← Back to EasyNotifier

Privacy Policy

Last updated: May 2025 · This service is currently in beta.

1. Who we are

EasyNotifier is a self-hosted notification automation service. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

2. Data we collect

When you create an account and use EasyNotifier we collect:

  • Account data — your username, email address, and hashed password (passwords are never stored in plain text).
  • Notification configuration — the sources you monitor and destinations you send to (e.g. webhook URLs, bot tokens). All configuration data is stored encrypted at rest using AES-256-GCM.
  • Usage data — notification run history and API request logs used to operate and improve the service.
  • IP addresses — stored as one-way hashed values for security alerting (e.g. new-location login notifications). We never store your raw IP address.
  • OAuth identifiers — if you sign in with Google or GitHub we store the provider account ID to link it to your account. We do not receive your OAuth provider password.

3. How we use your data

  • To operate and deliver the service you signed up for.
  • To send you notifications you have configured.
  • To send transactional emails (email verification, password reset, security alerts).
  • To detect abuse and protect account security.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-party services

EasyNotifier interacts with third-party services on your behalf based on the notification rules you configure:

  • OAuth providers (Google, GitHub) for account sign-in.
  • Notification destinations you configure (Discord, Telegram, Slack webhooks). Your credentials for these services are stored encrypted and only used to deliver notifications.
  • Sources you configure (RSS feeds, GitHub, YouTube, Reddit, Docker Hub, custom APIs). These are fetched on your behalf at the interval you set.

5. Cookies

EasyNotifier uses cookies exclusively for operating the service. We do not use tracking, analytics, or advertising cookies.

  • Authentication token (token) — an HttpOnly cookie containing a signed JWT that keeps you logged in for up to 7 days. This cookie is strictly necessary for the service to function.
  • OAuth state (oauth_state, oauth_connect_user) — short-lived cookies (5 minutes) used to secure the OAuth sign-in flow. They are deleted immediately after use.

Because all cookies are strictly necessary for authentication, no separate consent is required under GDPR Article 5(3). You can clear cookies at any time through your browser settings, which will log you out.

6. Data retention

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us. Notification run history older than 90 days may be periodically purged.

7. Security

We take security seriously. All sensitive configuration data (webhook URLs, API tokens, etc.) is encrypted at rest. Passwords are hashed with bcrypt. We use HTTPS for all communication. Despite these measures, no system is perfectly secure — please use a strong, unique password and enable two-factor authentication.

8. Your rights

Depending on your location you may have rights to access, correct, or delete your personal data. To exercise these rights please contact us using the details below.

9. Beta disclaimer

EasyNotifier is currently in beta. Features and data practices may change. We will update this policy and notify users of material changes.

10. Contact

If you have questions about this Privacy Policy please contact us at the email address associated with this service.