DAL Technology · Radar
Privacy Policy
How we collect, use, and protect your information when you use the Radar Android application.
Last updated: 24 April 2026📋 Overview
This Privacy Policy explains how DAL Technology ("we", "our", or "us") collects, uses, stores, and shares information when you use the Radar Android application.
By installing or using Radar you agree to the practices described in this policy. If you do not agree, please uninstall the app and do not use it.
Radar is a peer-to-peer mesh communication tool. Some data is temporarily stored on our server strictly to enable peer discovery and message relay — this is explained in full below. We do not sell, profile, or advertise using your data.
📦 Information We Collect
The following categories of data are collected or accessed, depending on the features you use and the permissions you grant.
Data you provide directly
| Data type | Examples | Where stored | Why needed |
|---|---|---|---|
| Profile nickname | Optional display name you choose | Device + server (current value only) | Shown to nearby Radar peers |
| Gender | Optional — male / female / not specified | Device + server (current value only) | Shown to nearby peers as part of your profile |
| Profile photo | Image chosen from gallery or camera | Device only — transferred peer-to-peer | Shown on your contact card to nearby peers |
| Chat messages (unencrypted path) | Text, images, video, audio clips, files | Device; temporarily on relay server (≤ 7 days) | Delivered to recipient via server relay when no direct path available |
| Chat messages (sealed-sender path) | End-to-end encrypted ciphertext | Device; temporarily on relay server — content unreadable to us | Encrypted delivery via server relay when no direct path available |
| Emergency contacts | Names and phone numbers added manually | Device only | Quick-dial contacts for the Emergency / SOS screen |
| In-app support message | Problem description; optional reply-to email | Server (retained for support resolution) | Enable us to respond to support requests |
Data collected automatically
| Data type | Examples | Where stored | Why needed |
|---|---|---|---|
| Current GPS location | Latitude, longitude, altitude | Device; current position only on server (overwritten each update — no history) | Power radar view; share position with nearby peers; enable peer discovery |
| Device UUID | Randomly generated GUID created on first launch | Device + server (linked to current location row) | Pseudonymous device identifier for peer routing; contains no personal information |
| IP address | IPv4 / IPv6 at time of server contact | Server (current value, overwritten each update) | Network routing for direct peer communication |
| Device technical info | Manufacturer, model, Android version, SDK | Server (stored when push notifications registered) | Diagnostic support and compatibility checks |
| App version | e.g. 0.9.1 | Server | Compatibility checks and support |
| FCM push token | Firebase Cloud Messaging registration token | Server | Deliver a wake-up notification when a new message is waiting |
| Matrix guest credentials | Server-generated username and password derived from UUID | Server + device | Auto-created Matrix account for in-app support chat. Not linked to any personal Matrix account. |
Data accessed with your permission
| Permission | Data accessed | Storage | Why needed |
|---|---|---|---|
| Contacts | Names, phone numbers, emails from address book | Device only | Merge Android contacts with Radar peers in unified contact list |
| SMS / MMS | Message content, sender numbers, timestamps | Device only | Display and send SMS/MMS from within the app (optional feature) |
| Camera | Photos and video captured in-app | Device only | Attach media to messages or set a profile photo |
| Microphone | Audio recordings you initiate | Device only | Record audio clips to attach to messages |
| Media / Storage | Images and files you choose to share | Device only | Attach files and images to messages |
🗄️ What Our Server Stores — In Detail
Radar operates an Oracle-based backend server that enables peer discovery and message relay. The following explains precisely what is stored, how long it is kept, and what we can and cannot see.
Peer location record
- One row per device UUID — no history, just the current position.
- Stores: UUID (pseudonymous), current GPS coordinates, optional nickname, optional gender, IP address, port, app version, FCM token, device model/OS.
- No email address or phone number is stored — deliberate privacy design decision.
- Record is overwritten on every location update; previous locations are not retained.
- Soft-deleted when device identity is reset; hard-deleted on the next nightly cleanup job.
Relayed messages
- Messages sent via server relay are stored temporarily until the recipient collects them.
- Maximum retention: 7 days. Soft-deleted on recipient acknowledgement or TTL expiry; hard-deleted by the nightly job.
- Unencrypted relay messages: the server stores the full message JSON. We can technically read the payload. We do not do so except for operational support or legal obligations.
- Encrypted (sealed-sender) messages: ciphertext stored opaquely. We cannot decrypt or read message content. Cipher: X25519 / XChaCha20-Poly1305.
- The sender's UUID is stored in the outer message envelope (used for authentication / anti-spam). It is pseudonymous and not linked to any real-world identity.
- Push notification payload for sealed messages contains only a minimal wake-up signal ('message_pending') — no message content, no sender identity.
API request log
- Every API call is logged with: client IP address, sender UUID, action type, request timestamp, and the full request/response JSON.
- Used for debugging, security monitoring, and operational support.
- Log tables are partitioned by date and rotated by the nightly job.
Nonces
- Single-use cryptographic nonces stored for up to 5 minutes to prevent replay attacks.
