← Back to pwa.sh

Privacy Policy

Last updated June 2026

This Privacy Policy explains what pwa.sh collects and how we use it. It covers our customers (account holders). For end-users of PWAs that customers operate, the customer is the data controller and pwa.sh acts as a processor on their behalf.

What we collect

  • Account data: email, password hash, and (optionally) Telegram handle and 2FA settings.
  • Billing data: prepaid balance, ledger entries, and on-chain transaction references (we are non-custodial — we never hold your keys).
  • Usage data: the PWAs, domains, campaigns and settings you create, plus logs needed to operate and secure the Service.
  • Analytics events from your PWAs (install, open, click, conversion, with denormalized geo/source/device) — processed on your behalf to power your statistics.

How we use it

  • To provide, bill, support and secure the Service.
  • To detect and prevent abuse, fraud and policy violations.
  • To communicate with you (transactional emails such as verification and password reset).

Sharing & sub-processors

We share data only as needed to run the Service, including: Cloudflare (DNS/CDN/edge), domain registrars (e.g. NameSilo) for registrations, and Resend for transactional email. Blockchain payments are recorded on public ledgers.

Retention & security

We retain data while your account is active and as required for legal, accounting and security purposes, then delete or anonymize it. We use industry-standard measures (encryption in transit, hashed secrets, access controls); no system is perfectly secure.

Your choices

You may access or delete your account data, subject to legal/accounting retention. Requests: [email protected].