← Back to homepage

Privacy Policy

Effective date: April 2, 2026

Polish version: Polityka prywatności (polski)

1. Data Controller

The data controller is: Bogusław Krawczyk, ul. Paradna 43B/7, 93-345 Łódź, Poland

Tax ID (NIP): 7712582976

Contact for data-related inquiries: privacy@notifly.space

2. What is Notifly.Space

Notifly.Space is a platform that enables businesses to send push notifications to end users via a mobile application. Users join communication channels by scanning QR codes — without registration or providing any personal data (such as name, surname or phone number).

3. Data We Collect

3.1. End Users (Notification Recipients)

We do not require registration. We only collect technical data necessary to provide the service:

  • FCM Token (Firebase Cloud Messaging) — a unique device identifier assigned by Google, required to deliver notifications
  • Subscribed channel identifiers — information about which channels the user has chosen to follow
  • Basic device data — operating system type (iOS/Android) and app version (to ensure technical compatibility)

3.2. Platform Clients (Businesses and Developers)

When creating a client account, we collect:

  • Email address
  • Password (stored in encrypted form — hashed)
  • Company or project name
  • Billing data (including tax ID, registered address) — required for invoicing

4. Purpose and Legal Basis for Processing

We process data for the following purposes:

  • Providing the notification service (Art. 6(1)(a) GDPR) — based on end user consent, expressed by voluntarily scanning a QR code and subscribing to a channel
  • Performance of a contract (Art. 6(1)(b) GDPR) — to maintain client accounts, provide access to the admin panel, and process billing
  • Compliance with legal obligations (Art. 6(1)(c) GDPR) — for maintaining accounting and tax documentation
  • Legitimate interest (Art. 6(1)(f) GDPR) — ensuring platform security, preventing abuse, and generating anonymous statistics

5. Third-Party Services and Data Transfers

To ensure proper operation of the service, we use the following third-party providers:

  • Google Firebase (Google Ireland Ltd.) — for delivering push notifications.
  • Stripe (Stripe Payments Europe Ltd.) — for processing payments and billing data.

Data transfers outside the EEA: Due to the use of Google and Stripe services, your data may be transferred to third countries (e.g. the USA). These entities ensure an adequate level of data protection through the use of Standard Contractual Clauses approved by the European Commission and other GDPR compliance mechanisms.

6. Data Retention Period

  • FCM tokens and subscriptions — retained until the user unsubscribes from a channel, clears app data in device settings, or uninstalls the app
  • Client data — retained for the duration of service use and up to 30 days after account closure (unless legal requirements mandate longer retention)
  • Accounting data (invoices) — retained for 5 years from the end of the calendar year in which the tax payment was due (in accordance with Polish law)

7. Rights of the Data Subject

Under the GDPR, you have the following rights:

  • Right of access to your data and to receive a copy
  • Right to rectification (correction) of your data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal)

Right to lodge a complaint with a supervisory authority: If you believe we are processing your data unlawfully, you may file a complaint with the President of the Personal Data Protection Office (UODO) in Warsaw, Poland.

To exercise your rights, please contact us at: privacy@notifly.space

8. Opting Out of Notifications (End Users)

You can stop receiving notifications at any time by:

  • Removing a channel subscription directly within the app
  • Disabling notifications for the Notifly app in your device's system settings
  • Uninstalling the app (this causes the FCM token to expire on Google's servers)

9. Cookies and Tracking Technologies

Our website and client dashboard may use essential cookies to maintain logged-in user sessions and ensure security. We do not use cookies to track your activity for advertising purposes without your explicit consent.

10. Security

We employ modern technical measures to protect your data:

  • Connection encryption using the SSL/TLS protocol
  • Password storage using secure hashing functions
  • Restricted physical and system access to servers

11. Changes to This Privacy Policy

We reserve the right to modify this policy. We will notify you of significant updates via an in-app message or push notification.

Contact