- No personal data is contained in nonces.
Support records
- Stores: sender UUID, support category, message text, optional reply-to email you provide.
- Retained until the support request is resolved.
⚙️ How We Use Your Information
We use the information described above only for the following purposes:
We do not sell your data, use it for advertising, share it with data brokers, or process it for any purpose beyond those listed below.
- To power the core peer discovery, messaging, and mapping features of Radar.
- To display your pseudonymous profile (nickname and gender) to nearby Radar peers.
- To relay messages between you and other Radar users when no direct wireless path is available.
- To send a minimal push notification to your device when a relayed message is waiting.
- To render maps and location features via Google Maps SDK and Google Play Services Location.
- To maintain the local encrypted database of your messages, contacts, and settings.
- To provide emergency features including GPS display, SOS signalling, and nearby-services lookup.
- To respond to in-app support requests you submit.
- To detect and prevent abuse, replay attacks, and unauthorised access to the API.
🤝 How We Share Your Information
Radar is designed to minimise data sharing. Information is shared only in the following limited circumstances.
Third-party services used by the app
| Service | Provider | Data shared | Purpose |
|---|---|---|---|
| Google Maps SDK | Google LLC | Map tile requests, device location | Render the interactive peer and POI map |
| Firebase Cloud Messaging | Google LLC | FCM push token, minimal wake-up payload | Deliver background push notifications |
| Google Play Services Location | Google LLC | Device GPS coordinates | Obtain precise and fused location data |
| ML Kit (on-device) | Google LLC | Message text — processed on-device only, not sent to Google servers | On-device translation of received messages |
| OpenSky Network (Premium) | OpenSky Network | Bounding-box coordinates | Live aircraft position data for map overlay |
| Overpass API / OpenStreetMap | OpenStreetMap Foundation | Bounding-box coordinates | Points of interest (hospitals, pharmacies, etc.) |
| Google Places API (Premium) | Google LLC | Bounding-box coordinates | Emergency service POI (hospitals, police, pharmacy) |
| HERE Maps API (Premium) | HERE Global B.V. | Bounding-box coordinates | Points of interest and emergency contact data |
| WiGLE (Premium) | WiGLE.net | Bounding-box coordinates | Historical Wi-Fi network data overlay |
| Matrix homeserver (optional) | Server you configure, or our built-in support server | Messages, media, room membership | Federated group chat via the Matrix protocol |
With other Radar users
- Your current location and pseudonymous profile (nickname, gender) are shared with nearby Radar peers via our server or direct wireless link.
- No email address or phone number is ever sent to other users.
- You control what profile information you provide — all profile fields except UUID are optional.
Legal requirements
- We may disclose information if required by law, court order, or governmental authority.
- We may also disclose information where necessary to protect our legal rights or the safety of any person.
⏱️ Data Retention & Deletion
| Data | Retention period | How deleted |
|---|---|---|
| Current location + profile | Until you reset your device identity, or until inactive cleanup | Soft-deleted then hard-deleted by the nightly scheduled job |
| Relayed messages | Maximum 7 days; earlier if all recipients acknowledge receipt | Auto soft-deleted on acknowledgement or TTL expiry; hard-deleted by the nightly job |
| FCM token / device info | Until you reset your device identity | Cleared when identity is reset; nightly cleanup |
| Matrix guest credentials | Until you reset your device identity | Cleared when identity is reset |
| API request log | Partitioned by date and rotated on a schedule | Automatically rotated by a nightly maintenance process |
| Support messages | Until support request is resolved | Deleted manually or on request |
| On-device data | Until you delete in-app or uninstall | Clear chat, delete contact, or uninstall the app |
🔒 Security
No method of electronic storage or transmission is 100% secure. While we use industry-standard measures, we cannot guarantee absolute security.
On-device security
- The local message and contact database is encrypted at rest using SQLCipher.
- Optional biometric lock (fingerprint / face authentication) before the app opens.
- Device UUID and cryptographic keys can be wiped and regenerated at any time via Settings → Device Identity Reset.
In-transit security
- All communication with the relay server uses HTTPS (TLS).
- API requests are authenticated with a pre-shared API key, a per-request timestamp, and a one-time-use nonce to prevent replay attacks.
- End-to-end encrypted messages use X25519 key exchange and XChaCha20-Poly1305 authenticated encryption — the server stores only the opaque ciphertext.
- The sealed-sender design means the server cannot determine the real-world identity of message participants from the encrypted payload alone.
Server-side security
- The relay server is an Oracle APEX / ORDS deployment.
- Requests older than 60 seconds are rejected (anti-replay).
- Single-use nonces prevent exact request replay.
