Privacy Policy

Last updated: March 15, 2026

The Short Version

Privata collects nothing. We have no servers, no accounts, no analytics, no telemetry, and no way to read your messages. Your cryptographic identity is generated and stored exclusively on your device.

1. Information We Do Not Collect

Privata does not collect, store, transmit, or have access to:

• Your name, email address, or phone number
• Message content (all messages are end-to-end encrypted)
• Contact lists or address books
• Location data (geohash computation happens locally; raw GPS is never shared)
• Device identifiers, advertising IDs, or fingerprints
• Usage analytics, crash reports, or telemetry
• IP addresses (all network traffic is routed through Tor)
• Metadata about who you communicate with, when, or how often

2. How Privata Works

Privata is a peer-to-peer messaging application built on the open-source Bitchat protocol. Messages are transmitted directly between devices using:

• Bluetooth Low Energy (BLE) Mesh: Messages hop between nearby devices without using any internet connection. No server is involved.
• Nostr Relays: When internet is available, messages may be routed through decentralized Nostr relays. These relays see only encrypted ciphertext and cannot read message content. All relay connections are made through Tor.
• Blossom Media Servers: Large file transfers may use Blossom servers for encrypted blob storage. Files are encrypted client-side with AES-256-GCM before upload. Servers store only ciphertext and cannot decrypt files.

3. Cryptographic Identity

On first launch, Privata generates a Noise Protocol keypair (X25519) on your device. This keypair serves as your identity. It is:

• Generated locally using cryptographically secure random number generation
• Stored exclusively in your device's secure enclave / keychain
• Never transmitted to any server or third party
• Under your sole control — if you delete the app, the identity is gone

4. Encryption

All private messages use the Noise_XX_25519_ChaChaPoly_SHA256 handshake pattern. This provides:

• Forward secrecy: Compromising a key does not compromise past messages
• Mutual authentication: Both parties verify each other's identity
• Deniability: Messages cannot be cryptographically attributed to you by a third party

5. Network Privacy

When connected to the internet, all network traffic (Nostr relay connections, Blossom uploads/downloads) is routed through the Tor anonymity network via the embedded Arti client. This means:

• Relays and servers never see your real IP address
• Your ISP cannot determine that you are using Privata
• Network observers cannot correlate your traffic to your identity

6. Local Data Storage

Privata stores message history, contact information, and settings locally on your device. This data is:

• Protected by your device's built-in encryption (iOS Data Protection / Android FBE)
• Optionally protected by biometric authentication (Face ID / Touch ID)
• Never backed up to cloud services by Privata (iCloud/Google backup of device data is controlled by your device settings)
• Completely deleted when you uninstall the app

7. Third-Party Services

Privata does not integrate with any third-party analytics, advertising, or tracking services. The only external services involved are:

• Nostr Relays: Decentralized, interchangeable, and see only encrypted data
• Tor Network: Open-source anonymity network operated by volunteers worldwide
• Blossom Servers: Optional, configurable media blob storage (encrypted data only)

None of these services have a relationship with Privata or access to your data.

8. Children's Privacy

Privata does not knowingly collect any information from anyone, including children under 13. Since we collect no data, COPPA and equivalent regulations are inherently satisfied.

9. Law Enforcement

Privata has no data to provide in response to legal requests. We do not operate servers, do not collect data, and do not have the technical ability to intercept or decrypt messages. We cannot comply with data requests because we have no data.

10. Open Source

Privata is built on the open-source Bitchat protocol. You can inspect, audit, and verify the underlying protocol at github.com/permissionlesstech/bitchat.

11. Changes to This Policy

If we update this privacy policy, the changes will be posted on this page with an updated revision date. Since Privata collects no data, policy changes will only ever reflect changes in how the software works, not in data practices.

12. Contact

For questions about this privacy policy or Privata's security architecture, contact us at privacy@privata.pages.dev.