Privacy Policy

This Privacy Policy explains how HexDroid IRC handles information. The app is free, open-source, and contains no advertising SDKs.

The short version

The developer does not collect analytics, advertising identifiers, or crash reports.
The developer does not sell or share your data with third parties for commercial purposes.
IRC messages are sent to the servers and users you choose — this is the core function of the app.
Credentials are stored encrypted on your device and are excluded from Android backups.
Any logging of chat messages is opt-in, local only, and you control where logs are stored.

To function as an IRC client, HexDroid processes the following data — all of which you provide explicitly:

Network connection data: server hostname, port, TLS setting, nickname, username, real name, and optional server password.
Authentication credentials (optional): SASL authcid and password, or a TLS client certificate — stored encrypted on-device via Android's EncryptedSharedPreferences and never included in backups.
User-generated content: messages you send and receive, channel names, nicknames, and server metadata. This data is transmitted to IRC servers as part of normal IRC protocol operation.
File transfer data (optional, when DCC is enabled): DCC transfer metadata and file contents when sending or receiving files.

What the developer collects

Nothing. The developer does not run any analytics, error reporting, or advertising systems within the app. The app does not send usage data to the developer's servers. There are no third-party analytics SDKs.

If you contact support by email or via GitHub Issues, any information you voluntarily share is handled under standard email / GitHub privacy policies respectively.

Third parties

IRC is a federated, open protocol. When you connect to an IRC server, your nickname, hostmask, and messages are visible to the server operators and other users in the channels you join. Those third parties operate under their own privacy policies, not controlled by the developer.

DCC (Direct Client-to-Client) transfers establish a direct network connection with the user you're transferring with. File contents are transmitted directly between clients.

On-device storage

Network profiles and preferences are stored in app-private storage on your device.
SASL credentials are stored using Android's EncryptedSharedPreferences, which encrypts data with a key stored in the Android Keystore. They are excluded from Android's backup system.
Chat logs (optional, off by default): if you enable logging, log files are saved to app-private storage or a folder of your choice (selected via the Android Storage Access Framework).
DCC received files: saved to your Downloads folder (or a custom folder you specify) when DCC is enabled.

Data retention & deletion

All app data (settings, credentials, in-memory scrollback) is deleted by uninstalling the app or clearing its data in Android Settings → Apps → HexDroid → Storage → Clear data.
Chat logs (if enabled) are automatically deleted after the retention period you configure (default: 14 days).
DCC received files remain in your Downloads (or custom folder) and can be deleted normally through your device's file manager.

Android permissions

INTERNETRequired to connect to IRC servers.

ACCESS_NETWORK_STATEUsed to detect connectivity changes and trigger auto-reconnect.

POST_NOTIFICATIONS (Android 13+)Required to show highlight and connection status notifications.

VIBRATEOptional haptic feedback on highlight notifications.

FOREGROUND_SERVICEUsed only when "Keep alive in background" is enabled, to maintain IRC connections.

Storage access (via SAF, granted on demand)Only requested if you use a custom log folder or custom DCC download folder.

Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date. Significant changes will be noted in the app's release notes.

Contact

Email: android@boxlabs.co.uk

IRC: irc.afternet.org channel #HexDroid