Privacy Policy

Last updated: April 17, 2026

    FlashChat is built with privacy at its core. We minimize data collection and never store your 1-on-1 conversations or media.
  

1. Overview

FlashChat is a free, anonymous chat platform available at flashchat.fun. This Privacy Policy explains what information we collect, what we store, and how we protect your data across all features: anonymous stranger chat, video calls, Flash Cards, FlashBuddies, Rooms, Profiles, Arcade, and FlashBot.

2. Information We Do NOT Collect

FlashChat is designed to minimize data collection. We do not collect or store:

Names, email addresses (unless you optionally add one for account recovery), phone numbers, or government-issued identifiers
1-on-1 anonymous chat messages or conversation content (messages are relayed in real-time and never saved)
Self-destructing photos or voice notes you send or receive in stranger chats
Passwords or login credentials (there are no accounts)
Cookies for tracking or advertising
Location data or GPS coordinates
Hardware fingerprints or device identifiers beyond a browser-generated UUID

3. Information We Process and Store

3.1 Temporary In-Memory Data

The following data exists only in server memory (RAM) during your active session and is cleared on disconnect or server restart:

WebSocket connections: Active connections held while you are connected, cleared instantly on disconnect.
Session identifiers: Temporary random IDs for reconnection support, purged within 2 minutes of disconnection.
Interest tags: Topic preferences you select before chatting, used only for matchmaking.
Matchmaking queue state: Your position and buddy invite queue status, held in memory only.
Video call signaling: WebRTC offer/answer/ICE candidate data is relayed in memory and never logged.

3.2 Persistent Data (Optional Features)

If you choose to use optional features (Flash Cards, Profiles, Rooms, FlashBuddies), the following data is stored in a database:

Device identifier: A randomly generated UUID stored in your browser's localStorage. This is not a hardware fingerprint — it can be cleared by clearing browser data.
Profile data: Display nickname, @handle, avatar URL, bio, interests, age range, and gender — only if you choose to set them.
Email address: Only if you optionally verify your email for account recovery. Used solely for sending recovery links.
Flash Cards: Cards you create (text, tags, background) are stored until you delete them.
Comments: Comments you post on Flash Cards are stored alongside the card.
Rooms: Chat rooms you create (name, description, tags, settings) and room messages are stored for room history.
FlashBuddy connections: If you send or accept buddy requests, the connection record is stored.
Chat invites: Buddy chat invitations are stored temporarily and expire after 2 hours.
Chat session metadata: Basic session records (start time, duration, message count, whether reported) are stored for abuse prevention. Message content is never stored.
Moderation reports: If you report a user, the report details (reason, timestamp, device IDs) are stored for compliance review.
Moderation logs: Automated logs of content filtered for illegal material (CSAM, terrorism content) are retained for legal compliance.

3.3 Server Access Logs

Standard web server logs may contain IP addresses for security and abuse prevention. These logs are not used for tracking, analytics, or advertising purposes.

4. How Media Works

Photos and voice notes in 1-on-1 stranger chats are designed for maximum privacy:

Media is transmitted directly between users via WebSocket relay — never stored on any server
Self-destruct timers (3–10 seconds for photos, one-time play for voice notes) automatically remove media from the recipient's screen
Screenshot detection blackens the screen before capture and notifies the sender when an attempt is detected
NSFW content detection runs entirely in your browser using TensorFlow.js — no images are sent to any external server for analysis
GIFs and stickers are fetched from the GIF provider's CDN directly by your browser — not proxied through FlashChat servers

Important: While we implement self-destruct timers and screenshot detection, we cannot guarantee prevention of all capture methods on every device or operating system. Send media at your own risk.

5. Video Calls

FlashChat video calls use WebRTC technology:

Video and audio are transmitted peer-to-peer (P2P) directly between users whenever possible, or via our TURN relay server when P2P is not available (e.g., behind symmetric NAT or mobile data)
All WebRTC media is encrypted with DTLS/SRTP — industry-standard end-to-end encryption for real-time media
We do not record, store, or process any video or audio content
TURN relay servers process connection metadata (IPs) for routing purposes only — no media content is stored

6. FlashBot

FlashBot is our built-in AI chat companion. When you chat with FlashBot:

Your messages may be sent to Groq's inference API to generate a reply. This only applies to FlashBot conversations — your 1-on-1 stranger chats are never sent to Groq or any third-party AI
Groq processes messages per their own privacy policy
FlashBot conversations are not stored on our servers

7. Third-Party Services

FlashChat uses minimal third-party services:

Oracle Cloud: Database and object storage hosting for persistent features (profiles, cards, rooms, images). Data is stored in Oracle Cloud Infrastructure (ap-hyderabad-1 region).
Cloudflare: DNS and CDN services. Cloudflare may process connection metadata per their privacy policy.
jsDelivr CDN: Used to load TensorFlow.js for browser-side NSFW detection. The CDN provider may log access per their privacy policy.
Groq: Used for FlashBot AI responses only. See Section 6 above.
Google Analytics (with consent): We use Google Analytics 4 with Consent Mode v2. Analytics are only collected if you explicitly grant consent via the cookie banner. No analytics data is collected without your consent.

We do not use Facebook Pixel, advertising networks, or any other tracking services.

8. Data Retention

Data retention varies by type:

1-on-1 chat messages: Never stored. Relayed in real-time only.
Self-destructing media (photos, voice notes): Never stored on servers. Removed after viewing.
Session data (connections, matching, video call signaling): Cleared on disconnect or within 2 minutes.
Flash Cards and comments: Stored until you delete them, or indefinitely if not deleted.
Profiles: Stored and tied to your device ID. Clearing browser localStorage removes your device ID and effectively disconnects you from your profile.
Rooms and room messages: Stored while the room exists.
FlashBuddy connections and chat invites: Connections stored until removed. Invites expire after 2 hours.
Moderation reports and logs: Retained for legal compliance purposes.
Server access logs: Retained for a limited period for security purposes.

9. Children's Privacy

FlashChat is intended for users aged 18 and older. We do not knowingly allow minors to use this platform. If we become aware that a user is under 18, their access will be terminated and any associated data deleted. If you believe a minor is using FlashChat, please contact us at [email protected].

10. Your Rights

Since FlashChat does not require registration, most data is tied to your browser's localStorage device ID. You can:

Delete your Flash Cards and comments directly within the app
Delete your profile by clearing your browser's localStorage (which resets your device ID)
Leave rooms or delete rooms you created at any time
Remove FlashBuddy connections from within the app
Request data deletion by contacting us at [email protected] with your device ID
Withdraw analytics consent via the cookie settings at any time

11. Security

We take reasonable technical measures to protect your data:

All data in transit is encrypted via HTTPS (TLS 1.2+)
Video calls use DTLS/SRTP encryption
Database access is restricted to application servers only
Oracle Autonomous Database with mTLS wallet authentication
Rate limiting and abuse detection to prevent unauthorized access

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. Continued use of FlashChat after changes constitutes acceptance of the revised policy.

13. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (DPDPA). For users in the European Economic Area, we comply with applicable GDPR requirements on a best-effort basis.

14. Contact Us

For privacy-related questions, data deletion requests, or to report a concern:

Email: [email protected]
Grievance Officer: File a grievance
Website: flashchat.fun