GDPR Compliance

At BlitzLogic, s. r. o. (the creator of Pushblitz), we are fully committed to protecting the privacy and rights of our users and their audiences. This page outlines our commitment to the General Data Protection Regulation (GDPR).

Our Role

Under the GDPR, Pushblitz acts primarily as a Data Processor on behalf of our customers. Our customers (website owners, agencies, and publishers) are the Data Controllers who define the purpose and means of personal data processing.

What Data We Process

We process minimal personal data necessary to provide a stable push notification service. This strictly includes randomized browser or device subscription IDs. We do not track or store personally identifiable information (PII) such as IP addresses, physical addresses, names, or individual browsing history without your explicit authorization via our API.

Security Measures

• All API keys, payloads, and communication are encrypted via HTTPS (TLS 1.2+).
• Subscriptions and analytic data are stored securely on servers located entirely within the European Union (EU).
• Strict access control management ensuring only authorized backend services can invoke messages.

Data Subjects Rights

We provide tools for Data Controllers (our customers) to easily process requests from Data Subjects, including the right to erasure ("Right to be forgotten") and the right of access. A subscriber can instantly revoke push permissions natively inside their browser, which automatically invalidates their token on our servers.