# Privacy Policy **Zic Hat** ("the App") **Effective Date:** April 11, 2026 **Developer:** Walter (walush) **Contact:** walush2023@gmail.com --- ## 1. Overview Zic Hat is a location-based anonymous chat application. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information. **We do not require account registration.** The App identifies devices using anonymous device identifiers provided by the operating system. --- ## 2. Data We Collect ### 2.1 Device Identifier - **iOS:** `identifierForVendor` (resets if the app is uninstalled and reinstalled) - **Android:** `ANDROID_ID` This identifier is used solely to associate messages with a device for moderation purposes. We do not link it to your name, email, or any personal identity. ### 2.2 Location Data The App requires location access to place you in a geographically relevant chat room. - **GPS coordinates** (latitude and longitude) are collected when you use the App. - Coordinates are converted to an **H3 geospatial cell index** (a hexagonal grid area of approximately 0.7 km^2). - **Reverse geocoding** is performed via the OpenStreetMap Nominatim API to display a human-readable location name. **We do not track your location history.** Location is only used to determine your current chat cell. GPS coordinates are stored alongside messages in our database but are not exposed to other users. ### 2.3 User-Generated Content - **Chat messages** (up to 60 characters per message) - **Pinned messages** (up to 100 characters, with associated payment amount) - **Ban appeal text** (submitted voluntarily if your device is suspended) ### 2.4 Moderation Data When you send a message, the text is analyzed by an automated content moderation system: - **AI moderation scores** (0-100 risk rating) - **Violation records** (message text, severity, reason) are stored if a message is flagged ### 2.5 In-App Purchase Data Pin message purchases are processed entirely through the **Apple App Store** or **Google Play Store**. We do not collect or store your payment information, credit card number, or billing address. We only receive a transaction confirmation from the platform. ### 2.6 Local Storage The App stores the following on your device: - **Message cache:** Up to 50 recent messages per chat cell (auto-deleted after 7 days) - **Rate limit cooldown timer:** Expiration timestamp This data never leaves your device and is cleared when you uninstall the App. --- ## 3. How We Use Your Data | Purpose | Data Used | |---------|-----------| | Place you in a location-based chat room | GPS coordinates, H3 cell index | | Display messages to nearby users | Message text, device identifier | | Moderate content and enforce community guidelines | Message text (sent to AI moderation) | | Prevent abuse (rate limiting, ban enforcement) | Device identifier, message timestamps | | Process pin message payments | Transaction ID from Apple/Google (no financial data) | | Respond to ban appeals | Device identifier, appeal text | --- ## 4. Data Shared with Third Parties ### 4.1 Google (Gemini AI) Message text is sent to **Google Gemini AI** for automated content moderation. Google processes this data according to the [Google Cloud Privacy Policy](https://cloud.google.com/terms/cloud-privacy-notice). No personal identifiers are sent to Google. ### 4.2 Apple (DeviceCheck, iOS only) On iOS devices, we use **Apple DeviceCheck** to persist moderation state (warning count) at the hardware level. This prevents ban evasion through app reinstallation. Apple processes this data according to the [Apple Privacy Policy](https://www.apple.com/privacy/). ### 4.3 OpenStreetMap (Nominatim) Cell center coordinates are sent to the **OpenStreetMap Nominatim API** to retrieve location names. No device identifiers or message content are shared. See the [Nominatim Usage Policy](https://operations.osmfoundation.org/policies/nominatim/). ### 4.4 Cloudflare Network traffic passes through **Cloudflare** for SSL termination and DDoS protection. See the [Cloudflare Privacy Policy](https://www.cloudflare.com/privacypolicy/). ### 4.5 Apple App Store / Google Play Store In-app purchases are processed by the respective platform. We do not receive or store your financial information. **We do not sell, rent, or share your personal data with advertisers or data brokers.** --- ## 5. Data Retention | Data Type | Retention Period | |-----------|-----------------| | Chat messages | Automatically deleted after 30 days (configurable) if the cell has more than 200 messages. Minimum 200 messages are always retained per cell. | | Pinned messages | Expire after 24 hours; records retained for revenue reporting | | Device violation records | Retained indefinitely for moderation history | | Device status (warnings, bans) | Warnings reset monthly; suspensions last 3 days | | Ban appeals | Retained indefinitely | | Admin audit logs | Retained indefinitely | | Local message cache | Auto-deleted after 7 days | --- ## 6. Data Security - All network communication uses **HTTPS/TLS** encryption via Cloudflare. - Real-time messaging uses **WebSocket (WSS)** with encrypted transport. - Database is hosted on a private network, accessible only to the application server. - No passwords or authentication credentials are collected from users. - Admin operations are logged in an audit trail. --- ## 7. Children's Privacy The App is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us and we will delete it. --- ## 8. Your Rights Depending on your jurisdiction, you may have the following rights: - **Access:** Request a copy of data associated with your device identifier. - **Deletion:** Request deletion of your messages and device records. - **Correction:** Request correction of inaccurate data. To exercise these rights, contact us at **walush2023@gmail.com** with your device identifier (available in the App's settings or debug information). Since we do not collect personal identity information, we can only process requests that include the device identifier associated with the data. --- ## 9. International Data Transfers Our servers may be located in regions different from your own. By using the App, you consent to the transfer and processing of your data in these locations. All transfers are protected by HTTPS encryption. --- ## 10. Changes to This Policy We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Effective Date" at the top of this document. Continued use of the App after changes constitutes acceptance of the updated policy. --- ## 11. Contact Us If you have questions about this Privacy Policy or your data: - **Email:** walush2023@gmail.com - **GitHub:** https://github.com/walush2023 --- *Last updated: April 11, 2026*