Gridless ("we," "our," or "us") is an iOS application for off-grid, peer-to-peer mesh networking and end-to-end encrypted messaging. Gridless is developed and published as an independent project. For questions about this policy, contact us at support@gridless.chat.
This Privacy Policy applies to the Gridless iOS application and the website at gridless.chat.
The following data is created and stored exclusively on your iPhone. It does not leave your device, is not transmitted to us, and is excluded from iCloud backup.
| Data type | Where stored | Shared with us? |
|---|---|---|
| Messages | Core Data (on-device database) | Never |
| Conversation history | Core Data (on-device database) | Never |
| Encryption keys | iOS Keychain (Secure Enclave-backed) | Never |
| Your display name | UserDefaults (on-device) | Never |
| Contact nicknames | UserDefaults (on-device) | Never |
| App settings & preferences | UserDefaults (on-device) | Never |
| PIN code hash | iOS Keychain | Never |
| Verified peer records | iOS Keychain | Never |
| Scheduled messages | UserDefaults (on-device) | Never |
| Debug logs | In-memory only (not persisted) | Never (unless you export manually) |
Gridless uses Apple's MultipeerConnectivity framework to establish direct Bluetooth and WiFi Direct connections between nearby devices. All message transmission is device-to-device within the mesh network.
No message ever passes through our servers — because we operate none. Messages travel from your device, through intermediate devices acting as relays, to the recipient's device. All traffic is end-to-end encrypted before leaving your device; relay nodes forward ciphertext they cannot decrypt.
Apple may process connection-level data in accordance with their own privacy policies when MultipeerConnectivity is used. Gridless has no control over and no access to any such data.
All messages are encrypted end-to-end using AES-256-GCM with a per-message random nonce. Encryption keys are derived via P-256 ECDH key agreement and HKDF-SHA256 key derivation. Every packet is signed with a P-256 ECDSA signature. Unsigned or tampered packets are silently dropped by every relay.
Private direct messages use the Double Ratchet protocol for forward secrecy. Ratchet sessions auto-rotate every 50 messages or 15 minutes, ensuring that compromise of a key only exposes a limited window of messages — not the entire conversation history.
All long-lived key material is stored in the iOS Keychain with SecAccessControl.
When biometric app lock is enabled, keys require Face ID, Touch ID, or Optic ID before use.
The iOS Secure Enclave never exposes private keys to the app or to the operating system.
Message relay is rate-limited per peer to prevent flooding and brute-force attacks. Packet deduplication and sequence numbers prevent replay and loop attacks in the mesh.
We have no technical ability to decrypt your messages. If a government or third party demanded your messages from us, we would have nothing to provide — the data does not exist on any system we control.
Gridless explicitly excludes all sensitive data stores from iCloud backup. This includes Core Data message databases, Keychain entries, and UserDefaults keys containing messages, keys, and contact data.
If you restore an iPhone from an iCloud backup, Gridless will start in a clean state with no messages or keys. This is intentional and by design.
iTunes/Finder local encrypted backups may capture some app data depending on your device configuration. We recommend keeping local backups encrypted.
| Permission | Required | Why |
|---|---|---|
| Bluetooth | Yes | Core mesh transport. The app cannot function without it. |
| Local Network | Yes | Required for WiFi Direct peer discovery and session establishment via MultipeerConnectivity. |
| Notifications | No | Optional. Used to alert you to new messages when the app is backgrounded. We never send remote push notifications — all notifications are local and generated on-device. |
| Face ID / Touch ID | No | Optional. Used for biometric app lock if you enable it in Settings. Biometric data never leaves the Secure Enclave on your device. |
We do not request camera, microphone, location, contacts, or photo library access. If a future version adds features requiring new permissions, this policy will be updated and users will be prompted in-app.
Gridless contains no third-party SDKs, analytics libraries, advertising frameworks, or crash reporting services that transmit data externally.
The app is distributed through the Apple App Store. Apple collects purchase and download data in accordance with their own Privacy Policy. We receive only aggregate, anonymized data from App Store Connect (download counts, crash rates) — never individual user data.
We do not sell, rent, trade, or share your personal data with any third party, because we do not possess any personal data to share.
Gridless is not directed at children under 13. We do not knowingly collect any information from children. Because we collect no personal data from any user, there is no data to collect from children either.
If you are a parent or guardian and believe your child has used Gridless in a way that raises concern, please contact us at support@gridless.chat.
Because all data is stored locally on your device, you are in complete control of it at all times.
We hold no personal data about you. There is no profile to request, no account to close, and no database to delete you from. If you have questions about this, contact us at support@gridless.chat.
If you are in the European Economic Area (EEA), United Kingdom, or California, you have additional rights under GDPR or CCPA. Because Gridless does not collect, process, or store personal data, we do not act as a data controller or data processor for purposes of these regulations. Your rights (access, erasure, portability, objection) are satisfied by the fact that all data is under your control on your own device and can be deleted at any time as described above.
The Gridless website at gridless.chat does not use cookies, tracking pixels, or analytics scripts. No personal data is collected when you visit.
Standard web server logs (IP address, timestamp, page visited) may be retained by the hosting provider for up to 30 days for security and operational purposes. These are not shared with us in identifiable form.
If you discover a security vulnerability in Gridless, please report it responsibly to support@gridless.chat with the subject line "SECURITY". We will respond within 48 hours, work with you to understand and fix the issue, and publicly acknowledge your contribution (unless you prefer anonymity).
Message relay uses a 16-hop limit to prevent indefinite packet circulation. Route cache entries expire after 10 minutes to prevent stale routing. All cryptographic operations use industry-standard algorithms (P-256, AES-256, SHA-256).
If we make material changes to this Privacy Policy, we will update the effective date at the top of this page and, where appropriate, display an in-app notice on the next launch. Continued use of Gridless after changes are posted constitutes acceptance of the updated policy.
We do not expect this policy to change substantially — it reflects the architecture of the app, and the app is designed to collect nothing.
For privacy questions, data requests, or security disclosures:
Support: support@gridless.chat
Security: support@gridless.chat (subject: SECURITY)
Web: gridless.chat