Privacy Policy

Created on 13 September, 2025Documents • 27 views โ€ข 2 minutes read

We respect your right to privacy and are committed to protecting the personal data you trust us with. On this page, you will find detailed information about what data we collect, for what purposes, and how it is used, stored, and protected.

Awush Privacy Policy

Last updated: September 13, 2025

1. Introduction

This Privacy Policy (hereinafter referred to as the \"Policy\") governs the collection, use, storage, protection, and processing of personal data in connection with the provision of services by Awush (hereinafter referred to as \"service\", \"we\", \"our\", \"Awush\"), available at https://awush.com .

Data Controller: Awush

Email: support@awush.com

This Policy applies to all users of the service, including:

  1. Clients (platform users) โ€” website owners using Awush to send web push notifications.
  2. Subscribers (end users) โ€” visitors to clients\' websites who have subscribed to notifications via the Awush widget.

We strive to ensure a high level of personal data protection and comply with applicable legislation, including:

  1. Federal Law of the Russian Federation No. 152-FZ \"On Personal Data\";
  2. General Data Protection Regulation of the European Union (GDPR);
  3. California Consumer Privacy Act (CCPA);
  4. Other applicable regulations.

By using our service, you confirm that you have read this Policy and give your consent to the processing of personal data in accordance with the specified conditions.

2. Service Definition

Awush is a cloud-based SaaS platform designed to automate subscription collection and web push notification delivery. Clients install the Awush JavaScript widget on their websites, which allows visitors to subscribe to notifications. After that, clients can create and send messages to their subscribers through the personal dashboard at awush.com.

Important:

  1. The client (website owner) is the independent data controller of their subscribers\' personal data.
  2. Awush acts as a data processor and operates strictly within the client\'s instructions.
  3. We are not the owner of the content sent by clients and do not control it. The client is solely responsible for the content of the notifications.

3. Categories of Collected Data

3.1. Client Data (Account Owners)

We collect the following information upon registration and service usage:

  1. First and last name (if provided);
  2. Email address;
  3. Login credentials (username, password);
  4. Payment information (card numbers are not stored โ€” processed via third-party payment gateways);
  5. IP address and browser data (for security and fraud prevention);
  6. Information about actions in the personal dashboard (notification history, settings);
  7. Client\'s website domain;
  8. Registration and activity dates.

3.2. Subscriber Data (End Users)

When a visitor to a client\'s website subscribes to notifications via the Awush widget, we collect:

  1. Push token โ€” a unique identifier assigned by the browser;
  2. Subscription date and time;
  3. Browser language;
  4. Time zone;
  5. Country of origin (determined by IP address);
  6. Device type (phone/computer/tablet);
  7. Browser and operating system;
  8. Notification interaction data (display, click, open);
  9. Campaign source (if specified).

Important: Awush does not collect or store names, email addresses, phone numbers, or other direct personal data of subscribers unless the client explicitly provides such information separately (e.g., via import). The push token is an anonymous identifier linked to the browser and cannot identify a person without additional data.

4. Purposes and Legal Bases for Data Processing

Personal data processing is carried out exclusively for lawful, fair, and transparent purposes.

4.1. Purposes of Processing

  1. Provision and operation of the service;
  2. Delivery of web push notifications to subscribers;
  3. Technical support and troubleshooting;
  4. Platform security;
  5. Payment processing;
  6. Analytics and service improvement;
  7. Communication with clients (informational and marketing emails, with consent);
  8. Fulfillment of legal obligations.

4.2. Legal Bases

  1. Contract performance โ€” to provide services to clients.
  2. Consent โ€” from subscribers (via browser prompt) and from clients (upon registration).
  3. Legitimate interests โ€” ensuring security, preventing fraud, improving the service.
  4. Legal obligations โ€” data retention, reporting.
  5. Vital interests โ€” in exceptional cases.

5. Consent Mechanism

For Subscribers:

  1. Subscription is activated only after an explicit user action โ€” clicking \"Allow\" in the browser notification.
  2. We do not use pre-checked boxes or hidden consent methods.
  3. The client is obligated to inform visitors of their website about the purposes of data collection and provide a link to the privacy policy (this one or their own).

For Clients:

  1. Upon registration at awush.com, the user confirms agreement with this Privacy Policy and Terms of Service.
  2. Consent can be withdrawn at any time via account settings or by contacting support.

6. Data Retention Period

  1. Client data: Stored for the entire duration of the account. After deletion โ€” retained for 90 days for backup purposes, then permanently deleted.
  2. Subscriber data: Stored until unsubscribed or deleted by the client. Inactive subscribers (no interaction for 24 months) are automatically removed.
  3. Logs and metrics: Retained for up to 12 months for audit and security analysis.

7. Data Sharing with Third Parties

We use trusted service providers who process data on our behalf under GDPR-compliant contracts (Article 28). Key partners include:

Timeweb - Hosting and infrastructure

ISPmanager - Server management

Cloudflare - DDoS protection, CDN, DNS

Yoomoney - Payment processing in Russia

All data transfers to countries with different protection levels are based on Standard Contractual Clauses (SCCs) approved by the European Commission or under local legislation.

8. International Data Transfers

Personal data may be processed outside your country of residence. We ensure adequate protection during transfer by using:

  1. SCCs (Standard Contractual Clauses);
  2. Data encryption in transit (TLS 1.3);
  3. Compliance with local legal requirements.

9. Data Security

We implement a comprehensive set of measures to protect data:

  1. Encryption in transit (HTTPS, TLS 1.3) and at rest (AES-256);
  2. Passwords stored in hashed form;
  3. Two-factor authentication (2FA) โ€” optional;
  4. Regular penetration testing;
  5. Access control based on minimum privilege principle;
  6. Encrypted backups;
  7. Suspicious activity monitoring.

In the event of a data breach, we will notify affected individuals and authorized authorities within 72 hours.

10. Data Subject Rights

You have the right to:

  1. Access your data;
  2. Correct inaccurate information;
  3. Delete your data;
  4. Restrict processing;
  5. Data portability;
  6. Withdraw consent;
  7. Object to processing.

Important:

  1. Clients can exercise their rights by contacting support@awush.com .
  2. Subscribers must contact the website owner through which the subscription was made. Awush only processes data based on client instructions.

We will respond to requests within 30 days. Responses may be delayed or denied in cases permitted by law (e.g., necessity of data retention for accounting purposes).

11. Cookies and Tracking

Our website awush.com uses cookies for:

  1. Authentication in the personal dashboard;
  2. Analytics (e.g., traffic analysis);
  3. Functional support (e.g., saving settings).

You can manage cookies through your browser settings. Disabling functional cookies may affect service operation.

12. Policy Updates

We may update this Policy from time to time. The latest update date is indicated at the beginning of the document. Continued use of the service constitutes your acceptance of the updated policy.

13. Contact Information

For questions regarding personal data processing, please contact:

Email: support@awush.com