Radar – Privacy Policy

📋 Overview

This Privacy Policy explains how DAL Technology (“we”, “our”, or “us”) collects, uses, stores, and shares information when you use the Radar Android application (package uk.co.daltechnology.radar).

By installing or using Radar you agree to the practices described in this policy. If you do not agree, please uninstall the app and do not use it.

Radar is a peer-to-peer mesh communication tool. Some data is temporarily stored on our server strictly to enable peer discovery and message relay — this is explained in full below. We do not sell, profile, or advertise using your data.

📦 Information We Collect

The following categories of data are collected or accessed, depending on the features you use and the permissions you grant.

Data you provide directly

Data type	Examples	Where it is stored	Why it is needed
Profile nickname	Optional display name you choose	On your device and on our server (current value only)	Shown to nearby Radar peers who discover you
Gender	Optional — male / female / not specified	On your device and on our server (current value only)	Shown to nearby peers as part of your profile
Profile photo	Image chosen from your gallery or camera	On your device only — transferred peer-to-peer	Shown on your contact card to nearby peers
Chat messages (unencrypted path)	Text, images, video, audio clips, files	On your device; temporarily on our relay server (≤ 7 days)	Delivered to the intended recipient via server relay when direct path unavailable
Chat messages (encrypted / sealed-sender path)	End-to-end encrypted ciphertext	On your device; temporarily on our relay server (≤ 7 days) — content is unreadable to us	Encrypted delivery via server relay when direct path unavailable
Emergency contacts	Names and phone numbers you add manually	On your device only	Quick-dial contacts for the Emergency / SOS screen
In-app support message	Problem description / feedback text; optional reply-to email	On our server (retained for support resolution)	Enable us to respond to support requests

Data collected automatically

Data type	Examples	Where it is stored	Why it is needed
Current GPS location	Latitude, longitude, altitude	On your device; current position only on our server (overwritten each update — no history kept)	Power the radar view; share your position with nearby peers; enable peer discovery
Device UUID	Randomly generated GUID created on first launch	On your device and on our server (linked to your current location row)	Pseudonymous device identifier for peer routing; contains no personal information
IP address	IPv4 / IPv6 address at time of server contact	On our server (current value, overwritten each update)	Network routing for direct peer communication
Device technical info	Device manufacturer, model, Android version, SDK version	On our server (stored when push notifications are registered)	Diagnostic support and compatibility checks
App version	e.g. 1.4.2	On our server	Compatibility checks and support
FCM push token	Firebase Cloud Messaging registration token	On our server	Deliver a wake-up notification when a new message is waiting
Matrix guest credentials (auto-generated)	Server-generated username and password derived from your UUID	On our server and on your device	Auto-created Matrix account for the in-app support chat. Not linked to any personal Matrix account you may have.

Data accessed with your permission

Permission	Data accessed	Storage	Why it is needed
Contacts	Names, phone numbers, emails from your address book	On your device only	Merge Android contacts with Radar peers in the unified contact list
SMS / MMS	Message content, sender numbers, timestamps	On your device only	Display and send SMS/MMS from within the app (optional feature)
Camera	Photos and video captured in-app	On your device only	Attach media to messages or set a profile photo
Microphone	Audio recordings you initiate	On your device only	Record audio clips to attach to messages
Media / Storage	Images and files you choose to share	On your device only	Attach files and images to messages

🗄️ What Our Server Stores — In Detail

Radar operates an Oracle-based backend server that enables peer discovery and message relay. The following explains precisely what is stored on that server, how long it is kept, and what we can and cannot see.

Peer location record

One row per device UUID — no history, just the current position.
Stores: UUID (pseudonymous), current GPS coordinates, optional nickname, optional gender, IP address, port, app version, FCM token, device model/OS.
No email address or phone number is stored — this is a deliberate privacy design decision.
The record is overwritten on every location update; previous locations are not retained.
Soft-deleted when the device identity is reset; hard-deleted on the next nightly cleanup job.

Relayed messages

Messages sent via the server relay are stored temporarily until the recipient collects them.
Maximum retention: 7 days. Messages are soft-deleted as soon as all recipients acknowledge them, or when the 7-day TTL expires. The nightly job physically removes soft-deleted rows.
Unencrypted relay messages: the server stores the full message JSON. We can technically read the payload. We do not do so except for operational support or legal obligations.
Encrypted (sealed-sender) messages: the ciphertext is stored opaquely. We cannot decrypt or read the message content. The cipher used is X25519 / XChaCha20-Poly1305.
The sender's UUID is stored in the outer message envelope of both encrypted and unencrypted messages (used for authentication / anti-spam). It is pseudonymous and not linked to any real-world identity.
Recipient UUIDs are stored for routing and are pseudonymous.
Push notification payload for sealed messages contains only a minimal wake-up signal ('message_pending') — no message content, no sender identity.

API request log

Every API call is logged with: client IP address, sender UUID, action type, request timestamp, and the full request/response JSON.
Used for debugging, security monitoring, and operational support.
Log tables are partitioned by date and rotated by the nightly job.

