Privacy Policy
Effective: 10 May 2026.
This is the privacy policy for KiekR, an iOS and Android application (the "app") operated by Marcel Verdult, an individual developer based in Germany. It also covers the websites kiekr.app, map.kiekr.app, and the contribution API at api.kiekr.app.
The short version
- We do not operate user accounts, profiles, or any login system. There is nothing to sign up for.
- We only store data you explicitly contribute through the app — coverage observations from the MeshCore mesh. Our database contains no email addresses, no phone numbers, no IP addresses, and no real-world identities.
- We do not use analytics, crash reporting, advertising, cookies, or any third-party SDKs that collect data.
- Everything the app stores locally — messages, contacts, node lists, settings — stays on your device, in the app's private sandbox.
What the app accesses on your device
KiekR requests the following permissions. Each is used only for the purpose below, and only on your device.
Bluetooth
Used to connect to a MeshCore-compatible LoRa radio you own. The app exchanges messages with the radio over Bluetooth. It does not scan for or track any other Bluetooth devices.
Location (when in use)
Optional. When granted, location is used only for two purposes, both on-device:
- Filtering the Nodes list by distance from your current position.
- If, and only if, you configure your node from the MyNode screen to include coordinates in its advert, those coordinates are broadcast as part of the advert your node transmits onto the MeshCore mesh network. This is a per-node firmware setting on the radio itself; the app simply lets you change it. It is off until you turn it on, and can be turned off again at any time.
Your location is never sent to api.kiekr.app or to any other server we operate. The only way your coordinates leave your device is the optional advert broadcast described above, which travels peer-to-peer over LoRa radio inside the MeshCore mesh.
MeshCore mesh traffic
Messages you send through the app are relayed over the MeshCore LoRa mesh network. This is a decentralised peer-to-peer network operated by its participants; there is no central operator, including us. Messages travel over sub-GHz radio, hop by hop, between user-owned radios. End-to-end encryption (X25519, ChaCha20-Poly1305, SHA-256) is applied to direct messages and channel messages as per the MeshCore protocol.
Once a message leaves your device, it is outside our control. We have no ability to see, log, intercept, or recover messages.
What you contribute through the app
KiekR includes optional features that let you contribute to the public coverage map at map.kiekr.app. When (and only when) you actively use one of these features, the app uploads the following kinds of data to our API at api.kiekr.app:
- Relayed adverts — when your radio hears another MeshCore repeater's broadcast, the app may forward that advert (the repeater's public key, name, and self-reported coordinates) to the API. We use these forwarded adverts purely as a freshness signal — proof that the repeater was alive on the mesh at the time of the relay — so stale repeaters can be flagged or dropped from the map. They are not used to compute coverage or shape any polygon.
- Admin claims — if you administer a MeshCore repeater, you can publish it to the map. The app uploads the repeater's public key, name, location, and its current list of heard neighbours.
- Region tags — you can tag a repeater you administer with the regions it serves (e.g. "de-hh" for Hamburg). The app uploads the public key and the region list.
Each upload is signed with an Ed25519 keypair the app generates on first use, dedicated solely to map contributions. This contribution keypair is separate from your MeshCore identity and is not linked to any email address, phone number, or device identifier we hold.
You can opt a repeater out of the map entirely by including the no-entry symbol 🚫 anywhere in its MeshCore advert name — the API rejects any upload for such a repeater and prunes existing rows on the next sync. To request removal of a specific repeater from the map, email us the repeater's public key together with brief proof that you administer it (for example, a screenshot of a successful admin-login session on the repeater, or an admin-channel message sent from it). We do not ask for the contribution keypair — it is internal to the app and you are not expected to know it.
The contribution API at api.kiekr.app
The API stores only what is needed to render the public coverage map and prevent abuse. Specifically: claimed repeaters (public key, name, location), inference observations from relayed adverts, neighbour links between repeaters, region tags, short-lived authentication challenges, and a public revocation list. No personal data is stored, including no email addresses, no phone numbers, no real names, and no IP addresses.
