Waves — Dark Mesh Chat

Overview

Waves is a peer-to-peer mesh messenger that works without internet. Your privacy is our core principle. We collect as little data as possible.

What We Do NOT Collect

No accounts — no email, no phone number, no registration
No message content on servers — messages travel directly between devices
No user profiles on servers — your name and avatar stay on your device
No contacts uploaded — your friend list is stored locally only
No advertising — no ads, no ad networks, no ad identifiers
No browsing history — no web views, no cookies

How Messaging Works

Messages are sent directly between devices via Bluetooth and Wi-Fi Direct using Apple's MultipeerConnectivity framework. Messages never pass through our servers.

All direct messages are end-to-end encrypted using Curve25519 key exchange and ChaChaPoly symmetric encryption (via Apple CryptoKit). Only the sender and recipient can read messages.

Messages may relay through intermediate devices to extend range — relay devices cannot read encrypted content.

Broadcast messages (General chat) are not encrypted — they are intended for everyone nearby.

Nostr Bridge

When nearby devices are not available, direct messages can be routed through Nostr relay servers — a decentralized open protocol. Messages are end-to-end encrypted before leaving your device. Relay servers cannot read message content.

Relay servers may see: your Nostr public key, recipient's Nostr public key, the encrypted message blob, a timestamp, and your IP address.

We use public Nostr relays (relay.damus.io, nos.lol, relay.nostr.band). We do not operate these servers and have no control over them.

This feature is completely disabled when Offline Only mode is enabled.

What We Store Locally on Your Device

Your display name and avatar (UserDefaults)
Device ID — a random UUID stored in iOS Keychain (persists across reinstalls)
E2E encryption keys — Curve25519 private key in iOS Keychain, peer public keys in app files
Nostr keys — secp256k1 keypair in iOS Keychain
Contacts/friends list (UserDefaults)
Chat messages — stored temporarily, auto-deleted based on your TTL setting
Voice messages and photos — stored as temporary files, auto-deleted with messages
App settings (notifications, TTL, max hops, privacy preferences)

All local data is deleted when you uninstall the app (except Keychain items which persist for identity continuity).

What We Store in the Cloud

Waves uses Firebase Firestore (Google) for:

Location Groups — group name, GPS coordinates, radius, password hash, creation date
Dead Drops — message text, GPS coordinates, sender display name, creation date, expiry date
Reports — reporter device ID, reported device ID, reported display name, reason, timestamp

We do NOT store: who created or joined groups, real names, email addresses, phone numbers, device identifiers (except in reports), message content from chats, or any personal information.

All cloud features are completely disabled when Offline Only mode is enabled.

Analytics

Waves uses Firebase Analytics to understand how features are used (e.g., number of messages sent, features opened). No message content is ever collected.

Firebase Analytics may collect: app events, app version, device model, OS version, country (from IP), and anonymized usage patterns.

Analytics is completely disabled when Offline Only mode is enabled. You can enable Offline Only mode in Settings → Privacy & Security.

Offline Only Mode

When enabled, ALL internet features are disabled: no Firebase Analytics, no Firestore (groups, dead drops, reports), no Nostr relay bridge. The app works exclusively via Bluetooth and Wi-Fi Direct mesh. Zero data leaves your device.

Encryption

E2E Messaging: Curve25519 ECDH key exchange + ChaChaPoly symmetric encryption (Apple CryptoKit)
Nostr Signing: secp256k1 Schnorr signatures (BIP-340 standard)
Key Storage: Private keys stored in iOS Keychain with kSecAttrAccessibleAfterFirstUnlock
Key Exchange: Public keys exchanged via mesh (peerInfo) or QR code scan

Permissions

Bluetooth — Required: discover and connect with nearby devices
Local Network — Required: Wi-Fi Direct mesh communication
Microphone — Optional: voice messages and Mesh Radio
Location — Optional: location groups, Dead Drops, location sharing
Camera — Optional: QR code scanning for adding contacts
Photos — Optional: sending photo messages
Face ID — Optional: App Lock feature
Speech Recognition — Optional: voice-to-text transcription
Nearby Interaction (UWB) — Optional: AR Radar distance measurement (iPhone 11+)

Third-Party Services

Firebase Firestore (Google) — Location group pins, Dead Drops, user reports. No message content.
Firebase Analytics (Google) — Anonymous usage statistics. No message content.
Nostr Relay Servers — Decentralized message relay. Only encrypted blobs transmitted.
secp256k1.swift (GigaBitcoin) — Open-source cryptographic library, runs locally on device.

We do not use any advertising networks, data brokers, social media SDKs, or tracking services.

Content Moderation

Users can block any user from their profile. Users can report users via "Report & Block" — reports are sent to our moderation system (Firebase). Broadcast messages are filtered for spam. Content Guidelines are available within the app.

Age Restriction

Waves is rated 17+ due to unrestricted user-generated content. The app is not directed at children under 17.

Data Retention

Chat messages: auto-deleted based on TTL setting (15 min to 24 hours)
Dead Drops: auto-deleted after 24 hours
Location groups: persist until creator deletes them
Reports: retained for moderation purposes
Local data: deleted when app is uninstalled

Your Rights

Delete all data instantly using Emergency Wipe in Settings
Enable Offline Only mode to prevent any data from leaving your device
Block and report any user
Control message lifetime via TTL settings
Use Anonymous Mode to hide your identity in broadcasts

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.

Contact

Questions about this privacy policy?

Email: akidislab@gmail.com