Privacy Policy

1. Introduction

NearChat ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use the NearChat mobile application ("App").

NearChat is designed with privacy at its core. We operate on a "privacy by design" principle, meaning the App is built to function without collecting, storing, or transmitting your personal data to our servers.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

2. Data Controller

For the purposes of UK data protection law, the data controller is:

NearChat
Email: hello@nearchat.net

3. Information We Do Not Collect

NearChat is designed to operate without collecting personal data. Specifically, we do not collect, store, or process:

• Your name, email address, or phone number
• Account credentials (no account is required)
• Message content (messages are transmitted directly between devices)
• Location data
• Device identifiers or advertising IDs
• Usage analytics or behavioural data
• Contact lists or address books
• Photos, files, or media you share

All messaging occurs directly between devices using Bluetooth mesh networking. Your messages never pass through our servers.

4. Information Stored Locally on Your Device

The following information is stored locally on your device only and is never transmitted to us:

• Cryptographic keys: Your private encryption keys are generated and stored exclusively on your device
• Contact information: Public keys of contacts you add via QR code scanning
• Message history: Encrypted messages stored locally on your device
• App preferences: Your chosen settings and configurations

You can delete this data at any time by uninstalling the App or clearing the App's data through your device settings.

5. How the App Works

NearChat uses Bluetooth Low Energy (BLE) to create a mesh network between nearby devices. When you send a message:

• The message is encrypted end-to-end using ChaCha20-Poly1305 encryption
• The encrypted message is transmitted directly via Bluetooth to nearby devices
• If the recipient is not in direct range, the message may be relayed through other NearChat users
• Only the intended recipient can decrypt and read the message
• Relaying devices cannot read the message content

No internet connection or central server is required for messaging.

6. Legal Basis for Processing

As we do not collect or process personal data on our servers, the traditional legal bases under UK GDPR (consent, contract, legitimate interests, etc.) are not applicable to our core service.

Any local processing on your device is performed solely to provide the messaging functionality you have requested by using the App.

7. Third-Party Services

The App does not integrate with third-party analytics, advertising, or tracking services. We do not share any data with third parties.

The App is distributed through the Google Play Store (and Apple App Store in future). These platforms may collect their own data in accordance with their privacy policies, which are separate from this policy.

8. Data Security

We implement strong security measures within the App:

• End-to-end encryption: All messages are encrypted using ChaCha20-Poly1305 (the same standard used by WireGuard VPN)
• Digital signatures: Messages are authenticated using Ed25519 cryptographic signatures
• Local key storage: Private keys never leave your device
• No central storage: There is no server database that could be breached

9. Your Rights Under UK GDPR

Under UK data protection law, you have certain rights regarding your personal data. However, as we do not collect or store personal data on our servers, many of these rights are automatically fulfilled:

• Right of access: We hold no personal data about you on our servers
• Right to rectification: Not applicable as we hold no data to correct
• Right to erasure: Automatically fulfilled - uninstalling the App removes all local data
• Right to data portability: Your data exists only on your device and is under your control
• Right to object: Not applicable as we perform no processing

If you have any concerns about your data, please contact us at hello@nearchat.net.

10. Children's Privacy

NearChat is not directed at children under the age of 13. We do not knowingly collect any information from children. As the App requires no account creation and collects no data, there is no mechanism for us to identify or store information about any user, including children.

Parents and guardians should supervise their children's use of mobile applications.

11. International Data Transfers

As we do not collect or transmit data to servers, there are no international data transfers associated with our service. All data remains on your device under your control.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically.

13. Complaints

If you have concerns about how we handle privacy matters, please contact us first at hello@nearchat.net.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO at ico.org.uk or by phone at 0303 123 1113.