PiPup is an Android TV app that shows pop-up notifications on your TV. It runs a small web server on the TV so devices on your own local network (most commonly a home-automation system such as Home Assistant) can send it a notification to display.
1. Who this policy is for
This policy covers the PiPup Android TV application (package
nyc.savin.pipup), distributed via Google Play and as a sideloadable APK. PiPup is
free and open-source software; its source code is available at
github.com/alex-savin/android-pipup.
2. Information we collect
None. PiPup does not collect, store on our servers, or transmit any personal or device information to the developer. We operate no servers or backend that receive your data. The app contains no analytics, advertising, or tracking SDKs.
3. How the app uses your device and network
All processing happens on your TV and your local network. For transparency, here is every way PiPup uses the network:
- Receiving notifications. PiPup listens for HTTP requests on your local
network (default port
7979). The notification content you (or your automation) send is rendered on the TV and is not forwarded anywhere by the app. - Loading media you reference. If a notification includes an image, video, or web URL, PiPup fetches that media directly from the address you specified. Those requests go to whichever server you chose; that server may see your TV's network (IP) address, exactly as any web request would. PiPup does not add any tracking to these requests.
- Delivery callbacks (optional). If you include a
callbackURL in a notification, PiPup sends a small{"event":"shown"}/{"event":"dismissed"}POST to that address — only the one you provided. - Local discovery (mDNS). PiPup advertises itself on your local network
(service type
_pipup._tcp) so clients can find the TV without hard-coding an IP. This stays within your local network. - Text-to-speech. If you use the spoken-notification feature, the text is passed to your device's built-in text-to-speech engine, which is governed by your device/OS settings and its own provider's terms.
PiPup makes no other outbound connections. It does not contact the developer, and it has no built-in cloud service.
4. Permissions and why they are needed
| Permission | Why PiPup requests it |
|---|---|
SYSTEM_ALERT_WINDOW | Draw the notification overlay on top of other apps. |
INTERNET | Run the local web server and load media you reference by URL. |
ACCESS_NETWORK_STATE | Determine the TV's local IP address to display it on the main screen. |
RECEIVE_BOOT_COMPLETED | Restart the notification service after the TV reboots. |
FOREGROUND_SERVICE, FOREGROUND_SERVICE_SPECIAL_USE | Keep the local web server running reliably as a foreground service. |
POST_NOTIFICATIONS | Show the ongoing "service running" status notification (Android 13+). |
5. Information stored on your device
PiPup saves its own settings locally on the TV (for example: the server port, an optional authentication token, and an optional IP allowlist). This information stays on the device, is used only by the app, and is removed when you uninstall the app. It is never sent to the developer.
6. Data sharing and sale
We do not share or sell any data, because we do not collect any. The only data that leaves your TV is what you explicitly direct PiPup to fetch or send (media URLs and callback URLs you include in your own notifications), as described in Section 3.
7. Children's privacy
PiPup is a general-purpose utility intended for adults managing their own home network and devices. It is not directed at children and collects no personal information from anyone.
8. Security
PiPup is designed for use on a trusted local network. It offers optional protections — a bearer token and an IP allowlist — that you can enable to restrict who may trigger notifications. The built-in server uses plain HTTP on your local network; if you need transport encryption, place it behind a reverse proxy or VPN. You are responsible for securing your own network.
9. Third-party software
PiPup is built with open-source libraries (for example NanoHTTPD, Jackson, Glide, AndroidX Media3/ExoPlayer, and ZXing). These libraries run on your device and do not transmit your data to the developer or to their authors. Media playback and image loading only contact the URLs you provide.
10. Changes to this policy
If this policy changes, the "Last updated" date above will change and the revised version will be posted at this URL. Material changes will be reflected in the app's release notes where appropriate.
11. Contact
Questions about this policy or the app? Contact the developer at alex@savin.nyc.