Privacy Policy

Information we collect

The short answer: essentially nothing. There are no accounts, no email or phone signup, no analytics, no advertising SDKs, no crash-reporting services, and no telemetry of any kind.

Personal information

We do not collect your name, email address, phone number, physical address, date of birth, or any other personally identifiable information at any point.

Device and usage information

We do not collect device identifiers, advertising IDs, IP addresses (beyond ephemeral in-memory rate-limiting that is never written to disk), browser fingerprints, usage statistics, session durations, feature-usage metrics, or any form of behavioral analytics.

Call content

All audio and video is encrypted end-to-end. We never see, hear, record, transcribe, or store call content. The relay server forwards encrypted bytes only — it cannot decrypt them.

Call metadata

We do not log who called whom, when calls occurred, call durations, or participant counts. The signaling broker ferries the WebRTC handshake and immediately forgets it.

Pairing codes

Pairing codes are generated in your browser, held in memory only, and discarded the moment the call ends. They are never written to a database.

Purchase information (Android app only)

If you make the optional one-time "Supporter" purchase, the transaction is handled entirely by Google Play. Faraday receives a purchase token, product ID, and order ID from Google Play, derives a one-way hash to issue an unlock cookie, and does not store these values in any database. We never see your payment method, billing address, or Google account details.

How we use information

Because we collect almost nothing, there is very little to use:

• Unlock cookie: A cryptographically signed, 30-day cookie tracks whether you have purchased the Supporter tier. It contains a hashed user ID, tier level, and expiry — nothing else. It is verified via signature, not by database lookup.
• Rate limiting: The relay-credential endpoint keeps an in-memory counter per IP address to prevent abuse. This counter is never written to disk and is lost when the server restarts.
• Security logs: Content Security Policy violation reports and honeypot probe attempts are logged to our self-hosted infrastructure for security monitoring. These logs do not contain personally identifiable information.

Data sharing and third parties

We do not sell, rent, trade, or share your data with any third party. Period.

Faraday has no advertising partners, no analytics providers, no data brokers, and no third-party SDKs that receive user data. The video masking model (MediaPipe Selfie Segmenter) runs entirely on your device — no frames are sent to Google or any external service.

The only third-party involvement is Google Play Billing for the optional Supporter purchase on Android. That transaction is governed by Google's Privacy Policy, not ours.

Data retention

Since we do not collect personal data, there is nothing to retain. Specifically:

• Call content and metadata: never stored.
• Pairing codes: discarded when the call ends.
• Rate-limiting counters: in-memory only, lost on server restart.
• Unlock cookie: expires after 30 days. You can delete it at any time by clearing your browser or app data.
• Scheduled meeting tokens: the token is the data — there is no server-side copy. It expires at the time encoded in the token.
• Security logs (CSP reports, probe attempts): retained on our self-hosted infrastructure and periodically purged. They contain no personally identifiable information.

Your data and deletion rights

Because Faraday does not create accounts and does not store personal data on any server, there is no user profile or data record to delete. However, you have full control over the small amount of data stored locally on your device:

• Android app: Go to Settings → Apps → Faraday → Storage → Clear Data. This removes all locally stored data including the unlock cookie and any cached files. You can also uninstall the app, which deletes all app data from your device.
• Web browser: Clear cookies and site data for faraday.cam in your browser settings. This removes the unlock cookie and any cached assets.

If you made a Supporter purchase through Google Play and want to request deletion of any data Google holds about that transaction, contact Google through your Google Account privacy settings.

If you believe we hold any data about you and want it deleted, email 1800bobrossdotcom@gmail.com and we will respond within 30 days.

Call encryption and relay

Calls are peer-to-peer over WebRTC with DTLS-SRTP encryption (AES-128-GCM). Audio and video frames travel directly between the two devices, or through a TURN relay (turn.faraday.cam) when NAT traversal requires one. The relay forwards encrypted bytes — it cannot see or hear the call.

The signaling broker (peerjs-server, also self-hosted on turn.faraday.cam) only ferries the WebRTC offer/answer handshake. It never sees media, and it does not log who connected to whom. There is also a Tor onion broker for users who want to hide their IP from the broker entirely.

Before any audio is unmuted, both ends compare a 4-word Short Authentication String derived from the SHA-256 of the lex-sorted DTLS fingerprints. If the words don't match, you have caught a MITM in the act and should not unmute.

Camera, microphone, and screen

The browser or app asks for camera and microphone permission only after you tap to start a call. Video frames are processed locally for the person-mask effect (MediaPipe Selfie Segmenter, served from the same origin — no third-party model host). Audio is processed locally through the CBAY DSP engine. Nothing is uploaded unencrypted.

On Android, the app declares only three permissions: Internet, Camera, and Microphone. Camera and microphone access is revoked by the OS when the app is in the background.

The Android app

The Android app is a thin Capacitor wrapper that loads this same web app inside a Chromium WebView. It has allowBackup=false, refuses cleartext HTTP, and trusts only system-installed certificate authorities so a corporate MITM proxy cannot intercept calls. App data is excluded from Google Drive backup and from device-to-device transfer.

The Play Store version offers an optional one-time "Supporter" purchase via Google Play Billing. It buys you a badge in the UI and helps cover the relay server. It does not unlock, disable, or change any privacy or security feature. Every protection in this policy applies to free and paying users equally.

Children's privacy

Faraday is not directed at children under 13. We do not knowingly collect personal information from children under 13. Because Faraday collects no personal information from any user, there is no children's data to identify or delete. If you believe a child under 13 is using Faraday in a way that concerns you, contact us at 1800bobrossdotcom@gmail.com.

Security

All connections use TLS 1.2 or higher. The site is on the HSTS preload list. Mixed content is blocked. Cross-origin embedding is denied. Referrer headers are stripped. All tokens are cryptographically signed with HMAC-SHA256.

What we cannot protect against

Faraday is not a Pegasus shield. If your device is compromised at the OS level — a state-grade implant, a malicious app with screen recording, a camera tap on the wall behind you — no in-app feature can save the call. Faraday raises the cost of mass passive surveillance and casual interception. It is not a substitute for a hardened device and good operational hygiene.

Changes to this policy

We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the most recent revision. If we make material changes, we will update the date and post the revised policy here. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

For privacy questions, data deletion requests, or security concerns, email 1800bobrossdotcom@gmail.com. Source code, infrastructure notes, and security-issue reporting instructions are on the repository.