Privacy Policy
Effective 2026-05-19
dlserve collects no data on this marketing site. The dlserve service collects only what’s required to deliver push notification ads — push subscription keys, the subscriber’s IP and User-Agent at subscribe-time and on telemetry events, and per-subscriber engagement scores. Read on for the full breakdown.
About this policy
This page covers two surfaces: (1) the dlserve.ai marketing site — the four pages you’re reading right now; and (2) the dlserve service — the publisher dashboard at app.dlserve.ai, the API at api.dlserve.ai, and the JavaScript snippet embedded on participating publisher sites.
What the marketing site collects
Nothing. No cookies, no analytics, no fingerprinting, no third-party fonts. The mailto links on this site only transmit to us when you hit send in your own mail client; we never see your browser or its environment until you choose to contact us.
What the service collects
Publisher account data lives in Postgres: email, hashed password, audit-log entries documenting your actions. Retention: while the account is active and 90 days after deletion.
End-user push subscriber records consist of the W3C Push subscription endpoint URL, the cryptographic p256dh and auth keys (not personal), and the subscriber’s IP address and User-Agent captured only at subscribe-time and on telemetry events. We use this to validate clicks, bucket subscribers by browser and region, and prevent fraud. No name, no email, no profile.
Telemetry events — displayed, clicked, subscribed, unsubscribed — are written to ClickHouse for reporting. IP addresses are hashed before logging; raw IPs persist only inside the 7-day click-validation window.
Scoring data is a per-subscriber score between 0 and 1, recomputed hourly to decide when the next push should fire.
What we don’t collect
We don’t collect names of end users, their email addresses, browsing history off your site, contact lists, or payment information. We don’t run third-party trackers or join push subscribers across publishers.
Sharing
Subscriber records are never sold. The ads delivered to subscribers are sourced from a third-party demand partner; that partner sees the subscriber’s IP and User-Agent at impression time so it can serve the right ad and validate the click. It does not see the subscriber’s push endpoint, identity, or activity elsewhere on your site.
Retention summary
| Data class | Retention |
|---|---|
| Publisher account | Active + 90 days |
| Subscriber endpoint + keys | Until unsubscribed or expired |
| Subscribe-time IP/UA | 30 days |
| Telemetry events (ClickHouse) | 13 months |
| Hashed-IP logs | 30 days |
| Per-subscriber score | Until subscriber unsubscribes |
End-user rights
End users can unsubscribe at any time through the browser’s notification settings or by clicking the unsubscribe affordance in any push notification. Publishers can request deletion of subscriber rows for their property through the dashboard.
US-only scope
The service is US-only. We don’t currently process EU or UK users and make no GDPR-compliance claims. If your audience is outside the US, dlserve is not the right fit today.
Changes
We update the effective date on every change. Prior versions remain in the public git history of the repository hosting this site.
Contact
For privacy-related questions, email hello@dlserve.ai.