Privacy Policy

Last updated: March 25, 2026

Summary: RoadFlare is an open-source client for the Nostr protocol. The developers do not operate servers, do not collect your data, and do not have access to your account. Your private key never leaves your device.

1. What RoadFlare Is

RoadFlare is a free, open-source iOS application that acts as a client for the Ridestr protocol, a rideshare coordination protocol built on Nostr (Notes and Other Stuff Transmitted by Relays). RoadFlare is not a service, platform, or transportation company. It is software that you run on your device to communicate with other users via third-party relay servers.

There is no company behind RoadFlare. No one operates a central server. No one has the ability to access, modify, or delete your account.

2. Data the Developers Collect

None. The developers of RoadFlare do not collect, store, process, or have access to any personal information. There are no analytics, no tracking pixels, no crash reporters, and no server-side logs. The app communicates exclusively with third-party Nostr relays that you connect to.

3. Data Stored on Your Device

RoadFlare stores the following data locally on your device:

Identity private key — Stored in the iOS Keychain (encrypted at rest by the operating system). This key is used to sign events and is never transmitted.
Profile settings — Your display name, preferred payment methods, distance units, and currency preference.
Followed drivers list — The public keys of drivers you follow, along with their shared encryption keys.
Saved locations — Addresses you save for quick access (favorites and recents).
Ride history — Records of completed and cancelled rides.
Cached driver profiles — Names, profile photos, and vehicle information fetched from Nostr.

All locally stored data can be deleted by logging out of the app or deleting the app from your device. Note that iOS Keychain data may persist across app reinstalls unless explicitly cleared.

4. Data Transmitted via Nostr

When you use RoadFlare, the app publishes signed events to Nostr relay servers. These events follow the Ridestr protocol and contain different types of data depending on the action.

What is encrypted

Most sensitive data is encrypted using NIP-44 (ChaCha20-Poly1305 authenticated encryption) so that only the intended recipient can read it:

Ride offers — Precise pickup location, destination, fare estimate, and payment methods. Encrypted to the driver you select.
Ride confirmations — Pickup location confirmed after driver acceptance. Encrypted to your driver.
Chat messages — All in-ride messages. Encrypted point-to-point.
Cancellations — Encrypted to the other party.
Driver locations — Precise latitude and longitude of drivers broadcasting their availability. Encrypted with a shared key that drivers choose to give to you when they approve your follow request.
Profile backups — Your settings, saved locations, and ride history. Encrypted to your own key (only you can decrypt).
Followed drivers list — The full list with notes and encryption keys. Encrypted to your own key.

You control who receives your data by choosing which drivers to add to your list. Drivers control who sees their location by choosing which follow requests to approve. All encrypted content is inaccessible to third parties — including relay operators, network observers, and the RoadFlare developers — without the private key of either you or the specific driver you are communicating with.

What is visible in plaintext

The Nostr protocol requires certain metadata to be unencrypted for events to be routed and filtered. The following is visible to relay operators and anyone querying the relay:

Your public key — A 64-character hexadecimal identifier. This is not your name or email; it is a cryptographic identifier.
Recipient public keys — The public key of who you are communicating with (in event tags).
Timestamps — When each event was created.
Event types — The kind number reveals the category of action (ride offer, chat, location broadcast, etc.).
Followed driver pubkeys — The public keys of drivers you follow are included as public tags on your followed drivers list event. This is a design feature that allows drivers to discover your follow request and approve it. The list content (notes, encryption keys) remains encrypted — only the public key identifiers are visible.
Display name — If you set a display name, it is published as plaintext per the Nostr NIP-01 standard. This is visible to anyone. RoadFlare does not publish any other profile fields (bio, photo, etc.).

What ride acceptance reveals

When a driver accepts your ride offer, their acceptance event contains their response status. Per the Ridestr protocol, ride acceptance content is transmitted as plaintext JSON (not encrypted). This is limited to the acceptance status and optional payment method confirmation. No location data is included in the acceptance.

5. Nostr Relays

RoadFlare connects to third-party Nostr relay servers to send and receive events. The default relays are:

wss://relay.damus.io
wss://nos.lol
wss://relay.primal.net

Relay operators can see:

Your IP address (unless you use a VPN)
All plaintext event metadata listed above
Which public keys you are requesting (your subscription filters)
Encrypted event content (as opaque ciphertext they cannot read)

Each relay is operated by an independent third party and has its own privacy practices. The RoadFlare developers do not operate any relays and have no control over relay data retention or policies.

6. Third-Party Services

The app uses the following device and network services:

Apple Maps / MapKit — For address search, route calculation, and map display. Subject to Apple's Privacy Policy.
Apple Core Location — For GPS positioning when you use "Current Location" as a pickup. Location access requires your explicit permission and can be revoked at any time in iOS Settings.
CoinGecko / Coinbase APIs — For exchange rate data used in fare conversion. No personal data is sent; only a price query.

RoadFlare does not use any analytics services, advertising networks, or crash reporting tools.

7. Data Permanence

Information published to Nostr relays should be considered potentially permanent. While most RoadFlare events include expiration tags (ranging from 5 minutes to 24 hours), relay operators are not required to honor deletion or expiration requests. Any user or relay on the network may retain a copy of events they have seen.

Your encrypted content cannot be read without the corresponding private key, but the plaintext metadata (public keys, timestamps, event types) may persist indefinitely.

8. Data Portability

Your Nostr identity is a cryptographic key pair that you control. You can export your private key (nsec) and use it with any Nostr-compatible application. No permission from RoadFlare or any third party is required. Your followed drivers list, profile, and settings are backed up as encrypted Nostr events that any compatible client can restore.

9. Children

RoadFlare does not knowingly collect information from children under 17. The app does not verify age because it does not collect personal information. Use of the app to coordinate real-world transportation is intended for adults.

10. Changes to This Policy

This policy may be updated to reflect changes in the app or protocol. The "Last updated" date at the top will be revised accordingly. Since RoadFlare is open source, all changes are visible in the source repository.

11. Contact

RoadFlare is an open-source project with no company or formal entity. For questions or concerns about privacy, email support@roadflare.app or open an issue on GitHub.