Privacy Policy
Last updated: May 13, 2026
1. Introduction
Welcome to Kacti ("we," "our," or "us"). Kacti is a local-first social mesh networking app. We designed it to minimize how much of your data ever leaves your device. This Privacy Policy explains what data exists, where it lives, and what control you have over it.
2. Information We Collect
Kacti is built on a local-first architecture — most of your data stays on your device and is never sent to our servers.
Stored locally on your device (Hive database):
- Profile info (display name, avatar, bio)
- Messages and conversations
- App settings and preferences
- Cached avatars and map data
- Your precise GPS coordinates (used in real time to render the radar; not stored beyond the active session)
Transmitted via Nostr relays (public, decentralized infrastructure we do not control):
- Messages you send to other users
- Your broadcast profile when you "Go Live"
- Coarse, rounded location (≈11 km grid) for the Oasis map and aggregated analytics
Stored on our server (Firebase/Firestore):
- Push notification token (so we can deliver notifications to your device)
We do not maintain user accounts, email addresses, or a central user database. We do not store your precise location on any server.
3. Location Data
Kacti accesses your device location to power the radar map and to anchor user-placed pins, beacons, announcements, and event overlays near you.
What we access (Android permissions):
ACCESS_FINE_LOCATION— precise GPS coordinates (used for the radar, distance estimates, and anchoring pins).ACCESS_COARSE_LOCATION— network/WiFi-based approximate location (fallback when GPS is unavailable).
What we do NOT access:
- We do not request
ACCESS_BACKGROUND_LOCATION. Kacti does not collect, use, or transmit your location while the app is in the background or closed. - We do not track your location history.
- We do not use location for advertising, profiling, or sale to third parties.
When we access your location:
- Only while the Kacti app is open and visible (foreground use only).
- Only after you grant the system location permission.
- Only when you actively use a feature that needs it (radar map, dropping a pin, sharing live presence, fetching nearby announcements).
How we use your location:
- Render your position and nearby Bluetooth-mesh peers on the radar map.
- Compute distances to nearby user pins, event overlays, and announcement geofences.
- Anchor pins, beacons, and dropped messages you create at your current GPS coordinates.
- Filter announcements and event overlays to those geographically relevant to you.
How we transmit / store your location:
- Your precise GPS coordinates stay on your device and are sent only to recipients of pins, beacons, or messages you explicitly create at that location.
- For the public Oasis map and aggregated analytics, your coordinates are first rounded to a ≈11 km grid (one decimal place of latitude/longitude) before being published to public Nostr relays. This coarse grid cannot identify a street, neighborhood, or building.
- We do not write your precise location to our Firebase servers.
How to revoke location access:
- Android: Settings → Apps → Kacti → Permissions → Location → Don't allow.
- iOS: Settings → Privacy & Security → Location Services → Kacti → Never.
Revoking location will disable the radar map and prevent you from dropping geo-anchored pins, but the rest of the app continues to work.
4. How We Use Your Information
- Your profile data is used to display you to nearby users on the Oasis.
- Your push notification token is used solely to deliver message notifications to your device.
- Approximate location is used for the Oasis map and Spike placement (with your permission).
- We publish anonymized, aggregated usage stats (message counts, approximate location) to Nostr relays for our admin dashboard. These contain your profile ID but no personal information like your real name or contacts.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
5. Encryption
Direct messages between two users are encrypted end-to-end using X25519 key exchange and AES-256-GCM authenticated encryption. Only you and the recipient can read DM content — we cannot decrypt it, and neither can the Nostr relays that carry the messages.
Your encryption keys are stored in your device's secure enclave (iOS Keychain / Android Keystore).
Limitations: Community broadcasts and Oasis presence data are not end-to-end encrypted, as they are intended to be visible to nearby users. Messages stored on your device (in the local Hive database) are not encrypted at rest — your device's own lock screen is the primary protection for local data.
6. Data Security
Because Kacti is local-first, your primary line of defense is your own device security (passcode, Face ID, etc.). Here is what we do:
- DMs are encrypted in transit with AES-256-GCM (cannot be read by relays or us).
- Cryptographic keys are stored in your device's secure enclave.
- Push notification tokens are stored in Firebase Firestore with standard Firebase security rules.
- We do not operate a central user database — there is no single server holding all user data.
7. Third-Party Services
- Firebase (Google) — Website hosting and push notification token storage (Firestore). We do not use Firebase Analytics or any Google analytics SDK. See Google's privacy policy at policies.google.com/privacy.
- Nostr relays (relay.damus.io, relay.snort.social, nos.lol, relay.primal.net) — Decentralized message delivery and presence broadcasting. Public relays we do not own or control. Data published to Nostr relays may be publicly visible.
- Apple Push Notification Service (APNs) / Firebase Cloud Messaging (FCM) — Push notification delivery for iOS and Android.
- Deezer API — Music search and 30-second preview playback for Spikes.
- Overpass API (OpenStreetMap) — Building footprint data for the Oasis map.
We do not use Google Cloud AR services, Google Analytics, or any third-party advertising or tracking SDKs.
8. Your Rights & Data Deletion
You control most of your data directly:
- Delete all local data: Open the app → Settings → "Erase All Content." This permanently deletes your profile, messages, conversations, and settings from your device.
- Uninstalling the app removes all Hive database data from your device.
Limitations on deletion:
- Messages and broadcasts already sent via Nostr relays cannot be recalled or deleted. Nostr is a decentralized protocol where published events are immutable by design.
- Your push notification token in our Firestore database will be cleared if you contact us at privacy@kacti.io.
- Cryptographic keys stored in your device's Keychain persist even after app uninstall (this is an iOS/Android security feature). You can clear these by resetting your device's keychain.
If you have questions about your data, contact us at privacy@kacti.io and we will do our best to help within the limits of our decentralized architecture.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of any material changes by updating the "Last updated" date above.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@kacti.io.