Privacy policy

Last updated: 2026-06-01

Plain English first, lawyer language never. This covers MobiLauncher (the launcher SaaS) and MobiLauncher Kiosk (the Android app on the Play Store).

What we collect

MobiLauncher (Free / Pro / Enterprise)

• Your account email + company name — collected at signup, used to identify your tenant and (rarely) to email you about your account.
• Your launcher config — the JSON describing what your fleet's devices show. Stored in our database keyed to your tenant.
• Your Stripe customer record — only if you upgrade to Pro or Enterprise. Stripe handles payment data; we never see your card number. We store the Stripe customer ID and subscription ID.
• Your edit token — a random secret that lets you change your config from the Portal. Stored in your browser's localStorage and on our server.
• Contact form submissions — name, email, company, fleet details you fill in if you use the "Talk to sales" form. Stored in Resend's outbound mail logs (typically 30 days) and in our inbox indefinitely.

MobiLauncher Kiosk (Android app)

• Your launcher URL — the URL you enter on first launch. Stored in the app's private SharedPreferences on the device. Never sent to us.
• Your admin PIN — the PIN you set to gate the exit gesture. Stored in the same private SharedPreferences. Never sent to us.
• Whatever the launcher itself collects — when the kiosk loads your launcher URL, it's a WebView pointed at whatever you configure. Telemetry the launcher gathers (if you've enabled it) is covered by the MobiLauncher SaaS rules above.

The kiosk app does NOT collect: location, contacts, calendar, photos, microphone, camera, device ID, advertising ID, or any analytics.

What devices send to us

When the launcher is running on a device:

• Device registration — on each boot the device registers itself so you can see your fleet in the Portal's Devices panel. We store a device record: a device-generated id, device name/model, Android version + security patch level, app version, boot count, last-seen time, the device's LAN IPv4 (when the host reports it), and the public IP + coarse city/country Cloudflare derives from the request. This record is kept while your account is active (see retention below).
• Polling for active broadcasts — every 60 seconds the device hits our /broadcasts/:tenantId endpoint to fetch any messages you've posted.
• License verification — at boot the device verifies its signed license against an embedded public key. This is entirely on-device.
• Remote config poll (Enterprise only) — periodic GET to fetch config updates.

By default we do not track which apps are launched, how often, or by whom — there's no screen-time tracking, no session replay, and no usage sold or sent to any third party.

If you (an Enterprise customer) turn on Telemetry for your own fleet, the launcher then records and sends operational events to the telemetry endpoint — by default our /telemetry/:tenantId/events endpoint, which stores them keyed to your tenant. Those events can include tile launches, profile switches, config/license errors, and — when you enable the audit log — privileged actions (admin exit gesture, PIN accepted/rejected, admin-overlay open/close). This is opt-in, scoped to your own fleet, visible only to you and us, and retained 90 days (see below). You can point telemetry at your own collector instead.

Who we share data with

• Stripe — for payment processing. Their privacy policy: https://stripe.com/privacy
• Resend — for transactional email (signup notifications, contact form, sign-in links). Their privacy policy: https://resend.com/legal/privacy-policy
• Cloudflare — hosts our website, Portal, and API. Their privacy policy: https://www.cloudflare.com/privacypolicy/

That's everyone. We don't sell, rent, or trade your data, and we don't have a "share with marketing partners" clause.

How long we keep it

• Account data — for as long as your account is active. Delete by emailing [email protected] with "delete my account."
• Device records — kept while your account is active; removed when you delete a device or your tenant.
• Telemetry + audit events — automatically deleted after 90 days.
• Stripe records — Stripe retains per their policy; we retain customer + subscription IDs as long as the account is active.
• Resend mail logs — typically 30 days at Resend.
• Cloudflare access logs — Cloudflare's default retention (typically 7 days).
• Sign-in links + sessions, and abuse rate-limit logs — short-lived; expired entries are pruned automatically (sessions within ~30 days, rate-limit/IP logs within a day).
• Contact form leads — indefinitely in our email; ask us to delete a specific lead and we will.

Your rights

• Access — email us and we'll send you everything we have on you.
• Deletion — email us and we'll wipe your account + tenant + all associated configs / licenses / broadcasts.
• Correction — fix it in the Portal yourself, or email us.
• Export — your config is downloadable as JSON from the Portal bundle download. License blobs are downloadable too. Email us for anything else.

Contact

[email protected] — questions, deletion requests, complaints. We answer within one business day.

Changes

If we change this, we'll bump the "Last updated" date at the top and note material changes in our release notes. We don't email customers about every wording tweak; substantive changes (new data we collect, new third parties we share with) get a heads-up.