Pigeon Privacy Policy

Overview

Pigeon is an offline-capable encrypted messaging app. It is designed to minimize data collection: no advertising, no tracking SDKs, no analytics pipeline, and no required account with Pigeon.

This policy explains what information Pigeon stores locally, what may be visible to nearby devices or optional relay servers, and what we do not collect.

Information Pigeon Does Not Collect

Pigeon does not collect or receive:

• Your message plaintext.
• Your private identity keys or session keys.
• Your phone number, email address, or account password.
• Your contacts address book.
• Advertising identifiers.
• Analytics events or behavioral tracking data.

Information Stored On Your Device

Pigeon stores information locally so the app can function. This may include your device identity, contacts you add, safety numbers, encrypted conversations, relay settings, and app preferences.

Your long-term private identity key is generated on your device and stored using the Apple Keychain. Message and conversation data are intended to remain on your device unless you choose to send a message to another Pigeon user.

Messages And Encryption

Pigeon messages are end-to-end encrypted between devices. Transport layers, including Bluetooth peers and optional relays, move encrypted data and are not supposed to receive plaintext message content.

Recipients can read messages you send to them. Anyone with access to an unlocked recipient device may also be able to view messages on that device.

Bluetooth And Local Discovery

Pigeon uses Bluetooth to discover and communicate with nearby devices. Nearby observers may be able to detect Bluetooth activity and related radio metadata, such as the fact that a device is using Pigeon nearby. Bluetooth transport metadata is not the same as message plaintext.

Optional Relays

Pigeon can be configured to use relay servers for delivery when devices are not in Bluetooth range. Relays are optional. If no relay endpoint is configured, Pigeon operates without Pigeon relay infrastructure.

A relay may receive mailbox public keys, encrypted ciphertext, timestamps, delivery acknowledgments, and standard network metadata such as IP addresses. Relays are designed not to receive private keys and not to decrypt message contents.

If you use a relay operated by someone else, that operator's handling of server logs and network metadata may be governed by their own policies.

Website Logs

When you visit this website, the hosting provider may process standard web server information such as IP address, browser type, requested pages, and timestamps to deliver the site and maintain security. This website does not use advertising cookies or tracking pixels.

Open Source Project

Pigeon is developed as an open source project. You can review the source code, documentation, and issue history on GitHub and in the project docs.

Open source availability makes review and contribution possible, but it is not a substitute for your own risk assessment or a formal security audit.

Children's Privacy

Pigeon is not directed to children under 13. We do not knowingly collect personal information from children.

Data Sharing

We do not sell personal information. We do not share data for advertising or cross-app tracking. Data may be disclosed if required by law, or as necessary to operate hosting and relay infrastructure, but message plaintext and private keys are not designed to be available to that infrastructure.

Your Choices

• You can remove relay endpoints to use only local Bluetooth transport.
• You can delete contacts and conversations from your device.
• You can reset your Pigeon identity, but doing so breaks existing trust relationships with peers.
• You can uninstall Pigeon to remove app data managed by iOS.

Changes

We may update this policy as Pigeon changes. If the app's data practices change materially, this page and the App Store privacy information should be updated before release.

Contact

For privacy questions or support, email [email protected].