Spokes is currently in Early Release!

Spokes Logo Spokes

Privacy Policy

Last updated: May 5, 2026

1. Introduction

Because Spokes is a self-hosted platform, we do not have access to your data, your messages, or your users. The core value of Spokes is absolute privacy and data sovereignty. Everything runs on your own infrastructure.

2. Mobile Applications (iOS & Android)

Our mobile applications act solely as clients connecting directly to your self-hosted server. The applications:

  • Do not collect analytics, tracking data, or crash reports.
  • Do not share your personal information with third parties.
  • Route push notifications through Apple (APNs) and Google (FCM) using end-to-end encryption. Your notification content cannot be read by us, Apple, or Google.

Because we do not collect or store your account data, any requests for account deletion or data removal must be handled directly by your server administrator.

3. Server Telemetry and Licensing

Spokes license activation is completely offline. Your license cannot be remotely revoked and will always work for the version of the software you purchased. To understand broad usage trends and monitor for public license leaks, the Spokes server communicates with our central dashboard via two distinct, heavily encrypted streams:

  • License Monitoring: When utilizing the free Spokes Push Relay for mobile notifications, your server securely attaches its unique Server ID and license details to outgoing push requests. This data is stripped by the relay and forwarded to our dashboard to provide visibility into license sharing abuse. If a license is leaked and shared egregiously, the owner will be contacted, and the license may be added to a hardcoded blacklist in future software updates.
  • Usage Statistics: Periodically, your server sends an anonymous ping containing your server's operating system, Spokes edition, server version, and total active users.

Zero-Knowledge Architecture: All telemetry is secured using hybrid AES-GCM and RSA encryption before leaving your server. This guarantees that only our secure Admin Dashboard can decrypt the data. Middlemen, including our own Push Relay, cannot read your telemetry or license information.

This data contains no Personally Identifiable Information (PII) and cannot be used to read your messages or identify individual users. While License Monitoring is required to use the free Push Relay, you may completely opt out of sending Usage Statistics via your server's Admin Dashboard.

4. Website and Purchases

When you purchase a Spokes license on our website, payment processing is handled securely by LemonSqueezy, our official Merchant of Record. We do not store your credit card information. We retain your email address solely for the purpose of delivering your license file and providing customer support.

5. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@spokes.sh.