Privacy Policy
AirChat > Privacy Policy > Last Updated: 15 Nov 2025

Privacy Policy for AirChat

Effective Date: January 1, 2025

Last Updated: 15 Nov 2025

Introduction

BinaryScript ("we," "our," or "us") operates the AirChat mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

We are committed to protecting your privacy and ensuring transparency about our data practices. Please read this Privacy Policy carefully. By using AirChat, you agree to the collection and use of information in accordance with this policy.

Contact Information:
Email: [email protected]
Website: https://binaryscript.com

🔒 Privacy-First Design

Important: AirChat is designed for maximum privacy:

  • Messages stored ONLY on your device - never on our servers
  • Local database encrypted with AES-256
  • No cloud storage or backups of your messages
  • Peer-to-peer communication without intermediary servers
  • We cannot access, read, or recover your messages
1. Information We Collect
1.1 Information You Provide

Account Information:

  • Google account email address (required for authentication)
  • Display name and username
  • Profile photo (from your Google account, optional)
  • Bio or status message (optional, stored locally only)

User-Generated Content:

  • Text messages you send and receive
  • Photos, videos, and documents you share
  • Voice messages you record
  • File attachments

Important: Messages and media are stored locally on your device only. We do not store, access, or transmit your message content or shared media to our servers.

1.2 Automatically Collected Information

Device Information:

  • Device model and manufacturer
  • Operating system version (Android/iOS)
  • App version and build number
  • Unique device identifier (Android ID or identifierForVendor)
  • Platform type (Android, iOS)

Regional Information:

  • Country code (derived from SIM card, network operator, or device locale)
  • Language preference (from device settings)

Location Information:

  • We collect your approximate location (country/region) to comply with regional regulations
  • We do NOT track your precise GPS location
  • Location permission on Android is required by the operating system for WiFi network scanning only, not for location tracking

Usage Data:

  • App usage patterns and features used
  • Crash reports and error logs
  • Session duration and app launches
  • Connection success/failure rates
1.3 Data NOT Collected

We explicitly do NOT collect:

  • Message content (stays on your device)
  • Shared media files (stored locally only)
  • Your contact list or phonebook
  • Precise GPS coordinates or location history
  • Browsing history or search queries
  • Biometric data
2. How We Use Your Information
2.1 Service Provision

We use collected information to:

  • Authenticate your identity using Google OAuth 2.0
  • Enable peer-to-peer connections on local WiFi networks
  • Manage your user account and profile
  • Provide customer support when you contact us
  • Send service notifications about your account
2.2 Service Improvement

We use aggregated, anonymized data to:

  • Analyze usage patterns to improve features
  • Diagnose technical issues and fix bugs
  • Monitor app performance and stability
  • Understand user preferences for future development
2.3 Legal Compliance

We may use and disclose information to:

  • Comply with legal obligations and government requests
  • Enforce our Terms of Service
  • Protect our rights and property
  • Prevent fraud or illegal activities
  • Protect user safety in emergency situations
2.4 Future Premium Features

We may use your information to:

  • Process subscription payments (when premium features launch)
  • Provide premium customer support
  • Notify you about available upgrades (with your consent)
3. Third-Party Services
3.1 Firebase (Google LLC)

We use Firebase services for authentication, analytics, and crash reporting:

Firebase Authentication:

  • Handles Google Sign-In OAuth flow
  • Stores authentication tokens
  • Data shared: Google account information (email, name, profile picture)

Firebase Analytics:

  • Tracks app usage and user behavior
  • Data shared: Device information, app events, usage patterns
  • Data is aggregated and anonymized

Firebase Crashlytics:

  • Monitors and reports app crashes
  • Data shared: Device state, crash logs, stack traces
  • Helps us fix bugs and improve stability

Firebase Privacy Policy: https://firebase.google.com/support/privacy

3.2 Google Sign-In (Google LLC)

We use Google Sign-In for user authentication:

  • Access to your Google profile (email, name, photo)
  • OAuth 2.0 authentication tokens
  • No access to other Google services (Gmail, Drive, etc.)

Google Privacy Policy: https://policies.google.com/privacy

3.3 BinaryScript Backend API

We operate a backend server (api.binaryscript.com) to:

  • Verify Firebase authentication tokens
  • Manage user accounts and sessions
  • Issue JWT access/refresh tokens
  • Store minimal user profile data

Data stored on our backend:

  • Firebase user ID
  • Email address, display name
  • Device information
  • Account creation and last login timestamps
  • Subscription status (future feature)

Data NOT stored on our backend:

  • Messages or message content
  • Shared media files
  • Contact lists
  • Location history
4. How We Share Your Information
4.1 No Selling or Renting

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We share limited data with:

  • Firebase/Google: For authentication, analytics, and crash reporting (as described in Section 3)
  • Cloud hosting providers: To operate our backend API infrastructure

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal process (subpoena, court order)
  • Government or law enforcement requests
  • Protection of rights, property, or safety
  • Fraud prevention or security investigations
4.4 Business Transfers

If BinaryScript is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.5 Peer-to-Peer Communication
⚠️ Important Security Information

When you use AirChat, your device establishes direct connections with other users' devices on the same WiFi network. This means:

  • Your local IP address is visible to other users on the network
  • Messages are transmitted directly between devices
  • Messages are NOT currently encrypted during transmission (use on trusted networks only)
  • Anyone with network access and technical tools could potentially intercept local traffic

We are working on implementing end-to-end encryption for peer-to-peer communication.

