Freeport — Privacy Policy

Last updated: 17 June 2026

Freeport is a decentralized, peer-to-peer marketplace built on the Nostr protocol. There is no Freeport server, no account, and no sign-up. Your identity is a cryptographic key created on your device. This policy explains what data the app handles and where it goes.

The short version

• We do not operate a server that collects or stores your data.
• We do not run analytics, advertising, trackers, or data brokers.
• Your identity key is generated and stored on your device. We never receive it.
• Direct messages are end-to-end encrypted (Nostr NIP-04); we cannot read them.
• Listings you post are public by design — they are broadcast to public Nostr relays.

Information handled by the app

• Identity key. A Nostr keypair is generated locally and stored in your device's secure storage (iOS Keychain / Android Keystore via Expo SecureStore, or browser storage on web). You may optionally back it up to your own iCloud Keychain (iOS), Google Block Store (Android), or an exported file. In all cases the key stays under your control; Freeport's developer never receives it.
• Profile. A display name, optional bio, optional photos, and a phone number you choose to add. Your profile is published to public Nostr relays so counterparties can reach you. You choose whether your phone number is shown masked or in full; the full number is otherwise shared only through an encrypted direct message after a deal is confirmed.
• Listings & deals. Ride/service/goods requests and offers you post are public Nostr events. They include the listing details, a price, and a coarse location (a ~city / neighborhood-level geohash). Precise GPS coordinates are not published.
• Messages. Negotiation and chat happen over Nostr direct messages, which are end-to-end encrypted (NIP-04). They are relayed by public Nostr relays that you cannot be individually identified to beyond your public key.
• Location. With your permission, the app uses your device location to set your pickup point and show nearby listings. If you decline, it falls back to a coarse, IP-based location from a third-party lookup. Only a coarse geohash is ever attached to public listings.
• Photos / microphone / camera. Used only when you choose to attach an image or record a voice message. Media you attach is uploaded to a third-party media host (nostr.build) and referenced by URL in your public listing or encrypted message.
• Notifications. If you enable them, local/push notifications alert you to new messages. Web push, where used, relies on your browser/OS push service.

Third parties your data may reach

Because Freeport has no backend of its own, data flows directly from your device to decentralized or third-party infrastructure that you or the network rely on:

• Public Nostr relays — carry your public listings, profile, and encrypted messages.
• nostr.build — hosts images/voice clips you choose to attach.
• IP-geolocation providers (ipwho.is, ipapi.co) — used only as a coarse location fallback when device location is unavailable.
• Apple / Google — only if you opt into cloud key backup or enable push notifications.
• Google Maps — renders maps on Android.

Each of these operates under its own privacy policy. Freeport does not sell or share your data with anyone for advertising or marketing.

Data retention & deletion

• App data lives on your device. Deleting the app (and any cloud backup you created) removes your local copy.
• Public events already broadcast to Nostr relays are outside any single party's control and may persist on relays you do not operate. Listings carry an expiration tag (NIP-40), but individual relays decide how long to keep data. Treat anything you publish publicly as potentially permanent.

Children

Freeport is not directed to children and is intended for users 17+.

Changes

We may update this policy; the "last updated" date reflects the latest version.

Contact

Questions about privacy: [email protected]

Freeport · a peer-to-peer marketplace on Nostr · freeport.trinh.uk