Privacy Policy
Last updated: July 2, 2026
1. Who We Are
PingParrot ("we," "our," or "us") is a critical alert paging service operated from Canada. Our service is available at pingparrot.app. If you have any questions about this policy, contact us at [email protected].
2. Information We Collect
We collect only the information necessary to provide our service:
- Account information: Your name, email address, and password (stored as a bcrypt hash — we never store your plaintext password).
- Organization information: Your organization name.
- Device tokens: Firebase Cloud Messaging (FCM) tokens from your mobile devices, used to deliver push notifications.
- Usage data: Pages sent, recipients notified, acknowledgement timestamps, and delivery logs.
- Billing information: Payment details are processed and stored by Stripe. We store only a Stripe customer ID and subscription status — we never see or store your full card number.
- API keys: Hashed API keys used to authenticate integrations with our REST API.
3. How We Use Your Information
We use the information we collect to:
- Create and manage your account and organization.
- Deliver push notifications to your registered pager devices.
- Log page delivery attempts and acknowledgements for your audit trail.
- Process payments and manage your subscription via Stripe.
- Send transactional emails (email verification, password reset, invoices).
- Respond to support requests you send us.
- Improve and maintain the reliability of our service.
We do not use your data for advertising, and we do not sell your data to third parties.
4. Third-Party Services
We rely on the following third-party services to operate PingParrot:
- Firebase (Google): Used to deliver push notifications to Android and iOS devices. Device tokens are transmitted to Firebase servers. See Firebase Privacy.
- Stripe: Used to process payments and manage subscriptions. Billing data is governed by Stripe's Privacy Policy.
- Brevo (formerly Sendinblue): Used to deliver transactional emails. Email content and recipient addresses are transmitted to Brevo. See Brevo Privacy Policy.
5. Data Retention
We retain your account data for as long as your account is active. Page logs and delivery history are retained for a minimum of 90 days. When you delete your account, your personal data is deleted within 30 days, except where retention is required by law (e.g., billing records).
6. Data Security
All data is transmitted over HTTPS/TLS. Passwords are hashed using bcrypt. API keys are hashed before storage. We do not store payment card details. Access to production systems is restricted to authorized personnel only.
7. Cookies
We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Your theme preference (light/dark) is stored in localStorage on your device only — it is never sent to our servers.
8. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data via your profile settings.
- Delete your account and associated data by contacting us.
- Export your data — contact us and we will provide a copy in a machine-readable format.
- Withdraw consent at any time by deleting your account.
To exercise any of these rights, email us at [email protected].
9. Children's Privacy
PingParrot is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of PingParrot after changes constitutes acceptance of the updated policy. For material changes, we will notify you by email.
11. Contact
If you have questions or concerns about this Privacy Policy, please contact us at [email protected] or use our contact form.