Privacy Policy

Last updated: March 4, 2026

1. Introduction

Aberkane Software House FZ-LLC (“Company”, “we”, “us”, or “our”) operates the PassFast platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our APIs, dashboard, SDKs, and website.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, company name, phone number, and password.

2.2 Organization Data

We collect information about your organization, including organization name, member details, roles, and invitation records.

2.3 Pass Data

We process and store data you provide for wallet pass generation, including template configurations, pass content (text fields, barcodes, images), serial numbers, and dynamic data. This may include personal data of your end users that you submit through the API.

2.4 Certificates and Credentials

We store Apple Developer certificates you upload for pass signing. Certificates are encrypted at rest using AES-256-GCM encryption.

2.5 Usage and Log Data

We automatically collect information about your use of the Service, including API requests, IP addresses, browser type, device information, and timestamps.

2.6 Device Registration Data

When end users add passes to Apple Wallet, Apple’s web service protocol transmits device tokens and push tokens to enable pass updates. We store this data to deliver push notifications for pass updates.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process and fulfill pass generation requests.
  • Deliver push notifications for pass updates.
  • Send webhook notifications to your configured endpoints.
  • Manage your account, organization, and member access.
  • Communicate with you about the Service, including support and updates.
  • Monitor and analyze usage to improve the Service.
  • Detect, prevent, and address technical issues and security threats.
  • Comply with legal obligations.

4. Data Processing Role

With respect to pass data containing personal information of your end users:

  • You are the Data Controller — you determine the purposes and means of processing your end users’ personal data.
  • We are the Data Processor — we process such data solely on your behalf and according to your instructions through the Service.

You are responsible for ensuring you have the necessary legal basis to collect and process your end users’ personal data through the Service.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service Providers: Third-party services that help us operate the Service, including Supabase (database and authentication), Resend (email delivery), and Apple (pass distribution and push notifications).
  • Legal Requirements: When required by law, legal process, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • With Your Consent: When you direct us to share information with third parties through webhook configurations or API integrations.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • AES-256-GCM encryption for certificates at rest.
  • Bcrypt hashing for API key verification.
  • TLS encryption for all data in transit.
  • Role-based access control for organization data.
  • HMAC-SHA256 signed webhook payloads.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination:

  • Account and organization data is retained for up to 30 days before deletion.
  • Pass data and certificates are deleted upon request or after the retention period.
  • Log data may be retained for up to 90 days for security and debugging purposes.
  • We may retain certain data as required by law.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request a copy of your data in a portable format.
  • Objection: Object to certain processing of your personal data.
  • Restriction: Request restriction of processing your personal data.

To exercise these rights, contact us at support@aberkane.io.

9. Cookies

We use essential cookies and local storage for authentication sessions and user preferences (such as active organization selection). We do not use third-party tracking cookies or advertising cookies.

10. International Data Transfers

The Service is hosted on infrastructure that may process data in various locations. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

11. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

Aberkane Software House FZ-LLC
Email: support@aberkane.io