Legal

Privacy Policy

Last updated: March 2, 2026

TL;DR: PeerBloc is built on zero-knowledge architecture. Your data stays on your device. Our relay server only sees encrypted handshakes. Cloud Vault encrypts everything client-side in your own S3 bucket — we never have the keys. We architecturally cannot access your content.

1. Introduction

PeerBloc ("we," "our," or "us") operates the PeerBloc mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect information when you use our App. PeerBloc is a peer-to-peer (P2P) social media application that operates with zero-knowledge architecture across all connection modes.

2. Our Architecture

PeerBloc offers three connection modes, all designed with zero-knowledge principles:

2.1 Local P2P

Uses Apple's MultipeerConnectivity framework for direct device-to-device connections via Bluetooth and WiFi:

  • Data transmitted directly between devices — no servers involved
  • Works without internet — completely offline capable
  • Content stored locally on your device only

2.2 Internet Relay (WebRTC)

Our signaling server brokers encrypted WebRTC tunnels between devices. Here is exactly what the relay server sees:

  • Public key hashes — used to identify peers and broker connections
  • Encrypted handshake data — WebRTC signaling messages (SDP offers/answers, ICE candidates)
  • Connection metadata — IP addresses and timestamps (necessary for network routing)

The relay server never sees, stores, or has access to: your posts, photos, videos, messages, profile data, or any user-generated content. Once the WebRTC tunnel is established, data flows directly between devices.

2.3 Cloud Vault (S3)

Optional premium feature that stores encrypted data in your own AWS S3 bucket:

  • All data is encrypted client-side on your device before upload
  • Stored in your own S3 bucket under your AWS account — not ours
  • We never have the decryption keys — the bucket contains only encrypted blobs
  • You control access, retention, and deletion through your AWS console

3. Information We Collect

3.1 Sign in with Apple

When you create an account using Sign in with Apple, we receive:

  • • A unique, anonymous identifier provided by Apple
  • • Your name (if you choose to share it — you can use Apple's anonymous relay)
  • • An email address (which may be Apple's private relay email)

3.2 User-Generated Content

Posts, photos, videos, comments, likes, and bookmarks are created and stored locally on your device. This content is shared directly with connected peers via P2P or encrypted relay and is never transmitted to or stored on our servers. If you enable Cloud Vault, encrypted copies are stored in your own S3 bucket.

3.3 Device & Connection Information

For local peer discovery, the App uses your device's Bluetooth and WiFi capabilities. For Internet Relay, our signaling server processes connection metadata (IP addresses, public key hashes) necessary to establish WebRTC tunnels. This data is not stored beyond the active session.

3.4 Purchase Information

In-app purchases are processed entirely by Apple through the App Store. We receive confirmation of purchases for feature unlocking but do not have access to your payment information.

4. How We Use Information

The minimal information we collect is used solely to:

  • • Authenticate your identity within the App
  • • Broker WebRTC connections via the signaling server
  • • Manage your account and premium feature access
  • • Provide customer support when requested
  • • Send important service announcements (opt-in only)

5. Data Storage & Security

Your content is stored locally on your device using iOS's built-in data protection. If you enable Cloud Vault, encrypted copies are stored in your own S3 bucket. We do not maintain centralized databases of user content.

The relay server does not persistently store connection data beyond active sessions. Signaling data is ephemeral and discarded after the WebRTC tunnel is established.

If you delete the App, all locally stored content is permanently removed from your device. Cloud Vault data in your S3 bucket can be deleted through your AWS console.

6. Third-Party Services

PeerBloc uses the following third-party services:

  • Apple Sign In: For authentication (subject to Apple's Privacy Policy)
  • Apple StoreKit: For in-app purchases (subject to Apple's terms)
  • Amazon Web Services (S3): Cloud Vault only, opted in by user, using user's own AWS account (subject to AWS Privacy Policy)

We do not use any third-party analytics, advertising, or tracking services.

7. Children's Privacy

PeerBloc is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us.

8. Your Rights

You have the right to:

  • • Access your account information
  • • Delete your account and associated data
  • • Export your locally stored content
  • • Delete your Cloud Vault data via your AWS console
  • • Opt out of any communications

Since your content is stored locally (and optionally in your own S3 bucket), you always have full control over it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

📧 privacy@peerbloc.com