Marckoy Industries LLC ("we", "us", "our") operates the PassThru platform (passthru.dev). This policy describes how we collect, use, and protect your information.
When you create a PassThru account, we collect:
We generate a unique API key for your account. We store only a SHA-256 hash of this key — we cannot retrieve your raw API key after initial issuance.
When you create passes through our API, we store pass content (fields, descriptions, colors, barcode data), serial numbers, and pass metadata.
Important: You control what data you include in your passes. We do not require or request end-user personal information. If you include personal data in pass fields, you are the data controller for that information.
When an end-user adds a pass to Apple Wallet, Apple's protocol sends us a device library identifier and a push token. We do not receive the end-user's name, email, phone number, Apple ID, or any other personal information through this process.
We collect aggregated, non-identifying usage metrics: number of passes created, API call counts, and error rates.
We use collected information to:
We do not sell your data, use it for advertising, share pass data between tenants, or access the content of your passes except as needed to provide the service.
All data is stored in Microsoft Azure (East US region):
See our Security White Paper for full technical details.
We share data only with the following service providers:
| Third Party | Purpose |
|---|---|
| Microsoft Azure | Infrastructure hosting |
| Apple (APNs) | Push notifications to devices |
| Stripe | Payment processing |
| Firebase/Google | Authentication |
| Cloudflare | Bot protection (Turnstile) |
We do not share, sell, or rent your data to any other parties.
| Data Type | Retention Period |
|---|---|
| Tenant account data | Until you delete your account |
| Pass data | Until you delete the pass or your account |
| Device registrations | Until the device unregisters or pass is deleted |
| API keys (hashed) | Until rotated or account deleted |
| Usage logs | 90 days |
You may at any time access your account data, update your information, delete your passes, rotate your API key, or close your account.
You additionally have the right to data portability, correction, deletion ("right to be forgotten"), objection to processing, and lodging a complaint with your local data protection authority.
If applicable, you have the right to know what personal information we collect, request deletion, opt out of sale (we do not sell personal information), and non-discrimination for exercising rights.
For business and enterprise customers requiring a DPA under GDPR, a standard Data Processing Agreement is available upon request. Contact support@passthru.dev.
The PassThru dashboard uses authentication cookies (session management) and Cloudflare Turnstile cookies (bot detection). We do not use advertising, tracking, or analytics cookies.
PassThru is a B2B service. We do not knowingly collect information from children under 13.
We will notify affected tenants via email before any material changes take effect.
Marckoy Industries LLC
Email: support@passthru.dev
Website: passthru.dev