NotiSync ← Back to home

Privacy Policy

Last updated: June 29, 2026 · Applies to the NotiSync Android app (net.extrawdw.apps.notisync), NotiSync iOS app (net.extrawdw.apps.NotiSync), and this website.

The short version

  • Your notifications are end-to-end encrypted. Titles, message text, source apps, sender names, conversation details, and images are sealed on the sending device and can only be opened by your trusted receiving devices.
  • The iOS app displays trusted-device notifications. It receives encrypted NotiSync pushes through APNs, decrypts them on your iPhone or iPad, and does not read unrelated notifications already on that iOS device.
  • The Android iPhone bridge is optional. If you pair an iPhone to the Android app over Bluetooth ANCS, NotiSync only mirrors the iPhone apps you turn on after they are discovered.
  • iPhone app icons may be fetched from Apple. For iOS-origin notifications, NotiSync may request public App Store artwork through Apple's iTunes Lookup API using the iOS app's bundle ID. Notification text is not sent to Apple for icon lookup.
  • There is no account. No sign-up, no email, no password. We don't build a profile about you.
  • The relay server cannot read your notification details. It forwards encrypted bodies/assets and the minimum device-routing information needed to deliver them through FCM, APNs, WebSocket, or relay fetch.
  • We don't sell your data and there are no advertising or analytics trackers in the app.

1. Who we are

NotiSync ("the app", "we", "us") is developed and operated by Extrawdw. NotiSync mirrors notifications from the apps you choose to your other trusted devices. The Android app can capture local Android notifications and can optionally bridge notifications from a paired iPhone over Bluetooth ANCS. The iOS app receives and displays encrypted mirrored notifications from trusted devices, syncs dismissals, and helps manage trusted devices and notification filters. This policy explains what information the apps, this website, and our relay server handle, and why.

If you have any questions, contact us at privacy@extrawdw.net.

2. How NotiSync is built (and why it matters for privacy)

NotiSync follows a "clients are authoritative, the server is just a courier" design. Your devices hold the encryption keys and decide which other devices they trust. The relay server forwards encrypted messages and coordinates push delivery, but it is not able to decrypt notification content or the private notification details carried with it, such as source app, iOS bundle ID, iPhone origin, channel, conversation, and sender fields.

Notification bodies are encrypted on the sending device specifically for your receiving devices. The encryption keys are generated on your devices and are not shared with us. On iOS, the app and its Notification Service Extension decrypt NotiSync notifications locally before showing them.

When the optional iPhone bridge is enabled in the Android app, your Android device acts as the bridge: it pairs with your iPhone over Bluetooth, receives ANCS notification attributes from iOS, and then either shows those notifications locally or sends selected ones through the same end-to-end-encrypted NotiSync pipeline.

3. Information the app processes

a. Notification content

On Android, NotiSync reads notifications posted on your device using Android's notification listener access, which you grant explicitly. This can include the app name/package, notification title and text, channel or conversation names, message sender names, conversation/messaging details, and attached images.

If you enable the iPhone bridge, your Android device can pair with your iPhone over Bluetooth ANCS and receive iOS notification attributes. This can include the iOS app bundle ID and display name, notification title, subtitle, message text, notification date, category, and event state such as added or removed.

On iOS, NotiSync receives NotiSync messages sent by your trusted devices. Those messages may contain the source app, app label/package or iOS bundle ID, notification title, body, subtitle, channel or conversation details, sender names, device-origin details, and encrypted private assets such as icons, avatars, or images. The iOS app does not read unrelated notifications that are already on your iPhone or iPad.

Before any notification details are sent through NotiSync to another trusted device, they are encrypted on the sending device and are only ever decrypted on your trusted receiving devices. We never receive them in readable form, and we do not store plaintext notification content or private notification metadata on the server.

b. Your app selections

You choose which installed Android apps are mirrored. To show you a list, the app reads the labels and icons of apps on your device. Your selections and settings are stored locally on your device. When an enabled app posts a mirrored notification, the source app name/package is included only inside the end-to-end-encrypted notification body.

For the iPhone bridge, iOS does not provide a full app list in advance. NotiSync records iPhone apps as they post notifications over ANCS, then lets you turn mirroring on for the iPhone apps you choose. The discovered iOS bundle IDs, display names, last-seen times, and your per-app choices are stored locally on your Android device.

On iOS, NotiSync stores your display/filter choices for trusted source devices, apps, and Android notification channels. These choices are stored locally and may be sent end-to-end encrypted to the trusted source device so that it can stop or resume sending matching notifications to your iOS device. The relay server cannot read these filter rules.

c. iPhone app icons and Apple lookup

To show recognizable icons for iOS-origin notifications, NotiSync may fetch public app artwork from Apple's App Store / iTunes Lookup API and artwork CDN. The lookup uses the iOS app's bundle ID, and it does not send notification titles, messages, senders, or images to Apple. The returned public icon artwork is cached locally on your device.

