TRUE PEER PRIVACY POLICY

Last updated: 2 June 2026

-------------------------------------------------------

1.  INTRODUCTION

TruePeer is a private contact-verification and introduction service.

This policy explains what information the app collects, how it is

stored, and your rights over that data.

TruePeer is designed with a privacy-first architecture: most data never

leaves your device, there is no account system, and we collect no

analytics or behavioral tracking of any kind.

-------------------------------------------------------

2. DATA WE COLLECT AND STORE

2.1 Data stored only on your device

The following data is created on your device and never transmitted to

our servers:

  - Display name (AsyncStorage)

    Used to identify you to contacts you connect with.

  - Contact list — names, notes, TruePeer IDs (AsyncStorage)

    Your address book within TruePeer.

  - TOTP verification secrets (AsyncStorage, encrypted)

    Used for cryptographic verification of each contact.

  - Device secret, 64-character hex (OS secure enclave)

    Authenticates your device with our backend.

  - App-lock PIN hash (OS secure enclave)

    Protects the app with a 6-digit PIN.

  - Encrypted backup files (.tpbak)

    User-initiated exports; AES-256-GCM encrypted before leaving the

    app. Stored wherever you choose (device storage, cloud drive, etc.).

2.2 Data synced to our servers (Firebase)

The following minimal data is synced to Firebase Firestore to enable

the trust graph and introduction features:

  - TruePeer ID (e.g. ABCD-1234)

    A pseudonymous identifier; not linked to your real name or email.

  - Display name

    Shown to contacts as part of introductions.

  - Connection edges (pairs of TruePeer IDs + date formed)

    Represents your trust relationships.

  - SHA-256 hash of your device secret

    Verifies requests from your device. The raw secret is never sent.

  - Last sync timestamp and connection count

    Keeps the trust graph up to date.

Your real name, email address, phone number, contact notes, TOTP

secrets, and PIN are never sent to our servers.

2.3 Push notification tokens

When you enable notifications, your Expo push token (or underlying

APNs/FCM token) is stored locally and used only to deliver introductions

to your device. Tokens are passed to the Expo Push Service solely to

deliver that notification and are not retained by us beyond that use.

-------------------------------------------------------

3. THIRD PARTIES

TruePeer uses the following third-party services:

  Firebase (Google)

  - What is shared: trust graph data (see section 3.2)

  - Why: database and Cloud Functions infrastructure

  Expo Push Service

  - What is shared: your push token and notification payload

  - Why: delivering introduction notifications to your device

  Apple APNs / Google FCM

  - What is shared: push token (managed by the OS and Expo)

  - Why: final delivery of notifications to your device

We share no data with analytics companies, advertisers, data brokers,

or any other third parties.

Firebase is subject to Google's Privacy Policy (policies.google.com/

privacy). Expo's privacy practices are described at expo.dev/privacy.

-------------------------------------------------------

4. HOW WE PROTECT YOUR DATA

  AES-256-GCM encryption

  All sensitive vault data (TOTP secrets, contact records) is encrypted

  on-device before storage.

  PBKDF2-SHA256 key derivation

  Encryption keys are derived from your PIN and device secret. We never

  hold the key.

  Biometric lock

  Face ID (iOS) or fingerprint (Android) can be used to unlock the app.

  Biometric data is handled entirely by your device OS and is never

  accessible to TruePeer.

  Device secret verification

  All backend writes are authenticated using a per-device secret.

  Server-side rules reject unauthenticated requests.

  No plaintext contact data on servers

  Contact names, notes, and TOTP secrets exist only on your device and

  in your encrypted backups.

-------------------------------------------------------

5. ENCRYPTED BACKUPS

You may export an encrypted backup of your data at any time from

Settings. Backups are encrypted with AES-256-GCM before leaving the

app. We do not receive or store these files. You are responsible for

keeping your backup password safe. 

-------------------------------------------------------

6. DATA RETENTION AND DELETION

  On-device data

  You control all locally stored data. Delete individual contacts at any

  time, or delete the app to remove all local data.

  Server-side data

  You can delete your entire trust-graph node (including all connection

  edges) via Settings > Delete Account. This permanently removes your

  data from Firebase. We do not retain server-side data after a deletion

  request is processed.

-------------------------------------------------------

7. YOUR RIGHTS

Regardless of your location, you have the right to:

  Access      All data we hold about you on-device is directly visible

              to you in the app.

  Correction  Update your display name in Settings at any time.

  Deletion    Delete your account and all server-side data at any time

              via Settings > Delete Account.

  Portability Export an encrypted backup of all your data at any time

              via Settings.

If you are in the European Economic Area (EEA) or the UK, you may have

additional rights under GDPR, including the right to lodge a complaint

with a supervisory authority.

If you are a California resident, you have rights under the CCPA/CPRA,

including the right to know, delete, and opt out of sale of personal

information. TruePeer does not sell personal information.

-------------------------------------------------------

8. CHANGES TO THIS POLICY

We will update this policy if our data practices change. The "Last

updated" date at the top of this document will reflect any changes.

Continued use of the app after changes constitutes acceptance of the

revised policy.

-------------------------------------------------------