diff --git a/README.md b/README.md index cb587b2..d45604f 100644 --- a/README.md +++ b/README.md @@ -86,4 +86,36 @@ --- +### Data and Privacy + +- Messages once decrypted are stored as plain text within `SmallTalk's` database. _Always encrypted messages_ comes at the cost of performance and limits features like local search. If maximum security is your number priority, `SmallTalk` is not the best option. This database is not easily accessed without rooting or external hardware. + +- (Not yet implemented and may be configurable) Images once decrypted are stored in their plain form within the devices media directories, organised by room metadata. + +- Push notifications contain no sensitive data by using the [event_id_only](https://github.com/ouchadam/small-talk/blob/main/matrix/services/push/src/main/kotlin/app/dapk/st/matrix/push/internal/RegisterPushUseCase.kt#L31) configuration. Push notifications are used as a _push to sync_ mechanism, where the on device sync fetches the actual contents. + +- Passwords are **NEVER** stored within `SmallTalk`. + +- `SmallTalk` does not explicitly talk to servers other than your home-server or track what you do. __*__ + - __*__ There is no `SmallTalk` server capturing data from the application however the Google variant likely includes transitive telemetrics through the use of `Firebase` and `Google Play Services` integrations. + +- `SmallTalk` is completely free and will never feature adverts or paid app features. + +--- + +`SmallTalk` comes in two flavours, `Google` and `FOSS` + +##### Google +- Available through the [Google Play Store](https://play.google.com/store/apps/details?id=app.dapk.st) and [Github Releases](https://github.com/ouchadam/small-talk/releases). +- Automatic crash and non fatal error tracking via [Firebase Crashlytics](https://firebase.google.com/products/crashlytics). +- Push notifications provided through [Firebase Cloud Messaging](https://firebase.google.com/docs/cloud-messaging). + +##### FOSS +- Available through the [IzzySoft's F-Droid Repository](https://android.izzysoft.de/repo) and [Github Releases](https://github.com/ouchadam/small-talk/releases). +- No Google or Firebase services (and their transitive telemetrics). +- No crash tracking. +- No push notifications by default, a separate [UnifiedPush](https://unifiedpush.org/) [distributor](https://unifiedpush.org/users/distributors/) is required. + +--- + #### Join the conversation @ https://matrix.to/#/#small-talk:iswell.cool