY POLICY SHALL NOT EXCEED FIFTY DOLLARS ($50.00 USD).

13. DISPUTE RESOLUTION

13.1 Governing Law

This Policy shall be governed by the laws of the State of Delaware, United States, without regard to conflict of law principles.

13.2 Mandatory Arbitration

Any dispute arising from this Policy shall be resolved through binding individual arbitration under the American Arbitration Association rules, not in court, except for small claims court if eligible.

13.3 Class Action Waiver

You waive any right to bring claims on a class, representative, or collective basis. Claims may only be brought individually.

14. CONTACT INFORMATION

For privacy-related questions, concerns, or to exercise your rights, contact:

Data Protection Officer
Email: Contact via App
Address: Contact via App

For EU/EEA residents, you may also contact your local Data Protection Authority.

15. CALIFORNIA PRIVACY RIGHTS DISCLOSURE

California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information for direct marketing purposes.

16. SEVERABILITY

If any provision of this Policy is held invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced with a valid provision that comes closest to the intent of the original.

17. ENTIRE AGREEMENT

This Privacy Policy constitutes the entire agreement between you and the Developer regarding privacy practices for the App and supersedes all prior agreements and understandings.

By using the Paddle Notifications App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.