Nonces

Single-use cryptographic nonces are stored for up to 5 minutes to prevent replay attacks.
No personal data is contained in nonces.

Support records

Stores: sender UUID, support category, message text, optional reply-to email you provide.
Retained until the support request is resolved.

⚙️ How We Use Your Information

We use the information described above only for the following purposes:

We do not sell your data, use it for advertising, share it with data brokers, or process it for any purpose beyond those listed below.

To power the core peer discovery, messaging, and mapping features of Radar.
To display your pseudonymous profile (nickname and gender) to nearby Radar peers.
To relay messages between you and other Radar users when no direct wireless path is available.
To send a minimal push notification to your device when a relayed message is waiting.
To render maps and location features via Google Maps SDK and Google Play Services Location.
To maintain the local encrypted database of your messages, contacts, and settings.
To provide emergency features including GPS display, SOS signalling, and nearby-services lookup.
To respond to in-app support requests you submit.
To detect and prevent abuse, replay attacks, and unauthorised access to the API.

🤝 How We Share Your Information

Radar is designed to minimise data sharing. Information is shared only in the following limited circumstances.

Third-party services used by the app

Service	Provider	Data shared	Purpose
Google Maps SDK	Google LLC	Map tile requests, device location	Render the interactive peer and POI map
Firebase Cloud Messaging	Google LLC	FCM push token, minimal wake-up payload	Deliver background push notifications
Google Play Services Location	Google LLC	Device GPS coordinates	Obtain precise and fused location data
ML Kit (on-device)	Google LLC	Message text — processed on-device only, not sent to Google servers	On-device translation of received messages
OpenSky Network (Premium)	OpenSky Network	Bounding-box coordinates	Live aircraft position data for the map overlay
Overpass API / OpenStreetMap	OpenStreetMap Foundation	Bounding-box coordinates	Points of interest (hospitals, pharmacies, etc.)
Google Places API (Premium)	Google LLC	Bounding-box coordinates	Emergency service POI (hospitals, police, pharmacy)
HERE Maps API (Premium)	HERE Global B.V.	Bounding-box coordinates	Points of interest and emergency contact data
WiGLE (Premium)	WiGLE.net	Bounding-box coordinates	Historical Wi-Fi network data overlay
Matrix homeserver (optional)	Server you configure, or our built-in support server	Messages, media, room membership	Federated group chat via the Matrix protocol

With other Radar users (peer-to-peer and via relay)

Your current location and pseudonymous profile (nickname, gender) are shared with nearby Radar peers via our server or direct wireless link.
No email address or phone number is ever sent to other users.
You control what profile information you provide — all profile fields except UUID are optional.

Legal requirements

We may disclose information if required by law, court order, or governmental authority.
We may also disclose information where necessary to protect our legal rights or the safety of any person.

⏱️ Data Retention & Deletion

Data	Retention period	How deleted
Current location + profile	Until you reset your device identity, or until you are inactive and the record is cleaned up	Soft-deleted then hard-deleted by the nightly scheduled job
Relayed messages	Maximum 7 days; earlier if all recipients acknowledge receipt	Automatically soft-deleted on acknowledgement or TTL expiry; hard-deleted by the nightly job
FCM token / device info	Until you reset your device identity	Cleared when identity is reset; nightly cleanup
Matrix guest credentials	Until you reset your device identity	Cleared when identity is reset
API request log	Log tables are partitioned by date and rotated on a schedule	Automatically rotated on a scheduled basis by a nightly maintenance process
Support messages	Until support request is resolved	Deleted manually or on request
On-device data (messages, contacts, settings)	Until you delete in-app, or until you uninstall	Clear chat, delete contact, or uninstall the app

🔒 Security

No method of electronic storage or transmission is 100% secure. While we use industry-standard measures, we cannot guarantee absolute security.

On-device security

The local message and contact database is encrypted at rest using SQLCipher.
Optional biometric lock (fingerprint / face authentication) before the app opens.
Device UUID and cryptographic keys can be wiped and regenerated at any time via Settings → Device Identity Reset.

In-transit security

All communication with the relay server uses HTTPS (TLS).
API requests are authenticated with a pre-shared API key, a per-request timestamp, and a one-time-use nonce to prevent replay attacks.
End-to-end encrypted messages use X25519 key exchange and XChaCha20-Poly1305 authenticated encryption — the server stores only the opaque ciphertext.
The sealed-sender design means the server cannot determine the real-world identity of message participants from the encrypted payload alone.

Server-side security

The relay server is an Oracle APEX / ORDS deployment.
Requests older than 60 seconds are rejected (anti-replay).
Single-use nonces prevent exact request replay.

🔑 Android Permissions Explained

Every Android permission declared in the app manifest is listed below with the reason it is needed.

