Privacy Policy

Effective date: March 20, 2026 · Last updated: April 28, 2026

Off The Grid Chat ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using Off The Grid Chat ("the Service"), you agree to this policy.

1. Information We Collect

We collect only what is necessary to operate the Service:

• Account data: Username, email address, and a salted SHA-256 hash of your password. We never store your password in plaintext. Your email address is stored encrypted at rest using authenticated symmetric encryption (AES-GCM); the encryption key is held as a Cloudflare secret separate from the database.
• Profile data: Gender (optional), interests (optional), chosen avatar, token balance, and DM privacy settings (whether you accept DMs, minimum token balance required to DM you).
• Messages: Chat messages you send in public rooms and direct messages you send to other users. Public room messages are retained on our servers only up to a per-room cap (default 200 most-recent messages; user-created room owners can set 100, 200, or 300). When a room exceeds its cap, the oldest messages are automatically deleted along with any attached media.
• Media files: Images you share in public rooms and images, short videos, and voice messages you share in direct messages. These are stored in Cloudflare R2 and deleted automatically based on where they were posted. See Section 3 for full retention details.
• Presence data: Your last active timestamp, updated approximately every 30 seconds while you are online.
• Token activity: A ledger of token transactions (earned, spent, gifted) associated with your account.
• Daily activity: The timestamp of your last daily reward claim and your current streak count, used to calculate token rewards.
• Friend and block lists: User IDs you have added as friends or blocked. Block records are one-way — the blocked user is not notified.
• Web-push subscription data: If you opt in to push notifications, we store the push endpoint URL, encryption keys (p256dh, auth), and your notification preferences (DMs, mentions). This data is used only to deliver push notifications you have asked to receive. You can revoke at any time from Settings.
• Moderation data: If you are subject to a moderation action (mute, ban, room ban), the reason and duration are recorded in a moderation log. If you submit a report, the report details — including your username, the reported user's username and email, the reason, room context, any recent retained message content from the room, and a salted one-way hash of your IP address — are stored in our reports table for safety and compliance purposes.
• Session data: An HttpOnly session cookie (otgc_session) used to authenticate your requests. This cookie has a maximum lifetime of 1 year.
• Local device storage: Non-sensitive UI preferences (saved rooms, avatar selection, owned avatars) are stored in your browser's localStorage. This data never leaves your device and is not transmitted to our servers.
• IP address: Your IP address may be captured by Cloudflare's infrastructure as part of normal request processing. When you submit a report, a salted one-way SHA-256 hash of your IP address is stored in the report record for abuse-pattern investigation. We do not store your IP in plain text in our database. Hashes cannot be reversed to recover the original IP without brute-force guessing against a secret salt known only to our server.

2. How We Use Your Information

• To operate, maintain, and improve the Service.
• To authenticate your account and maintain your session.
• To deliver messages and media to recipients and display chat history.
• To enforce our Terms of Service and Community Guidelines.
• To send transactional emails (e.g., password resets, moderation notices) via Resend.
• To investigate reports of violations and take appropriate moderation action.
• To comply with applicable law, including mandatory reporting obligations under 18 U.S.C. § 2258A.

We do not use your data for advertising, and we do not sell your data to any third party — ever.

3. Message and Media Retention

Public room messages are retained on our servers up to a per-room cap. Static rooms (such as #global, #feedback, etc.) keep the 200 most-recent messages. User-created rooms keep up to 100, 200, or 300 messages depending on the owner's setting (default 200). When a room exceeds its cap, the oldest messages are automatically deleted on the server. This deletion runs server-side and cannot be recovered.

Direct messages are retained until you or the other party deletes the conversation.

Media files (images, videos, voice messages) are stored in Cloudflare R2 with retention matching where they were posted:

• Public-room media (images, videos, voice messages posted in rooms) is retained as long as the message it belongs to remains in the room. When a message is removed because the room exceeded its cap, its media is deleted automatically.
• DM media expires after 24 hours.

Media file URLs are non-guessable and include a unique random identifier. However, media URLs are unauthenticated — anyone you share a URL with outside the app can view that file until it expires. If you share a media link outside the app, you extend access to that file to whoever receives the link for the duration of its lifetime.

Moderation and report records are retained indefinitely to maintain a safety and accountability log. You may request deletion of records pertaining to you by contacting us at legal@offthegridchat.app, subject to our legal obligations.