For Android-origin notifications displayed on iOS, NotiSync may fetch the encrypted private launcher icon or image asset from the relay server, decrypt it locally, verify its hash, and cache it locally. Some common icons are bundled with the app or drawn as generic placeholders.

d. Device identity and pairing data

Each installation has a cryptographic identity. We use:

Your private keys never leave your device. On Android, private keys are stored in the Android Keystore. On iOS, signing keys are stored in the Secure Enclave or Keychain where available, and encryption keys needed by the Notification Service Extension are stored in the iOS Keychain access group for the app. We do not receive your private keys.

If you use the iPhone bridge, Android's Bluetooth and Companion Device pairing systems handle the local association with your iPhone. NotiSync may keep the paired iPhone's display name and a hashed, internal origin identifier so bridged iPhone notifications can be grouped and dismissed correctly. That iPhone origin information is not sent to the relay server in readable form.

On iOS, QR pairing uses the camera only while the scanner is open. You can also paste or open a pairing link. Pairing material contains public keys, your chosen device name, and verification information; it does not contain private keys. If you start Experience Mode, your pairing link is sent to the relay server so a demo peer can be connected.

e. Push delivery tokens and routing

To wake your devices when a notification arrives, NotiSync uses platform push services: Firebase Cloud Messaging (FCM) on Android and Apple Push Notification service (APNs) on iOS. This requires a push token issued by Google or Apple for your device, which is relayed through our server as a signed "route claim" so messages can be delivered.

To route a message, the server necessarily sees limited delivery metadata such as sender and destination client IDs, message IDs, message type, route identifiers, APNs or FCM route tokens, delivery urgency, approximate timing, ciphertext size, and random private-asset IDs. It does not see the source app, package name, notification title or text, channel/conversation names, message sender names, plaintext image hashes, or asset decryption keys.

f. Local inbox, activity, and diagnostics

The app may keep a bounded local inbox of mirrored notifications, a bounded activity log, pending relay acknowledgements, notification filters, trusted-device records, and display maps used for dismissal sync. On iOS, these are stored with SwiftData, the app group container, and the Keychain as appropriate so the main app and Notification Service Extension can work together.

The app shows you connection and permission status, and an optional advanced view (client ID, key backing, transport, key-rotation status). These diagnostics are displayed on your device and are not collected by us.

g. Website visits

This website is a static GitHub Pages site. It does not set tracking cookies and does not include advertising or analytics scripts. Hosting and network providers may process standard request information such as IP address, user agent, requested URL, and time of request to deliver and protect the site.

4. What the relay server can and cannot see

The server cannot readThe server does handle (to deliver messages)
Source app names/packages · iOS bundle IDs and iPhone origin names · notification titles & text · channel and conversation names · sender and contact names · conversation content · notification-filter rules · plaintext image hashes and keys · large icons, contact photos, and images · any private notification details Encrypted message and asset blobs · sender and destination client IDs · message IDs/type/timing · route identifiers and FCM/APNs push tokens · delivery urgency · random asset IDs and ciphertext sizes · public key-epoch records · app-integrity verification state · short-lived delivery state

Encrypted notification bodies are end-to-end protected with HPKE (X25519) key encapsulation and AES-256-GCM, and authenticated with ECDSA P-256 signatures. The server holds ciphertext and delivery metadata, not notification metadata like app names, iOS bundle IDs, iPhone names, filter rules, or conversation participants.

5. Permissions the app requests, and why

Android

iOS

6. Third-party services

NotiSync relies on a small number of services to function:

NotiSync does not include third-party advertising SDKs, Firebase Analytics, or Crashlytics.

Advanced users may configure NotiSync to use a self-hosted relay server instead of ours. In that case, the delivery metadata described above is handled by the server you choose, under that operator's control.

7. Data retention

8. How your information is shared

We do not sell your personal information and we do not share it for advertising. Information is only ever transmitted to:

We may disclose information if required by law, but the server holds only encrypted notification bodies/assets, public key material, route claims, app-integrity state, and limited delivery metadata — it cannot produce notification content, source apps, iOS bundle IDs, iPhone names, filter rules, or conversation sender details.

9. Security

NotiSync is designed around strong, modern cryptography:

No system is perfectly secure, but the architecture is built so that a compromise of the relay server does not expose your notification content or private notification metadata.

10. Your choices and control

11. Children

NotiSync is not directed to children and is not intended for use by anyone under the age of 13 (or the minimum age required in your country). We do not knowingly collect personal information from children.

12. International users

NotiSync can be used worldwide. Encrypted messages, delivery metadata, and app-icon lookup requests may be processed by service providers (such as Google, Apple, and Cloudflare) located in various countries. Notification content and private notification metadata remain end-to-end encrypted throughout.

13. Changes to this policy

We may update this policy as the app evolves. When we make material changes, we will update the "Last updated" date above and, where appropriate, note the change in the app or on this site. Continued use of NotiSync after an update means you accept the revised policy.

14. Contact

Questions, concerns, or requests about your privacy? Email us at privacy@extrawdw.net.