Permission	Required / Optional	Reason
ACCESS_FINE_LOCATION	Required	Core radar, map, and peer-discovery features
ACCESS_COARSE_LOCATION	Required	Fallback location for device discovery
ACCESS_BACKGROUND_LOCATION	Required	Keep mesh and position updates active while app is in background
BLUETOOTH_SCAN	Required	Discover nearby Radar peers over Bluetooth LE
BLUETOOTH_CONNECT	Required	Connect to discovered Bluetooth LE peers
BLUETOOTH_ADVERTISE	Required	Make your device discoverable to other Radar peers
NEARBY_WIFI_DEVICES	Required	Wi-Fi Aware peer discovery (Android 13+)
ACCESS_WIFI_STATE / CHANGE_WIFI_STATE	Required	Read and configure Wi-Fi for peer discovery
CHANGE_WIFI_MULTICAST_STATE	Required	Enable multicast for local network peer discovery
CHANGE_NETWORK_STATE	Required	Manage network connections for the relay feature
INTERNET	Required	Web relay, Google Maps, Firebase push notifications
FOREGROUND_SERVICE / FOREGROUND_SERVICE_LOCATION	Required	Run background location service with visible notification
POST_NOTIFICATIONS	Required	Show incoming message and service notifications (Android 13+)
RECEIVE_BOOT_COMPLETED	Required	Auto-restart background service after device reboot
WAKE_LOCK	Required	Prevent CPU sleep during active message delivery
VIBRATE	Required	Haptic feedback for messages and distress alerts
READ_CONTACTS / WRITE_CONTACTS	Optional	Merge Android address book with Radar peers; save peers as contacts
READ_SMS / RECEIVE_SMS / SEND_SMS	Optional	SMS integration — read, receive, and send SMS from within the app
RECEIVE_MMS / READ_MMS	Optional	MMS integration — display received MMS messages
CAMERA	Optional	Take photos for profile or message attachments
READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE	Optional	Select images and files to attach to messages
RECORD_AUDIO	Optional	Record audio clips to attach to messages
WRITE_EXTERNAL_STORAGE	Optional (Android ≤9)	Save attachments on older Android versions

📍 Location Data — Special Notice

Radar uses both foreground and background location. This is fundamental to the app's purpose: discovering nearby peers and keeping your position updated on the shared map even when the screen is off.

Background location access is required to maintain mesh connectivity and update your position for nearby contacts when the app is minimised. If you revoke background location permission, position updates will only occur while the app is actively open.

Your current location is sent to our relay server and stored in one record per device (no history — each update overwrites the previous position).
Location is shared with other Radar peers who query for nearby devices within your configured discovery range.
Location is not used for advertising or profiling.
You can disable location sharing at any time via the app's Privacy Settings or by revoking the location permission in Android Settings.
A persistent foreground service notification is shown whenever background location is active, in compliance with Android requirements.

📱 SMS & MMS Integration

Radar can optionally act as an SMS/MMS client. This feature is entirely optional and off by default.

Google Play note: SMS and Call Log permissions are sensitive. Radar requests SMS permissions solely to provide the optional unified SMS/MMS inbox. SMS content is never uploaded to our servers.

The app reads your SMS inbox from the Android Telephony provider to display messages alongside Radar chats.
Incoming SMS/MMS messages are received via system broadcast receivers.
SMS/MMS content is stored locally in the encrypted on-device database only — it is never uploaded to our relay server.
You can disable SMS integration at any time in Settings → SMS Integration.

🧑 Your Rights & Choices

You have the following controls over your data:

Delete messages — delete individual messages, clear entire conversations, or wipe all chats from within the app.
Delete contacts — remove any Radar contact from the contact card dialog.
Reset device identity — Settings → Device Identity Reset destroys all cryptographic keys and generates a new UUID, severing all links to your previous identity on the server.
Revoke permissions — revoke any permission (location, contacts, SMS, camera, microphone) at any time via Android Settings → Apps → Radar → Permissions.
Block contacts — block any peer to stop all messages and presence updates from them.
Delete all data — uninstalling the app removes all locally stored app data. Your server-side location record and any pending relay messages will be removed by the scheduled nightly cleanup.
Export data — use Settings → Debug Info to view stored data; use Export Chat to export conversations.

GDPR / UK GDPR rights (EU/EEA and UK users)

If you are in the EU/EEA or UK you may also have rights to: access, rectification, erasure, restriction of processing, and data portability.
To exercise these rights contact us at support@daltechnology.co.uk.

🧒 Children's Privacy

Radar is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@daltechnology.co.uk. We will take steps to delete such information as quickly as possible.

🔗 Third-Party Links & Services

The app may contain links to third-party websites or services (e.g. emergency services websites, hospital listings). We are not responsible for the privacy practices of those third parties.

The Matrix protocol allows you to connect to homeservers operated by third parties. Those homeservers are governed by their own privacy policies.

Google's use of data is governed by the Google Privacy Policy (https://policies.google.com/privacy).

📝 Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where appropriate, notify you via an in-app notice.

Your continued use of Radar after any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

Contact Us

Questions, concerns, or data requests regarding this Privacy Policy:

Developer: DAL Technology
App: Radar (uk.co.daltechnology.radar)

support@daltechnology.co.uk