5. Data Storage and Security
5.1 Local Storage (On Your Device)

Encrypted Database:

  • All messages and media metadata are stored in a Hive database
  • Database is encrypted using AES-256 encryption
  • Encryption key is stored securely in device keychain (Flutter Secure Storage)

File Storage:

  • Shared media (images, videos, files) are stored in app-specific directories
  • Files are protected by operating system sandboxing
  • Files are deleted when you uninstall the app

Secure Storage:

  • Authentication tokens stored in device keychain
  • Tokens are encrypted by the operating system
  • No passwords are stored (Google OAuth only)
5.2 Remote Storage (Our Backend)

Server Location: Cloud infrastructure (data center location may vary)

Security Measures:

  • HTTPS/TLS encryption for all API communications
  • JWT token authentication for API access
  • Regular security audits and updates
  • Access controls and logging
  • Encrypted database connections

Data Retention:

  • Active accounts: Data stored indefinitely until account deletion
  • Deleted accounts: Data retained for 90 days for backup/recovery purposes, then permanently deleted
  • Backups are encrypted and access-controlled
5.3 Security Practices

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (AES-256 for local database)
  • Secure token management (JWT with expiration)
  • Regular security updates
  • Limited employee access to user data

No Security is Perfect: Despite our efforts, no method of transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Privacy Rights
6.1 General Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your data (data portability)
  • Opt-out of marketing communications
  • Withdraw consent for data processing
6.2 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to object to processing
  • Right to restrict processing
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority
6.3 CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared
  • Right to opt-out of sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

We do NOT sell personal information.

6.4 How to Exercise Your Rights

To exercise any of these rights:

  1. Email us: [email protected]
  2. Include: Your registered email address and specific request
  3. Verification: We may ask for verification to protect your account
  4. Response time: We will respond within 30 days

Account Deletion:

  • Sign in to the app and go to Settings
  • Tap "Delete Account" (future feature)
  • Or email [email protected] with your deletion request

Data Export:

  • Email [email protected] to request a copy of your data
  • We will provide your data in a machine-readable format (JSON)
7. Children's Privacy
7.1 Age Requirement

AirChat is NOT intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If you are under 13, do not:

  • Download or use the App
  • Provide any information to us
  • Create an account
7.2 Parental Notice

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at [email protected]. We will delete such information promptly.

7.3 Age Verification

We rely on Google Sign-In for authentication, which requires users to be at least 13 years old per Google's Terms of Service. However, we do not independently verify ages.

7.4 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). We do not:

  • Knowingly collect information from children under 13
  • Share children's information with third parties
  • Allow children to publicly post information
8. International Data Transfers
8.1 Global Service

AirChat is available worldwide. Your information may be transferred to and processed in countries other than your own, including:

  • United States (Firebase, Google services)
  • Countries where our cloud infrastructure is located
8.2 Data Protection

When we transfer data internationally, we ensure adequate protection through:

  • Compliance with GDPR and other data protection laws
  • Standard contractual clauses with service providers
  • Privacy Shield principles (where applicable)
8.3 Your Consent

By using AirChat, you consent to the transfer of your information to countries outside your residence, which may have different data protection laws.

9. Data Retention
9.1 Active Accounts

We retain your account information and backend data for as long as:

  • Your account is active
  • Needed to provide services
  • Required by law or for legitimate business purposes
9.2 Deleted Accounts

When you delete your account:

  • Backend data is marked for deletion immediately
  • Data is retained for 90 days for backup and recovery purposes
  • After 90 days, data is permanently and irreversibly deleted
  • Local data on your device remains until you uninstall the app
9.3 Local Data

Messages and media on your device remain until you:

  • Delete individual messages or chats
  • Clear app data
  • Uninstall the app

We have no access to or control over local data on your device.

9.4 Analytical Data
  • Aggregated, anonymized analytics data may be retained indefinitely
  • This data cannot be used to identify individual users
  • Used for long-term research and service improvement
10. Cookies and Tracking
10.1 No Cookies

AirChat is a mobile application and does not use browser cookies.

10.2 Analytics Tracking

We use Firebase Analytics to track:

  • App usage and feature engagement
  • Session duration and frequency
  • Device and OS information
  • Crash and error reports
10.3 Opt-Out

You can limit analytics tracking by:

  • iOS: Settings > Privacy > Analytics > Turn off "Share with App Developers"
  • Android: Settings > Google > Ads > Opt out of Ads Personalization
11. Future Premium Features
11.1 Subscription Plans

We plan to introduce optional premium subscription features, which may include:

  • Group chat with multiple participants
  • Enhanced file sharing capabilities
  • Priority customer support
  • Advanced customization options
11.2 Payment Processing

If you subscribe to premium features:

  • Payment processing handled by Google Play Billing or Apple In-App Purchase
  • We do not store credit card or payment information
  • Billing information is managed by Google/Apple
11.3 Subscription Data

We will collect:

  • Subscription status (active, cancelled, expired)
  • Subscription tier and features enabled
  • Billing timestamps and renewal dates
  • Transaction IDs for support purposes

This information will be used solely for providing premium features, managing subscriptions, processing refunds, and customer support.

12. Changes to This Privacy Policy
12.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • User feedback and best practices
12.2 Notification

When we make material changes:

  • We will update the "Last Updated" date at the top
  • We will notify you via in-app notification
  • Email to your registered address (for significant changes)
  • Continued use of the App after changes constitutes acceptance
12.3 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Questions and Contact
13.1 Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices:

Email: [email protected]
Subject Line: Privacy Policy Inquiry - AirChat
Response Time: We aim to respond within 5 business days

13.2 Supervisory Authority

If you are in the EEA or UK, you have the right to lodge a complaint with a data protection supervisory authority in your country.

EU Supervisory Authorities: https://edpb.europa.eu/about-edpb/board/members_en
UK Information Commissioner's Office: https://ico.org.uk

Acknowledgment

By using AirChat, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

BinaryScript
Committed to Your Privacy and Local-First Communication

Last Updated: 15 Nov 2025