PRIVACY POLICY

Open Arkiv ("Open Arkiv," "we," "us") is an open-source, censorship-resistant Bluetooth mesh data protocol. The app lets critical information move phone-to-phone during internet shutdowns and can create cryptographically verifiable evidence trails. We do not operate a central server that holds your messages or identity.

Open Arkiv is built privacy-first. By design, the app has no user accounts, no sign-in, no advertising, and no sale of data. Content is created and stored on your device and relays directly between devices over Bluetooth Low Energy (BLE). We cannot read your content, and in most configurations we never receive it.

The app offers two modes with different privacy properties, and you choose which to use for each piece of content:

• Signed Mode — for verifiable reporting. Content is cryptographically signed and includes GPS location and a timestamp so it can be authenticated later.
• Whistleblower Mode — anonymous and deniable. No signature and no identity are attached. Traffic is protected by the xx-network (cMixx) anonymity layer to resist metadata analysis.

The following stays on your device unless you choose to transmit or anchor it:

• Cryptographic keys / wallet. Generated locally and protected by your device passkey or fingerprint (Face ID / Touch ID). Keys never leave your device and are not transmitted to us.
• Your content and drafts. Reports, notes, and attachments you create are stored locally until you relay or anchor them.

When you use Signed Mode, the app attaches your precise GPS location and a timestamp to the signed record. This is essential to make the report verifiable — it proves where and when something was documented. Location is collected only at the moment you create a signed record, only with your action, and is never collected in Whistleblower Mode. We do not track your location in the background and do not build location profiles.

Open Arkiv can anchor a record to the Arkiv DB-Chain to create a permanent, tamper-evident evidence trail. When you choose to anchor a record, the relevant payload or its cryptographic fingerprint is written to a public, immutable ledger.

Anchoring is permanent and cannot be undone, edited, or deleted by us or anyone else. Consider carefully what you anchor — especially in Signed Mode, where location and signature are part of the record. If you require anonymity, use Whistleblower Mode.

The app uses Bluetooth to discover nearby devices and relay data through the mesh. Bluetooth is used only to move payloads between devices. The app does not use Bluetooth to identify you to advertisers or third parties.

To keep the app stable, we collect limited crash logs and diagnostic / usage data through a third-party diagnostics service. This may include device model, OS version, app version, and technical details about a crash or error. This data is used solely to find and fix bugs and improve reliability. It is not used to advertise to you and is not sold. Where the platform offers it, you can limit this sharing in your iOS settings (Settings → Privacy & Security → Analytics & Improvements).

Open Arkiv relies on the following independent technologies and services:

• xx-network (cMixx / xxDK) — provides the anonymity and metadata protection layer for transmitted traffic.
• Arkiv DB-Chain — the public ledger used for optional, user-initiated anchoring of evidence.
• Diagnostics provider — receives crash and diagnostic data as described above.

These services operate under their own terms and privacy practices. Data written to a public blockchain is, by nature, public and permanent.

• We do not require accounts, names, phone numbers, or email addresses to use the app.
• We do not sell, rent, or trade your data.
• We do not show ads or use third-party advertising trackers.
• We do not access the content you create in Whistleblower Mode.

Content and keys remain on your device until you delete them or uninstall the app. Anchored on-chain records are permanent and outside our control. Crash and diagnostic data is retained only as long as needed to diagnose and fix issues.

Open Arkiv is not directed to children. The app deals with sensitive reporting in high-risk environments and is intended for adults. We do not knowingly collect data from children.

Because most data is local and the app has no accounts, you stay in control: choose your mode per record, decide what (if anything) to anchor, manage Bluetooth and location permissions in iOS settings, and delete local data at any time. For questions about diagnostic data or this policy, contact us below.

We may update this policy as the app evolves. Material changes will be reflected by an updated effective date on this page.

Questions about privacy? Email openarkiv@crevn.xyz.