Legal / Privacy
Privacy Policy
A product-specific account of the data BetterCodePush needs to deliver React Native updates. We do not sell personal data or use it for targeted advertising.
1. Scope and roles
This Privacy Policy explains how BetterCodePush (“BetterCodePush,” “we,” “us,” or “our”) handles personal data when you visit bettercodepush.com, use the BetterCodePush console, APIs, command-line tools, hosted update service, or related services (together, the “Service”).
For account, website, and business-contact data, BetterCodePush acts as the party that decides why and how the data is processed. For data that our customers send through the Service about their app installations or end users, BetterCodePush generally processes that data on the customer's behalf. The customer remains responsible for its own app privacy notice, permissions, and lawful basis.
2. Data we collect
| Category | What it includes | How we receive it |
|---|---|---|
| Account and workspace | Name, email address, password hash, organization name, memberships, roles, invitations, and account timestamps. | From you or an organization administrator. |
| Authentication and security | Session tokens, essential security cookies, IP address, user agent, API-key prefix and hash, last-used time, and security or audit events. | Automatically when you sign in or use the APIs and CLI. |
| Apps and releases | App identifiers, platform, public signing keys, release messages, Git commit hashes, channels, rollout settings, versions, fingerprints, update bundles, assets, manifests, checksums, and release history. | From you and your release tooling. |
| Update checks and usage | Customer and app identifiers, platform, app version, timestamps, and a SHA-256 hash of the SDK's random per-install identifier. We do not persist the raw installation identifier in our metering database. | Automatically when an installed app checks for an update. |
| Website and support | Standard request data such as IP address, request time, requested URL, and browser information; plus messages and attachments you send when asking for help. | From your browser, our infrastructure providers, or directly from you. |
Please do not include secrets or personal end-user data in release messages, file names, source maps, bundles, or other uploaded content unless it is necessary and you are authorized to do so. BetterCodePush does not need your app users' names, email addresses, advertising identifiers, precise locations, contacts, or payment details to deliver an update.
3. How we use data
We use the data described above to:
- create accounts, authenticate users, and manage organizations and permissions;
- build, store, sign, distribute, roll out, disable, and troubleshoot app updates;
- measure monthly active installations and show service usage;
- secure the Service, rate-limit abuse, investigate incidents, and keep audit records;
- respond to support, legal, and operational requests;
- maintain, debug, and improve the reliability of the Service; and
- comply with law and enforce our Terms and Conditions.
We do not sell personal data. We do not share personal data for cross-context behavioral advertising, and we do not use app-installation data to profile end users or advertise to them.
4. Legal bases
Where applicable law requires a legal basis, we process data as needed to perform our agreement with you; for legitimate interests such as securing, operating, and improving the Service; to comply with legal obligations; and with consent where we specifically ask for it. You may withdraw consent at any time, without affecting earlier processing.
6. Retention
We keep data only while it serves the purposes described in this Policy:
- account, organization, app, release, and audit data is generally retained while the related account or workspace remains active and for a reasonable period afterward;
- raw monthly installation-activity rows containing hashed installation identifiers are scheduled for deletion after 12 months;
- monthly aggregate usage totals may be kept longer for operational, security, accounting, and legal needs;
- expired sessions and temporary verification or idempotency records are retained only for their operational lifetime;
- update artifacts remain available while needed to serve or preserve release history, unless deleted under the product's lifecycle rules; and
- backups and provider logs may persist for a limited additional period before rotating out.
We may retain specific records longer when required by law, necessary to resolve a dispute, protect the Service, or enforce an agreement. Deleting or disabling a release in the console may preserve its history rather than immediately erasing every associated record.
8. Security
We use technical and organizational safeguards designed for the nature of the Service, including encrypted transport, password hashing, hash-only API-key storage, tenant-scoped access controls, audit records, and optional release signing. No system is perfectly secure, and we cannot guarantee that unauthorized access, loss, or disclosure will never occur.
You are responsible for protecting account credentials, API keys, and private signing keys. Never place a BetterCodePush API key or private signing key inside a shipped mobile app.
9. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of personal data; object to or restrict certain processing; withdraw consent; or appeal a decision. You may also have the right to complain to a local data-protection authority.
To make a request, email [email protected]. We may need to verify your identity and authority. If your data was submitted by a BetterCodePush customer through its app, contact that customer first; we will support the customer in responding where required. Authorized agents may submit requests where local law permits.
10. International data transfers
BetterCodePush and its infrastructure providers may process data in countries other than yours. Those countries may have different data-protection laws. Where required, we use an appropriate transfer mechanism and contractual or organizational safeguards for such transfers.
11. Children
BetterCodePush is a developer and business service and is not directed to children. You must be at least 18 years old, or the age of legal majority where you live, to create an account. We do not knowingly collect personal data directly from children through the Service. If you believe a child provided us with personal data, contact us so we can review and address it.
12. Changes and contact
We may update this Policy as the Service or law changes. We will post the revised version here, update the effective date, and provide additional notice when a change is material and applicable law requires it.
Questions or requests about privacy can be sent to [email protected]. General legal questions can be sent to [email protected].