← Back to home

Last Updated: March 1, 2026

Privacy Policy

Flash Protest is committed to data minimization and transparency. This policy explains what we collect, what we refuse to collect, and how we protect the limited data we hold.

Our Privacy Philosophy

Flash Protest is built to collect as little information as possible. Our systems are designed so we cannot access your private communications even if compelled to do so.

Nonprofit Status and No Sale/Share

Flash Protest is operated by a nonprofit organization. We do not sell personal information and do not share personal information for cross-context behavioral advertising.

Information We Collect

Account information

  • Device tokens for push notifications (FCM for Android, APNs for iOS).
  • Public cryptographic keys for end-to-end encryption (P-256).
  • OAuth tokens you explicitly provide for streaming (stored client-side; YouTube/Facebook limited to pre-approved admins).

Location data

  • Hosts share precise coordinates; city/state are shown publicly.
  • Viewers can opt into notifications with precise coordinates or a ZIP code.
  • Notification radius preferences (default ~20 miles, configurable).

Location data is stored to power notifications and discovery, and can be cleared at any time.

Stream metadata

Stream URLs, protest categories, and aggregated viewer counts per stream.

Voluntary support and safety contact information

If you contact us for support, appeals, or safety reports, we may process the contact information you provide (for example, email address or phone number) to respond and resolve the request.

Phone verification

We do not store raw phone numbers on our servers. We store a one-way cryptographic hash used only to check whether a phone number is already registered and to help prevent unauthorized account access. Raw phone numbers are not directly recoverable from that hash.

Information We Do Not Collect

Data TypeCollected?Reason
Chat message contentNoEnd-to-end encrypted; we cannot read it.
Real names / emails / raw phone numbers for account creationNoNot required to create or use the app; support/safety contact may be provided voluntarily. Verification uses one-way hashes instead of storing raw phone numbers.
Location historyNoOnly the latest location is stored if the user grants location permission or provides a ZIP code for approximate notification location.
IP addressesLimitedBy default, IP addresses are not collected. Only if we suspect attacks against our servers will related IP addresses be collected.
Chat participation history / social graphsNoEphemeral identities prevent tracking.

End-to-End Encryption

  • Chat messages are encrypted on your device with AES-256-GCM before transmission.
  • At room start, the host generates a meeting key and delivers it to each approved participant using that participant's public key after a proof-of-possession signing challenge.
  • Our servers relay encrypted ciphertext and enforce safety controls (for example, bans, rate limits, and signature checks), but do not receive the raw meeting key needed to decrypt message content.
  • As designed, message content remains unreadable to the server because decryption happens on user devices.

Ephemeral Identities

Every chat room assigns a deterministic pseudonym (e.g., "ThunderingStallion42") scoped to that room. You get consistency without exposing identity; reputation follows the device UUID.

Third-Party Services

  • YouTube, Twitch, Facebook Live: Used for streaming; subject to their policies. OAuth tokens remain on your device.
  • Firebase Cloud Messaging / Apple Push Notification Service: Used for push notifications; we store the device token required to deliver alerts.
  • Embedded video providers: When you open stream pages (for example, channel pages with embedded Twitch video), those providers may place cookies or collect usage/device data under their own privacy policies.

Data Retention

  • Device tokens: retained until you uninstall or revoke permissions.
  • Public keys: retained until you rotate keys or delete your account.
  • Stream metadata: retained for 30 days after a stream ends.
  • Chat messages: never retained (E2E encrypted).
  • Optional location data: stored until you clear or update it.
  • CSAM/CSAE reports: stream URLs and associated metadata for reported chat rooms are preserved as required for legal compliance and cooperation with law enforcement.

Child Safety Reporting

When a chat room is reported for child sexual abuse material (CSAM) or child sexual abuse and exploitation (CSAE), we retain the associated stream URL and relevant metadata to comply with legal obligations and facilitate cooperation with the National Center for Missing & Exploited Children (NCMEC) and law enforcement authorities. This data is stored securely and accessed only for safety and legal compliance purposes. For more details, see our Child Safety Standards.

Your Rights

  1. Request access to the data we store about you.
  2. Request deletion of that data.
  3. Opt out of optional location services or notifications at any time.

Access these controls inside the app under “Privacy and User Data.”

Data Security

  • All traffic rides over TLS 1.3 plus a device-specific AES-256-GCM channel.
  • Secrets are managed with HashiCorp Vault; production runs in European data centers.
  • We rely on per-UUID rate limits, cooldowns, and reputation gates to curb abuse.
  • The entire codebase is open source for community audit.

Children’s Privacy

Flash Protest is not intended for users under 18, and we do not knowingly collect data from minors.

International Users

Flash Protest is designed primarily for users in the United States. To support privacy goals, our infrastructure is hosted in Europe. For EU/EEA users (including those using F-Droid or source builds), data is stored in Europe and may be accessed from the U.S. only when needed for support or legal compliance. Where applicable, we rely on legitimate interests and strict data minimization.

Website

Core website pages (home, policy, and informational pages) do not use first-party tracking cookies. Pages with embedded third-party video players may load provider cookies and related tracking governed by those providers' policies.

Changes to This Policy

We notify users of material changes in-app and update this page with the new “Last Updated” date.

Contact

Email contact@flashprotest.live or visit Codeberg to review the source code.

Open Source Transparency

Flash Protest is Apache 2.0 licensed. Audit the repository at Codeberg to verify how data is handled.