1. Purpose and PrinciplesPermalink

Password Pusher is committed to minimizing data retention periods and ensuring the secure deletion of sensitive information. Our core principle is to retain customer data for the shortest duration necessary to fulfill the service’s purpose.

The less data that Password Pusher holds, the better for everyone involved. By minimizing data retention, we reduce security risks and protect both users and organizations while maintaining Password Pusher’s commitment to data privacy and security.

Note: This policy applies to the service offered on pwpush.com. For self-hosted deployments (Pro or OSS), the same principles apply but storage locations and retention responsibilities are managed by your organization.

2. Data Storage LocationsPermalink

Password Pusher stores data in the following locations:

  • Primary database (PostgreSQL)
  • Database backups
  • Cloud storage (S3-compatible service) for file attachments

3. Retention PeriodsPermalink

3.1 Database RecordsPermalink

  • Sensitive payloads in Pushes and Requests are retained only until their expiration criteria are met (views or time-based)
  • Database backups are retained for 7 days on a rolling basis
  • User account data is retained only while the account is active

3.2 File AttachmentsPermalink

  • Stored in S3-compatible cloud storage
  • Retained only until associated Push or Request expires
  • Automatically deleted upon expiration

4. Automatic Deletion ProcessesPermalink

4.1 Push & Request ExpirationPermalink

When a Push or Request expires (either through views or time):

  • All sensitive data is immediately and permanently deleted
  • Associated file attachments are removed from cloud storage
  • No recovery of expired pushes or requests is possible

4.2 Account DeletionPermalink

Upon account deletion:

  • All associated Pushes and Requests are permanently deleted
  • All associated file attachments are removed
  • User account data is permanently erased
  • This process is immediate and irreversible

4.3 Access LogsPermalink

  • Webserver access logs are retained for 7 days
  • Logs are automatically deleted after the 7-day retention period

4.4 Database BackupsPermalink

  • Database backups are retained for 7 days
  • Backups are automatically rotated to maintain the 7-day retention window
  • Expired or deleted data that is captured in backups will be permanently removed as backups are rotated

4.5 Security MeasuresPermalink

  • All deletion processes are immediate and permanent
  • No soft deletes or recoverable trash bins are maintained
  • Deleted data cannot be retrieved or restored
  • Regular audits ensure deletion processes are functioning correctly

7. Compliance and TransparencyPermalink

We maintain this minimal retention policy to:

  • Reduce security risks
  • Protect user privacy
  • Minimize exposure of sensitive information
  • Ensure compliance with data protection regulations

8. Policy UpdatesPermalink

This policy may be updated to reflect:

  • Changes in our data handling practices
  • New regulatory requirements
  • Enhanced security measures
  • Technological improvements

Updated: