server/src/privacy.html at master · bentley.sh/coords

bentley.sh / coords
Privacy-preserving location sharing with end-to-end encryption coord.is
coords / server / src / privacy.html
at master 197 lines 9.0 kB view raw
  1<!DOCTYPE html>
  2<html lang="en">
  3<head>
  4    <meta charset="UTF-8">
  5    <meta name="viewport" content="width=device-width, initial-scale=1.0">
  6    <title>Transponder Privacy Policy</title>
  7    <style>
  8        body {
  9            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
 10            line-height: 1.6;
 11            max-width: 800px;
 12            margin: 0 auto;
 13            padding: 2rem;
 14            color: #333;
 15        }
 16        h1 { color: #007AFF; }
 17        h2 { color: #555; border-bottom: 1px solid #eee; padding-bottom: 0.5rem; margin-top: 2rem; }
 18        table { border-collapse: collapse; width: 100%; margin: 1rem 0; }
 19        th, td { border: 1px solid #ddd; padding: 0.5rem; text-align: left; }
 20        th { background: #f5f5f5; }
 21        code { background: #f5f5f5; padding: 0.2rem 0.4rem; border-radius: 3px; }
 22        .summary { background: #f0f7ff; padding: 1rem; border-radius: 8px; margin: 1rem 0; }
 23        .summary ul { margin: 0; }
 24        hr { border: none; border-top: 1px solid #eee; margin: 2rem 0; }
 25        @media (prefers-color-scheme: dark) {
 26            body { background: #1a1a1a; color: #e0e0e0; }
 27            h1 { color: #4da6ff; }
 28            h2 { color: #aaa; border-bottom-color: #333; }
 29            th { background: #2a2a2a; }
 30            th, td { border-color: #444; }
 31            code { background: #2a2a2a; }
 32            .summary { background: #1a2a3a; }
 33        }
 34    </style>
 35</head>
 36<body>
 37    <h1>Transponder Privacy Policy</h1>
 38    <p><em>Last updated: January 12, 2026</em></p>
 39
 40    <p>Transponder is a location sharing app designed with privacy as a core principle. This policy explains what data we collect, how it's protected, and your rights.</p>
 41
 42    <div class="summary">
 43        <h2 style="margin-top: 0; border: none;">Summary</h2>
 44        <ul>
 45            <li><strong>Your location is end-to-end encrypted</strong> — only friends you explicitly add can see it</li>
 46            <li><strong>The server cannot read your location</strong> — it only stores encrypted data it cannot decrypt</li>
 47            <li><strong>No analytics or tracking</strong> — we don't use any third-party analytics, advertising, or tracking services</li>
 48            <li><strong>Your data stays on your device</strong> — cryptographic keys never leave your phone</li>
 49        </ul>
 50    </div>
 51
 52    <h2>Data We Collect</h2>
 53
 54    <h3>Location Data</h3>
 55    <ul>
 56        <li>Latitude and longitude (precise location)</li>
 57        <li>Location accuracy (in meters)</li>
 58        <li>Timestamp of when location was captured</li>
 59    </ul>
 60    <p><strong>How it's used:</strong> Shared with friends you choose, displayed on the map.</p>
 61    <p><strong>How it's protected:</strong> Encrypted on your device using AES-256-GCM before transmission. The server only stores encrypted data it cannot decrypt.</p>
 62
 63    <h3>Identity Information</h3>
 64    <ul>
 65        <li>Display name (chosen by you)</li>
 66        <li>Cryptographic public key (used to identify you to friends)</li>
 67    </ul>
 68    <p><strong>How it's used:</strong> Your display name is shared with friends via friend links. Your public key identifies you in the system.</p>
 69    <p><strong>How it's protected:</strong> Display name is stored locally. Cryptographic keys are stored in secure device storage (iOS Keychain / Android Keystore).</p>
 70
 71    <h3>Friend List</h3>
 72    <ul>
 73        <li>Friends' names, public keys, and server URLs</li>
 74        <li>Your sharing preferences for each friend</li>
 75    </ul>
 76    <p><strong>How it's used:</strong> Determines who can see your location and whose location you can see.</p>
 77    <p><strong>How it's protected:</strong> Stored locally on your device only.</p>
 78
 79    <h2>Data We Do NOT Collect</h2>
 80    <ul>
 81        <li>Email addresses or phone numbers</li>
 82        <li>Passwords or account credentials</li>
 83        <li>Device identifiers or advertising IDs</li>
 84        <li>Usage analytics or behavioral data</li>
 85        <li>Crash reports or diagnostics</li>
 86        <li>Any data from your contacts, photos, or other apps</li>
 87    </ul>
 88
 89    <h2>How Encryption Works</h2>
 90    <p>Transponder uses end-to-end encryption, meaning your location is encrypted on your device before it ever leaves your phone.</p>
 91    <ol>
 92        <li><strong>Key Generation:</strong> When you create your identity, cryptographic keys (Ed25519 and X25519) are generated on your device</li>
 93        <li><strong>Encryption:</strong> Your location is encrypted with AES-256-GCM using keys derived from your friends' public keys</li>
 94        <li><strong>Transmission:</strong> Only encrypted data is sent to the server</li>
 95        <li><strong>Decryption:</strong> Only friends with the matching private keys can decrypt your location</li>
 96    </ol>
 97    <p><strong>The server never has access to your unencrypted location data.</strong></p>
 98
 99    <h2>Data Storage</h2>
100
101    <h3>On Your Device</h3>
102    <table>
103        <tr><th>Data</th><th>Storage Method</th></tr>
104        <tr><td>Private keys</td><td>iOS Keychain / Android Keystore (hardware-backed when available)</td></tr>
105        <tr><td>Display name</td><td>iOS UserDefaults / Android SharedPreferences</td></tr>
106        <tr><td>Friends list</td><td>Local JSON file</td></tr>
107        <tr><td>Cached friend locations</td><td>Local storage</td></tr>
108    </table>
109
110    <h3>On Servers</h3>
111    <ul>
112        <li>Encrypted location blobs (server cannot decrypt)</li>
113        <li>Public keys (necessary for the protocol)</li>
114        <li>Timestamps</li>
115    </ul>
116
117    <h2>Third-Party Services</h2>
118
119    <h3>Maps</h3>
120    <ul>
121        <li><strong>iOS:</strong> Apple MapKit (Apple's privacy policy applies)</li>
122        <li><strong>Android:</strong> MapLibre (open-source, no data transmitted)</li>
123    </ul>
124    <p>Maps are display-only. Your location data is not sent to mapping services.</p>
125
126    <h3>No Other Third Parties</h3>
127    <p>We do not use analytics services, crash reporting, advertising networks, or social media SDKs.</p>
128
129    <h2>Data Sharing</h2>
130    <p>Your location is only shared with:</p>
131    <ul>
132        <li><strong>Friends you explicitly add</strong> — via QR code or link</li>
133        <li><strong>The Transponder server</strong> — as encrypted data only</li>
134    </ul>
135    <p>We do not sell, rent, or share your data with any third parties for marketing or advertising purposes.</p>
136
137    <h2>Data Retention</h2>
138    <h3>On Device</h3>
139    <ul>
140        <li>Data persists until you delete the app or remove it manually</li>
141        <li>Uninstalling the app deletes all local data</li>
142    </ul>
143    <h3>On Server</h3>
144    <ul>
145        <li>The server stores encrypted location data</li>
146        <li>Server retention policies depend on which server you use</li>
147        <li>Self-hosted servers: you control retention</li>
148    </ul>
149
150    <h2>Your Rights</h2>
151    <h3>Access &amp; Deletion</h3>
152    <ul>
153        <li>View all your data within the app</li>
154        <li>Delete your identity and all local data through the app</li>
155        <li>Remove individual friends at any time</li>
156    </ul>
157    <h3>Opt-Out</h3>
158    <ul>
159        <li>Disable location sharing entirely</li>
160        <li>Disable background location updates</li>
161        <li>Choose which friends can see you (per-friend controls)</li>
162    </ul>
163
164    <h2>Background Location</h2>
165    <p>If you enable "Always Allow" location permission:</p>
166    <ul>
167        <li>The app may update your location in the background</li>
168        <li>Updates occur approximately every 15 minutes or when you move significantly (~500m)</li>
169        <li>You can disable this at any time in Settings</li>
170    </ul>
171    <p>Background location is <strong>optional</strong> and only used if you enable automatic sharing.</p>
172
173    <h2>Security</h2>
174    <ul>
175        <li><strong>AES-256-GCM</strong> encryption for location data</li>
176        <li><strong>Ed25519</strong> signatures for authentication</li>
177        <li><strong>X25519</strong> key exchange for secure key derivation</li>
178        <li><strong>HTTPS</strong> for all network communication</li>
179        <li><strong>Hardware-backed</strong> key storage when available</li>
180    </ul>
181
182    <h2>Self-Hosting</h2>
183    <p>Transponder supports self-hosted servers. If you run your own server, you control all server-side data and retention policies.</p>
184
185    <h2>Children's Privacy</h2>
186    <p>Transponder is not intended for children under 13. We do not knowingly collect data from children.</p>
187
188    <h2>Changes to This Policy</h2>
189    <p>We may update this policy from time to time. Significant changes will be noted in app updates.</p>
190
191    <h2>Contact</h2>
192    <p>For privacy questions or data requests, contact: <strong>privacy@bentley.sh</strong></p>
193
194    <h2>Open Source</h2>
195    <p>Transponder is open source software. The source code for the iOS app, Android app, and server is available upon request. Contact us if you'd like to review or audit the code.</p>
196</body>
197</html>