Push To Display
Menu
Sign inGet Started Free
Toggle theme
Privacy Policy

Privacy policy

Effective April 14, 2026

This Privacy Policy explains how Goban Source, LLC ("we," "us," or "our") collects, uses, and protects information when you use the Push To Display platform, including the API, admin portal, mobile display applications, and related services (collectively, the "Service"). We store only the minimum information required to operate the Service. We do not sell personal information.

1

Information we collect

Account information. When you sign in through Apple, Microsoft, or Google, we receive your name, email address, and account identifier from your identity provider. We do not collect passwords.

Board and device data. We store board configurations, device registrations, API key metadata, and display message payloads necessary to operate the Service.

Usage analytics. We use Firebase Analytics to collect anonymized interaction events such as screen views, authentication attempts, paywall interactions, and feature usage. These events do not contain message content.

Crash and error reports. Firebase Crashlytics collects crash logs, stack traces, and device metadata (model, OS version) to help us diagnose and fix issues.

Purchase data. Subscription and purchase information is managed by RevenueCat. We receive entitlement status and transaction identifiers but do not store payment card details.

Device identifiers. Firebase Cloud Messaging uses device tokens to deliver push notifications. These tokens are scoped to the app installation and are not used for advertising.

2

How we use your information

We use collected information to: (a) authenticate you and manage your account; (b) deliver display messages to your registered devices; (c) manage subscriptions and entitlements; (d) monitor service performance and diagnose errors; (e) improve the Service based on anonymized usage patterns; and (f) communicate service updates and security notices. We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

3

Legal basis for processing

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

Contract performance. Processing your account information, board and device data, and message payloads is necessary to provide the Service you signed up for.

Legitimate interest. We use analytics and crash data to maintain, secure, and improve the Service. These interests do not override your privacy rights because the data is anonymized or minimized.

Legal obligation. We may process data to comply with applicable laws, regulations, or legal proceedings.

4

Cookies and tracking technologies

The Push To Display web dashboard uses cookies and local storage for authentication session management and user preferences. We do not use advertising cookies or cross-site tracking pixels. Firebase Analytics in the mobile app uses device-level identifiers scoped to the app installation; these are not shared across apps or used for ad targeting.

Do Not Track. The Service does not track users across third-party websites. We do not currently respond to browser "Do Not Track" signals because there is no industry standard for compliance. You can control cookies through your browser settings.

5

Third-party services

The Service integrates with the following third-party services, each governed by their own privacy policies:

Firebase (Google LLC) — Analytics, Crashlytics, Cloud Messaging, and Remote Config. RevenueCat (RevenueCat, Inc.) — Subscription and purchase management. Identity providers (Apple, Microsoft, Google) — Authentication via OAuth. Cloud infrastructure (Microsoft Azure) — Hosting, data storage, and compute services.

We do not sell, rent, or share your personal information with third parties for their marketing purposes. These third-party services act as data processors on our behalf and are contractually obligated to protect your data.

6

International data transfers

The Service's primary infrastructure is hosted in the European Union. Goban Source, LLC is a United States entity, and our team may access your data from the United States for support, maintenance, and operational purposes. Some third-party services we use (such as Firebase and RevenueCat) may process data in the United States. For any transfer of personal data from the European Economic Area or the United Kingdom to the United States, we rely on Standard Contractual Clauses approved by the European Commission and other applicable safeguards. If you access the Service from outside the EU, your data will be transferred to and stored in the EU.

7

Data retention

We retain account data for as long as your account is active. Display message payloads are stored temporarily for delivery and may be retained in logs for up to 90 days for troubleshooting. Crash logs are retained for up to 90 days. Analytics data is retained in aggregate form for up to 14 months. RevenueCat transaction records are retained for as long as required for subscription management and legal compliance. When you delete your account, we remove your personal data, board configurations, and API keys. Residual copies in encrypted backups are purged within 30 days.

8

Data security

We use industry-standard measures to protect your data, including encrypted connections (TLS), signed API keys for API authentication, and scoped authorization per board. No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately.

9

Data breach notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, as required by applicable law. Notification will include the nature of the breach, the data affected, and the steps we are taking to address it. We will also notify the relevant supervisory authority where required.

10

Your rights

You may request access to, correction of, or deletion of your personal data at any time by contacting [email protected] or through the account deletion option in the app settings. We will respond to data requests within 30 days.

EEA and UK residents (GDPR). You have the right to access, rectify, erase, restrict processing, port your data, and object to processing based on legitimate interest. You may also lodge a complaint with your local supervisory authority.

California residents (CCPA/CPRA). You have the right to know what personal information we collect, request deletion, and opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service. To exercise your rights, contact [email protected]. We will not discriminate against you for exercising any of these rights.

Analytics opt-out. You may limit analytics collection by disabling Firebase Analytics at the device level through your mobile device settings or by contacting us to request opt-out. Opting out does not affect the core functionality of the Service.

11

Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

12

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. Continued use of the Service after changes become effective constitutes acceptance of the updated policy. The date at the top of this page indicates when the policy was last revised.

Contact

Questions

For privacy requests or questions, contact us at [email protected]. Include your account email so we can respond quickly.

Goban Source, LLC