🔑 Android Permissions Explained
Every Android permission declared in the app manifest is listed below with the reason it is needed.
| Permission | Status | Reason |
|---|---|---|
| ACCESS_FINE_LOCATION | Required | Core radar, map, and peer-discovery features |
| ACCESS_COARSE_LOCATION | Required | Fallback location for device discovery |
| ACCESS_BACKGROUND_LOCATION | Required | Keep mesh and position updates active while app is in background |
| BLUETOOTH_SCAN | Required | Discover nearby Radar peers over Bluetooth LE |
| BLUETOOTH_CONNECT | Required | Connect to discovered Bluetooth LE peers |
| BLUETOOTH_ADVERTISE | Required | Make your device discoverable to other Radar peers |
| NEARBY_WIFI_DEVICES | Required | Wi-Fi Aware peer discovery (Android 13+) |
| ACCESS_WIFI_STATE / CHANGE_WIFI_STATE | Required | Read and configure Wi-Fi for peer discovery |
| CHANGE_WIFI_MULTICAST_STATE | Required | Enable multicast for local network peer discovery |
| CHANGE_NETWORK_STATE | Required | Manage network connections for the relay feature |
| INTERNET | Required | Web relay, Google Maps, Firebase push notifications |
| FOREGROUND_SERVICE / FOREGROUND_SERVICE_LOCATION | Required | Run background location service with visible notification |
| POST_NOTIFICATIONS | Required | Show incoming message and service notifications (Android 13+) |
| RECEIVE_BOOT_COMPLETED | Required | Auto-restart background service after device reboot |
| WAKE_LOCK | Required | Prevent CPU sleep during active message delivery |
| VIBRATE | Required | Haptic feedback for messages and distress alerts |
| READ_CONTACTS / WRITE_CONTACTS | Optional | Merge Android address book with Radar peers; save peers as contacts |
| READ_SMS / RECEIVE_SMS / SEND_SMS | Optional | SMS integration — read, receive, and send SMS from within the app |
| RECEIVE_MMS / READ_MMS | Optional | MMS integration — display received MMS messages |
| CAMERA | Optional | Take photos for profile or message attachments |
| READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE | Optional | Select images and files to attach to messages |
| RECORD_AUDIO | Optional | Record audio clips to attach to messages |
| WRITE_EXTERNAL_STORAGE | Optional (Android ≤9) | Save attachments on older Android versions |
📍 Location Data — Special Notice
Radar uses both foreground and background location. This is fundamental to the app's purpose: discovering nearby peers and keeping your position updated on the shared map even when the screen is off.
Background location access is required to maintain mesh connectivity and update your position for nearby contacts when the app is minimised. If you revoke background location permission, position updates will only occur while the app is actively open.
- Your current location is sent to our relay server and stored in one record per device (no history — each update overwrites the previous position).
- Location is shared with other Radar peers who query for nearby devices within your configured discovery range.
- Location is not used for advertising or profiling.
- You can disable location sharing at any time via the app's Privacy Settings or by revoking the location permission in Android Settings.
- A persistent foreground service notification is shown whenever background location is active, in compliance with Android requirements.
📱 SMS & MMS Integration
Radar can optionally act as an SMS/MMS client. This feature is entirely optional and off by default.
Google Play note: SMS and Call Log permissions are sensitive. Radar requests SMS permissions solely to provide the optional unified SMS/MMS inbox. SMS content is never uploaded to our servers.
- The app reads your SMS inbox from the Android Telephony provider to display messages alongside Radar chats.
- Incoming SMS/MMS messages are received via system broadcast receivers.
- SMS/MMS content is stored locally in the encrypted on-device database only — it is never uploaded to our relay server.
- You can disable SMS integration at any time in Settings → SMS Integration.
🧑 Your Rights & Choices
You have the following controls over your data:
- Delete messages — delete individual messages, clear entire conversations, or wipe all chats from within the app.
- Delete contacts — remove any Radar contact from the contact card dialog.
- Reset device identity — Settings → Device Identity Reset destroys all cryptographic keys and generates a new UUID, severing all links to your previous identity on the server.
- Revoke permissions — revoke any permission at any time via Android Settings → Apps → Radar → Permissions.
- Block contacts — block any peer to stop all messages and presence updates from them.
- Delete all data — uninstalling the app removes all locally stored app data. Your server-side location record and any pending relay messages will be removed by the scheduled nightly cleanup.
- Export data — use Settings → Debug Info to view stored data; use Export Chat to export conversations.
GDPR / UK GDPR rights
- If you are in the EU/EEA or UK you may also have rights to: access, rectification, erasure, restriction of processing, and data portability.
- To exercise these rights contact us at support@daltechnology.co.uk.
🧒 Children's Privacy
Radar is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@daltechnology.co.uk. We will take steps to delete such information as quickly as possible.
🔗 Third-Party Links & Services
The app may contain links to third-party websites or services (e.g. emergency services websites, hospital listings). We are not responsible for the privacy practices of those third parties.
The Matrix protocol allows you to connect to homeservers operated by third parties. Those homeservers are governed by their own privacy policies.
Google's use of data is governed by the Google Privacy Policy.
📝 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where appropriate, notify you via an in-app notice.
Your continued use of Radar after any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
Contact Us
Questions, concerns, or data requests regarding this Privacy Policy:
Developer: DAL Technology
App: Radar (Android)
support@daltechnology.co.uk