-
How to delete/cancel your Pushover account
Before proceeding, please note that for most users, Pushover has no recurring subscription fee. To use it after the free 30-day trial, a one-time in-app purchase is all that is needed to continue receiving notifications for life.
Also note that we do not automatically bill you after your trial. Prior to your 30-day trial expiring, you will receive a Pushover notification that your trial is about to end, with instructions on how to make an in-app purchase. After the 30-day trial, if you do not make an in-app purchase for a license, you will no longer receive new Pushover notifications,
-
Who runs Pushover?
Pushover is a service of Pushover, LLC (formerly Superblock, LLC), a private, independently-financed software development company based out of Chicago, Illinois.
We have been developing and supporting Pushover since March 2012 when we first released our apps to the App Store and Google Play (then called Android Market). We introduced Pushover for Desktop in April 2014.
-
Reporting a security problem or vulnerability
Please see our security page for vulnerability disclosure and other information.
-
Are messages/notifications encrypted?
We use industry-standard TLS (HTTPS) encryption for all communication in Pushover, in every step of the process between your servers and our API servers, our servers and Apple's and Google's push notification servers, those push servers to your devices, and our apps back to our servers.
Our iOS and Android apps use AES-256 message encryption with a random, per-device key automatically generated for your device upon registration. Our servers encrypt your messages before sending them through Apple's and Google's notification servers, then our apps running on your devices decrypt the messages before showing them as notifications.
Our desktop/browser app uses TLS
-
Notification storage and delivery
- A server, application, or plugin sends a message to our Messaging API over HTTPS (TLS), including its application (API) token, one or more user or group keys, and the message details such as the title, message, sound, attachment image, etc.
- Our server encrypts the message with each recipient device's specific encryption key (if encryption is supported by the device) and stores the message in our database, then responds to the API client that the message was successfully received.
- Our dispatch server communicates with the appropriate carrier push server (Google's, Apple's, or ours) over TLS and hands off the encrypted message.
-
How are my account password and other private information stored?
Pushover uses bcrypt for one-way password hashing. For device identifiers, we create a one-way hash of a stable device identifier available from the operating system together with a randomly generated identifier specific to each Pushover account. We do not use "UDIDs", advertising IDs, or other cross-app personal identifiers.
Messages are encrypted in transit through carrier notification servers as detailed in this article.
Access to our servers and databases is tightly controlled, logged, and monitored, and are only accessible through a private network.
All of Pushover's servers are located within the United States at datacenters operated by US companies.
Encrypted backups
-
Pushover Logos and Usage
We've put together some various sizes of our logo to show off your Pushover integration. Please download and host these logos on your own websites and documentation rather than hotlinking directly to these files on our site.
For libraries that encompass our API in a particular programming language, you are permitted to use the Pushover name in your project name (e.g., "php-pushover") as long as you make it clear in your documentation and source code that the library is not written or supported by Pushover. All references to our product or service should be written as Pushover with a capital