fdyappa Privacy Policy

Last updated: 28 April 2026 · v2.1.3

This policy explains what fdyappa collects, why, and what choices you have. We aim to keep this short and human-readable. By using fdyappa you agree to this policy. If you do not agree, please do not use the app.

Short version. Direct messages are end-to-end encrypted and we cannot read them. We only collect what's needed to make the app work: your account, your content, who you call, and how to deliver notifications. We do not sell your data and we do not show ads.

1. What we collect

Account info — username, display name, hashed password (bcrypt; we never store your password in plain text), and an X25519 end-to-end encryption keypair generated on your device at signup. Only the public half is stored on our servers.
Profile content — anything you choose to upload (avatar, bio, posts, reels, stories, status, custom emoji, highlights).
Direct messages — chat messages are encrypted with the recipient's public key on your device before they leave your phone. Our servers cannot read message content. We retain the encrypted ciphertext only long enough to deliver it; messages you delete are removed.
View-once photos — when you send a view-once image, the recipient sees it for ~6 seconds. While displayed, the recipient's app sets the Android FLAG_SECURE flag to block screenshots, screen recording, and the recents-thumbnail. After display, the encrypted source is nulled on our server.
Stories — stories are visible to the audience you choose (everyone / followers / close friends). We store who viewed each story so you can see your own viewer list. Stories expire automatically after 24 hours.
Audio rooms — when you join a room we store your participant role (listener / speaker / host), seat assignment, hand-raise state, mute state, and any chat / poll / Q&A messages you post in the room. Gift and reaction events are kept for the room's lifetime.
Live broadcasts — viewer count, comments, reactions, and the broadcast's start/end time and peak viewer count. Audio/video frames flow peer-to-peer over WebRTC and are not recorded by us.
Calls — call signaling metadata (caller, callee, start/end time, duration, audio/video, missed/declined). Audio and video are peer-to-peer over WebRTC, or relayed via our TURN server when a direct connection fails. We do not record call contents.
Group calls — same as 1:1 calls, plus the participant list per call.
Push tokens — Firebase Cloud Messaging (FCM) tokens so we can deliver call and message notifications. Tokens are tied to your account and refreshed automatically.
Device + session info — device model, OS version, IP address, and a JWT session token, used to keep you signed in and to let you sign out individual devices from Settings → Sessions.
Crash + runtime-error reports — when the app crashes or a screen errors out, we send the error message, stack trace, and device model to our server to help us fix bugs. No chat content is included.
Bug reports — only the text + screen name you submit when you tap the in-app feedback bubble.

2. What we do not collect

We do not sell, rent, or trade your personal data with third parties.
We do not show you ads.
We do not access your contacts unless you explicitly invite a contact.
We do not read your direct messages — we cannot, by design.
We do not record audio/video calls or live broadcasts.
We do not track your location in the background. Location is attached only when you actively tap the location button on a message or post.

3. How long we keep it

Account data is kept while your account is active.
Direct messages are kept until you delete them, your account is deleted, or your peer's account is deleted.
Stories auto-expire after 24 hours; archived stories are kept until you delete them.
Posts and reels are kept until you delete them.
Call signaling logs are kept for up to 90 days.
Crash, runtime-error, and bug reports are kept for up to 12 months.
Server access logs (auth, signaling) are kept for up to 30 days.

4. Your choices

You can delete any post, reel, story, message, comment, or audio room from inside the app.
You can sign out of any individual device from Settings → Sessions.
You can adjust profile, online, last-seen, story, and read-receipt visibility from Settings → Privacy.
You can block, mute, or report any user.
You can delete your account from Settings → Account → Delete account. Deletion is irreversible and removes all your content; messages you previously sent to others may remain in their copy until they delete them.
You can request a data export by emailing the address below.

5. Permissions we ask for

Camera + microphone — for the video editor, audio/video calls, voice messages, stories, reels, and live broadcasts.
Photos / media — to attach photos and videos to messages and posts.
Notifications — for incoming messages and calls.
Location (when you tap the location button) — to attach a one-time location to a message or post. We do not track your location in the background.
Bluetooth — to route call audio to a connected headset.
Display over other apps — to show the full-screen incoming-call UI when your phone is locked.
Battery optimization exception — optional; lets the app wake reliably for incoming calls on OEMs that aggressively kill background apps.

6. Encryption

Direct messages use X25519 elliptic-curve key exchange and authenticated symmetric encryption. The encryption keypair is generated on your device at signup and the private half never leaves your device. View-once images are encrypted under the same scheme. Calls and live audio/video use DTLS-SRTP via WebRTC. TLS protects all traffic in transit between your device and our servers.

7. Where data is processed

fdyappa is operated from servers in Brazil (São Paulo). Push notifications are routed through Google Firebase Cloud Messaging (FCM) and subject to Google's privacy terms. TURN-relayed call media briefly transits our servers as encrypted DTLS-SRTP and is never decoded or stored.

8. Third-party services

Google Firebase Cloud Messaging — push notifications.
Google Sign-In (optional) — if you choose to sign in with Google we receive your Google email + display name. We do not receive your Google password.
Jamendo — when you browse the in-app royalty-free music library, requests go directly to Jamendo's API. We do not share your fdyappa identity with Jamendo.

9. Children

fdyappa is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). Do not use the service if you are below this age. If we learn we collected data from a child below this age we will delete it.

10. Contact

Questions or requests (data export, deletion, complaints): support@fdyappa.app.

11. Changes

If we change this policy materially we will notify you in-app before the change takes effect. The header at the top of this page shows the last-updated date.