4. Data Storage and Security

Your data is stored across the following systems, all transmitting data over HTTPS:

• Supabase — user accounts, messages, DMs, tokens, moderation records, and reports
• Cloudflare R2 — user-uploaded media files (images and videos)
• Cloudflare Workers — server-side API logic and request processing

Passwords are stored as salted SHA-256 hashes — never in plaintext. Email addresses are stored encrypted at rest using AES-GCM authenticated encryption; the encryption key is managed as a Cloudflare secret and is never written to the database. Session cookies are set with HttpOnly, Secure, and SameSite=None flags. Session tokens are signed with a dedicated secret key stored as an encrypted environment variable, separate from any third-party API credentials.

All third-party API keys are stored as encrypted Cloudflare Secrets and are never exposed in application source code.

While we implement reasonable security measures, no system is completely secure. You are responsible for keeping your account credentials confidential.

5. Third-Party Services

We use the following third-party services to operate the platform. Each processes data only as necessary to provide their service to us:

• Supabase — database storage (Privacy Policy)
• Cloudflare — hosting, CDN, Worker compute, and R2 media object storage (Privacy Policy)
• Resend — transactional email delivery (Privacy Policy)
• Leonardo.ai — AI image generation used to create avatar artwork prior to launch (Privacy Policy). Avatar images are static assets — no user data is sent to Leonardo.ai during normal use of the Service.
• MyMemory (Translated S.r.l.) — translation service used only when you explicitly request a translation by tapping the Translate button on a specific message (Service Information). We may use other translation providers in the future, in which case this policy will be updated to name the new provider.

What we don't do. We do not passively analyze your conversations. We do not use AI or machine-learning services to scan, summarize, profile, or otherwise process your messages without your explicit per-message request. Public room messages are automatically screened against a fixed server-side word list maintained by us to block slurs, threats, and similar content that violates our Community Guidelines — this screening runs only on our own Cloudflare Worker and does not send message content to any third party.

User-initiated translation. When you tap the Translate button on a specific message, the text of that message is transmitted to an external translation service (currently MyMemory) so the translation can be performed. We send only the message you select; no other conversation context, surrounding messages, or account information is included. The translation service may use the message text to perform the translation in accordance with their own privacy policy. We do not retain translated content beyond delivering the result back to you in your current session, and we do not transmit messages for translation without your explicit request. If you do not tap Translate, no message is ever sent to a translation service.

Other than the explicit user-initiated translation flow described above, we do not share your data with any third parties beyond the infrastructure providers listed.

6. Moderation Data and Safety Reporting

When you submit a report about another user, the following information is collected and stored in our reports table:

• Your username and user ID
• The reported user's username, user ID, and email address on file
• The reason for the report
• The room or context in which the reported activity occurred
• Any retained message content from the reported user that is still in the room at the time of the report
• A salted one-way SHA-256 hash of your IP address (the plain-text IP is not stored in our database)

The IP hash lets moderators detect patterns like repeated reports from the same source without exposing the underlying IP. The salt used to produce the hash is stored as a Cloudflare secret and is never written to the database. A breach of the database would not directly expose user IPs.

This information is used solely for moderation and safety purposes and is reviewed by OTGC-Mods and the platform owner. Where required by federal law (18 U.S.C. § 2258A), apparent child sexual abuse material (CSAM) will be reported to the NCMEC CyberTipline along with all available account information. For CSAM reports, plain-text IP information may be captured separately at the time of reporting to satisfy NCMEC's reporting requirements; this information is kept outside the primary reports table.

All moderation actions (mutes, bans, room bans, appeals) are recorded in a moderation log with the acting moderator, target user, reason, and timestamp. This log is retained for accountability purposes.

7. Age Requirement

The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe another user may be underage, tap their username in chat and select "Report underage user", or contact us at legal@offthegridchat.app. We will promptly review and remove confirmed underage accounts and all associated data.

8. Your Rights

You have the following rights regarding your personal data:

• Access: You can view your account data in Settings at any time.
• Correction: You can update your username, email, password, avatar, gender, and interests in Settings.
• Deletion: You can permanently delete your account and all associated data from Settings. This removes your account, messages, tokens, DMs, and media files. Moderation and report records may be retained subject to our legal obligations.
• Portability: To request a copy of your data, contact us at legal@offthegridchat.app.
• Local data: Browser localStorage data can be cleared at any time through your browser settings.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information, so the opt-out right does not apply. For any CCPA requests, contact us at the email below.

9. Cookies and Local Storage

We use a single session cookie (otgc_session) strictly necessary for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies. No third-party cookies are set by our Service.

We use your browser's localStorage to store non-sensitive UI preferences (saved rooms, avatar selection, owned avatars). This data is stored only on your device and is never transmitted to our servers or any third party.

10. What We Do Not Collect

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy at this URL with a revised effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact

For any privacy-related questions or requests, contact us at:
legal@offthegridchat.app