Privacy Policy

Last updated: 2026

Our Privacy Principles

Noghteha is designed with privacy at its core. We don't collect any personal data from you, and all messages are end-to-end encrypted.

No Server - Fully Decentralized

Noghteha has no server. No central server, no backup server, no message storage server. None.

  • Messages travel directly between devices via Bluetooth and WiFi Aware
  • No data is ever sent to our servers — because we don't have any
  • Even if we wanted to, we cannot access your messages
  • When internet is available, only decentralized Tor and Nostr networks are used

Data We Don't Collect

  • Phone numbers or email addresses
  • Real names or identity information
  • Message contents (end-to-end encrypted)
  • Precise location data (coordinates are converted to approximate geohash cells; optional place name resolution requires explicit opt-in)
  • Contact lists
  • Message metadata

How It Works

Cryptographic Identity: Your identity in Noghteha is a cryptographic key pair, not a phone number. These keys are generated and stored on your device using hardware-backed Android Keystore with StrongBox support.

End-to-End Encryption: All private messages are encrypted using the Noise Protocol XX with ChaCha20-Poly1305 and 256-bit keys. Channel messages use Argon2id-derived keys with AES-256-GCM encryption. Only you and the intended recipients can read the messages.

Decentralized Network: Messages travel through the mesh network between devices via Bluetooth LE and WiFi Aware. When online, messages can optionally route through decentralized Tor and Nostr networks. There is no central server that can store or view messages.

Local Encrypted Storage: Messages are stored only on your device in an encrypted database (SQLCipher AES-256). Messages are automatically cleaned up after 30 days. No message data is ever sent to or stored on any server.

App Permissions

Bluetooth: Required for communicating with nearby devices in the mesh network.

WiFi: Used for WiFi Aware peer-to-peer communication when supported by the device. This provides faster transfers at approximately 50 meter range.

Location (Optional): Only used for location-based channels. Your location is converted to approximate geohash grid cells for channel discovery. If you enable the optional place name feature, coordinates may be sent to your device's geocoding provider to display readable location names. This feature is disabled by default and requires explicit opt-in.

Storage: Required to store encryption keys and shared files.

Internet (Optional): For connecting to Nostr or Tor networks when available.

Panic Mode

When you activate Panic Mode, all app data including encryption keys, messages, files, and settings are immediately and completely deleted using 3-pass secure deletion (random data, zeros, random data). This operation is irreversible and ensures data is unrecoverable even with forensic tools.

Tracking Resistance

Noghteha includes multiple features to prevent tracking:

  • BLE address rotation with per-device timing jitter to prevent correlation
  • Three-level stealth mode for reduced Bluetooth visibility
  • Rotating device identifiers
  • No analytics, telemetry, or crash reporting

Independent Security Audit

This software has been independently audited by 7ASecurity, an ISO 27001 and SOC 2 certified security firm. The audit included a whitebox source code review of the Android application and a comprehensive privacy assessment. No critical vulnerabilities were found, and all identified issues have been addressed.

Audit conducted on v1.0.34, fixes verified in v1.0.35. Subsequent versions may contain changes not covered by this audit. Learn more

Contact Us

For privacy-related questions, you can contact us through our Google Play page.