Privacy Policy

1. Privacy-First Design

BitChat is built on a privacy-first architecture that prioritizes user anonymity and data protection. Our core design principles ensure that your communications remain private and secure without sacrificing usability.

2. Zero Data Collection

We collect absolutely no personal information:

• No Registration: No email addresses, phone numbers, or usernames required
• No Analytics: No usage tracking, crash reporting, or performance metrics
• No Location Data: Location permissions are only used for Bluetooth functionality, not stored or transmitted
• No Contact Access: No access to your contacts, photos, or other personal data
• No Cloud Storage: All data remains on your device only

3. Ephemeral Identity System

Your identity in BitChat is completely ephemeral:

• New cryptographic key pairs generated on every app launch
• No persistent identity linking your sessions
• No device fingerprinting or tracking mechanisms
• No user profiles or persistent accounts

4. End-to-End Encryption

All communications are protected with military-grade encryption:

• X25519 Key Exchange: Modern elliptic curve cryptography
• ChaCha20-Poly1305: Authenticated encryption for all messages
• Perfect Forward Secrecy: Keys are never reused across sessions
• No Key Escrow: We have no access to your encryption keys

5. Local Storage Only

All data remains exclusively on your device:

• Messages stored only in local device memory
• No cloud synchronization or backups
• No data transmitted to external servers
• Complete control over data deletion through emergency wipe feature

6. Bluetooth Permissions

BitChat requires Bluetooth and location permissions for core functionality:

• Bluetooth Permission: Required for device discovery and mesh networking
• Location Permission: Required by iOS/Android for Bluetooth LE scanning (not used for GPS)
• No Data Retention: Permission data is not stored or transmitted

7. Decentralized Architecture

Our decentralized design provides additional privacy benefits:

• No central servers that could be compromised
• No single point of failure or surveillance
• Direct device-to-device communication
• No intermediary relay servers

8. Third-Party Services

BitChat does not integrate with any third-party services:

• No advertising networks or trackers
• No social media integrations
• No external analytics services
• No cloud service dependencies

9. Data Deletion

You have complete control over your data:

• Emergency Wipe: Triple-tap the app logo to instantly delete all local data
• App Uninstall: Removing the app deletes all associated data
• No Remote Data: There is no data stored outside your device to delete

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Since BitChat collects no user data, policy changes will not affect previously collected information.

11. Contact Information

For questions about this Privacy Policy, please contact us through:

• GitHub Issues: https://github.com/jackjackbits/bitchat/issues
• GitHub Discussions: https://github.com/jackjackbits/bitchat/discussions

12. Security Research

We welcome security research and responsible disclosure. Security researchers can report vulnerabilities through our GitHub repository. We do not operate a bug bounty program, but we will work with researchers to address legitimate security concerns.