MobiLauncher

Privacy policy

Last updated: 2026-05-16

Plain English first, lawyer language never. This covers MobiLauncher (the launcher SaaS) and MobiLauncher Kiosk (the Android app on the Play Store).

What we collect

MobiLauncher (Free / Pro / Enterprise)

  • Your account email + company name — collected at signup, used to identify your tenant and (rarely) to email you about your account.
  • Your launcher config — the JSON describing what your fleet's devices show. Stored in our database keyed to your tenant.
  • Your Stripe customer record — only if you upgrade to Pro or Enterprise. Stripe handles payment data; we never see your card number. We store the Stripe customer ID and subscription ID.
  • Your edit token — a random secret that lets you change your config from the Portal. Stored in your browser's localStorage and on our server.
  • Contact form submissions — name, email, company, fleet details you fill in if you use the "Talk to sales" form. Stored in Resend's outbound mail logs (typically 30 days) and in our inbox indefinitely.

MobiLauncher Kiosk (Android app)

  • Your launcher URL — the URL you enter on first launch. Stored in the app's private SharedPreferences on the device. Never sent to us.
  • Your admin PIN — the PIN you set to gate the exit gesture. Stored in the same private SharedPreferences. Never sent to us.
  • Whatever the launcher itself collects — when the kiosk loads your launcher URL, it's a WebView pointed at whatever you configure. Telemetry the launcher gathers (if you've enabled it) is covered by the MobiLauncher SaaS rules above.

The kiosk app does NOT collect: location, contacts, calendar, photos, microphone, camera, device ID, advertising ID, or any analytics.

What devices send to us

When the launcher is running on a device:

  • Polling for active broadcasts — every 60 seconds the device hits our /broadcasts/:tenantId endpoint to fetch any messages you've posted. The IP address shows up in our access logs (Cloudflare, typically rotated within 30 days).
  • License verification — at boot, the device verifies its signed license file. This is entirely on-device; nothing is sent to us during verification.
  • Remote config poll (Enterprise only) — periodic GET to fetch config updates. Same access-log footprint as broadcasts.

We do not track which apps are launched, how often, or by whom. We don't track screen time. We don't have a session-replay tool. We don't send aggregated usage to any third party.

Who we share data with

That's everyone. We don't sell, rent, or trade your data, and we don't have a "share with marketing partners" clause.

How long we keep it

  • Account data — for as long as your account is active. Delete by emailing [email protected] with "delete my account."
  • Stripe records — Stripe retains per their policy; we retain customer + subscription IDs as long as the account is active.
  • Resend mail logs — typically 30 days at Resend.
  • Cloudflare access logs — Cloudflare's default retention (typically 7 days).
  • Contact form leads — indefinitely in our email; ask us to delete a specific lead and we will.

Your rights

  • Access — email us and we'll send you everything we have on you.
  • Deletion — email us and we'll wipe your account + tenant + all associated configs / licenses / broadcasts.
  • Correction — fix it in the Portal yourself, or email us.
  • Export — your config is downloadable as JSON from the Portal bundle download. License blobs are downloadable too. Email us for anything else.

Contact

[email protected] — questions, deletion requests, complaints. We answer within one business day.

Changes

If we change this, we'll bump the "Last updated" date at the top and note material changes in our release notes. We don't email customers about every wording tweak; substantive changes (new data we collect, new third parties we share with) get a heads-up.