Private pager, narrow trust surface.

Security model: Page Me is built around secret Webhook URLs, APNs delivery, privacy-safe metadata, and fast channel Rotation when a URL is exposed.

Webhook secrets

Raw webhook secrets are returned only when created or rotated. The backend stores digests, not raw channel URLs.

App session tokens are treated as bearer credentials and are stored in the iOS Keychain.

Notification titles and message bodies are not persisted on the server by default.

Delivery records store metadata such as status, timestamps, APNs reason codes, source, priority, and payload size.

Notification history is written on-device by the notification service extension through App Group storage.

Invalid webhook attempts, oversized requests, and unsafe URL schemes are rejected or rate limited.

Do not share webhook URLs publicly. Store them in secret managers, CI secrets, local config files, or Apple Shortcuts variables that are not shared.

Rotate a channel secret if a webhook URL appears in logs, screenshots, public repos, shared chats, or any tool you no longer trust.

Send security issues directly to the repository owner with the affected endpoint, expected behavior, actual behavior, and safe reproduction steps.