Privacy Policy

This Privacy Policy explains what information PulsePanel collects, how it is used, and the choices you have. It is written in plain English on purpose — privacy policies should be readable, not legalese.

If you have questions about anything below, email support@pulsepanelapp.com.

Who this policy covers

This policy applies to:

• The PulsePanel iOS application, distributed through the Apple App Store.
• The PulseConnect plugin, distributed for free for use on Minecraft servers operated by you or your team.
• The PulseRelay notification service operated at push.pulsepanelapp.com.

In this policy, “we,” “us,” and “our” refer to the operators of PulsePanel. “You” refers to the person using the app.

The short version

What information is involved, and where it lives

PulsePanel has three components, and each handles data differently. The clearest way to explain it is to walk through each one.

1. The PulsePanel iOS app (on your device)

The app stores the following on your iPhone or iPad. None of this is transmitted to us:

• Server connection details — hostname, port, and TLS preference for each Minecraft server you connect to. Stored in the app’s local preferences.
• Authentication tokens (JWTs) — issued by your Minecraft server’s PulseConnect plugin when you log in. Stored in the iOS Keychain, which is encrypted by the operating system.
• App preferences — UI settings, notification preferences, recently viewed items, and similar interface state.
• Cached data from your server — recently viewed players, ticket lists, console output, and other operational data fetched from your Minecraft server while the app is in use. This is held in memory and on disk to make the app responsive, and is associated only with the server it came from.

You can erase all of this at any time by signing out, deleting individual server connections, or uninstalling the app.

2. The PulseConnect plugin (on your Minecraft server)

The PulseConnect plugin runs on a Minecraft server that you operate. It is not hosted by us. The plugin stores its data in a local SQLite database and configuration files on your server. This data includes:

• Administrative user accounts you create
• Authentication tokens issued to those accounts
• Tickets, audit logs, and session history
• Device tokens for any devices that have registered to receive push notifications from your server

Because the plugin runs on your hardware, we have no access to this data. It is governed by your own server’s operational practices, not by this policy. If you operate a server that other people use, you are the controller of their data on that server.

3. The PulseRelay notification service (operated by us)

When your Minecraft server needs to deliver a push notification to a phone, it sends an HTTPS request to our notification relay at push.pulsepanelapp.com. The relay’s only job is to forward that notification to Apple’s Push Notification service, which then delivers it to the device.

Here is exactly what happens:

1. The plugin sends a request containing a device token and the notification contents (title, body, and metadata such as the relevant ticket or player name).
2. The relay verifies the request, signs it with our Apple authentication key, and forwards it to Apple over HTTP/2.
3. Apple delivers the notification to the device.
4. The relay receives Apple’s success or failure response and passes it back to the plugin.

The relay does not write any of this to a database. It does not write the device token, the notification contents, the source server, or your IP address to any log file we maintain. The data exists in the relay’s memory only for the milliseconds required to forward it, then is discarded.

The only persistent items on the relay server are:

• Our Apple Push Notification authentication key, which is our own credential and contains no user data.
• Standard operating system service logs (e.g., service start and stop times). These do not contain user data.

What our hosting and delivery providers may see

We use third-party infrastructure to operate the relay and deliver notifications. These providers operate their own services under their own privacy policies, and we cannot control their internal logging:

• DigitalOcean hosts the relay server. As is standard for any internet host, network metadata associated with connections to our relay (such as source IP addresses) may be processed by their infrastructure.
• Cloudflare provides DNS for our domain, and may process DNS query metadata.
• Apple Push Notification service delivers notifications. Apple processes the device token and notification payload as part of delivery. See Apple’s privacy policy for details.

We do not enrich, retain, or correlate any of this metadata ourselves.

What we do not collect

To be unambiguous about what is not happening:

• We do not have analytics SDKs, advertising SDKs, crash reporting services, or any other third-party data collection tools embedded in the PulsePanel app.
• We do not track your usage of the app.
• We do not have user accounts on our infrastructure. There is no “PulsePanel account.” Your account exists only on your own Minecraft server.
• We do not receive copies of your players’ chat messages, server console output, file contents, ticket contents, or any other operational data from your server. That data is exchanged directly between the app and your server, with no intermediary.
• We do not collect device identifiers, advertising identifiers, location data, contacts, photos, or any other device-level data.

Children’s privacy

PulsePanel is a server administration tool intended for adults who operate Minecraft servers. It is not directed at children under 13, and we do not knowingly collect any information from children. If you believe a child has somehow used the app in a way that resulted in data being sent to us, contact us and we will investigate.

Security

• All network traffic to our relay is encrypted in transit using TLS, with certificates issued by Let’s Encrypt and renewed automatically.
• The Apple authentication key on the relay is stored with restrictive file system permissions and is readable only by the service account that operates the relay.
• The relay process runs as a non-administrative user.
• Authentication between the plugin and the relay uses a shared secret that you control.

No system is perfectly secure, but the relay is designed to minimize what could be exposed even in a worst-case scenario: there is no user database to breach, no stored tokens to leak, and no archived notifications to compromise.

Your rights and choices

Because the data that exists about you lives almost entirely on your own device and your own server, the controls are also there:

• Stop using the app: deleting PulsePanel removes all locally stored data, including authentication tokens and cached server data.
• Disable push notifications: turn them off in iOS Settings, or remove your device’s registration from your Minecraft server’s PulseConnect dashboard.
• Remove a server connection: delete it from the app to clear its credentials and cached data from your device.
• Erase server-side data: contact the operator of the Minecraft server you use, since they control that data.

If you are in a jurisdiction that grants additional privacy rights (such as the EU’s GDPR, the UK GDPR, or California’s CCPA), those rights apply where applicable. Because we do not maintain user accounts or databases that contain your information, requests to access or delete data from our infrastructure will generally have nothing to act on, but we will respond honestly and direct you to the appropriate party (typically the operator of your Minecraft server) if data exists elsewhere.

Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top and, where appropriate, surface the change in the app. Routine clarifications and editorial improvements may be made without notice.

Contact

Questions, concerns, or requests can be sent to:

We read every email, and we will respond within a reasonable time.