Submitter public keys are pseudonymous identifiers under GDPR Art. 4(5). They are required for cryptographic anti-abuse purposes (signed requests, rate-limiting, revocation) and we have no means to associate them with a natural person on our own.
The public revocation list
We publish a public list of contribution public keys we no longer accept uploads from. Adding a key to that list, and publishing it, are a distinct processing operation from the ordinary contribution flow. Entries are added only where there are concrete grounds: fabricated data, impersonation of another operator, repeated 🚫 stop-sign violations on the same repeater key, or a third-party complaint backed by prima facie evidence.
Lawful basis: Art. 6 (1) (f) GDPR — our legitimate interest in keeping an open, abuse-resistant contribution API, weighed against the limited intrusion of publishing a pseudonymous public key with no other personal data attached. The list is public because clients of the API need to be able to verify it. Where there is a feasible way to reach the key holder (typically by emailing the admin of the repeater key in question), we notify them before adding the entry. Retention: as long as the abuse-prevention interest persists. We reassess entries on request and remove them where the legitimate interest no longer outweighs your rights under GDPR Art. 17 / Art. 21.
The map at map.kiekr.app
The map page is a static HTML/JavaScript application that fetches public coverage data from api.kiekr.app and renders it with the Leaflet library. We use no cookies, no tracking pixels, no fingerprinting, no analytics, and no advertising. No third-party scripts are loaded.
Map tiles are loaded from third-party tile servers — OpenStreetMap (tile.openstreetmap.org), Carto (basemaps.cartocdn.com), or OpenTopoMap (tile.opentopomap.org), depending on the basemap you select. Fetching a tile sends a request to that provider, exposing your IP address to them under their own privacy policies. To prevent this happening without your knowledge, the map loads no tiles at all until you explicitly click "Load map" — no tile request is made before that consent, which is remembered in your browser. We have no relationship with these providers and receive nothing from those requests.
The map page uses your browser's localStorage to remember your zoom level, map centre, link/region filters, which regions you have hidden, and whether you have agreed to load map tiles. This data stays in your browser, is never sent to us, and is strictly necessary to provide the map service you requested (TTDSG/DDG § 25 (2) no. 2). For this reason, no cookie consent banner is shown. You can clear localStorage at any time through your browser settings.
The website kiekr.app
The kiekr.app landing site serves static content only. We do not use cookies, tracking pixels, fingerprinting, analytics, or advertising.
Server logs
Our web host produces standard HTTP request logs (IP address, user agent, requested path, timestamp) for operational and abuse-prevention purposes. These logs are retained for no longer than 30 days, are not joined to any database row, and are never shared with third parties. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operating and securing the service).
Your rights under GDPR
Under GDPR you have the right to access, rectify, erase, restrict, and port any personal data we hold about you, and to object to processing. We never asked who you are, so the only data points that could be linked back to a person are pseudonymous public keys. The honest picture of what that means in practice:
- MeshCore repeater public keys you administer. If you have published a repeater to the map (admin claim or region tag), you can have it removed at any time. Email us the repeater's MeshCore public key together with brief proof that you administer it (for example, a screenshot of a successful admin-login session on the repeater). We will delete the associated rows and add the repeater key to the public revocation list.
- Your in-app contribution public key. The app generates and uses this key silently to sign uploads; we never see who you are. We have no operational way to associate this key with you, which means there is no practical erasure path for relayed-advert rows on a per-individual basis. If you nevertheless know the key (it can in principle be extracted from the app's local data) you may include it in an erasure request and we will remove the rows it signed.
- Server logs. Standard HTTP logs are kept for at most 30 days and are not joined to any database row, so we have no way to extract or delete an individual user's log lines on request. They roll off automatically.
You also have the right to lodge a complaint with a supervisory authority. In Germany this is the data-protection authority of your federal state, or — for Lower Saxony as our establishment — the Landesbeauftragte für den Datenschutz Niedersachsen.
Changes to this policy
If this policy changes in a way that materially affects your privacy, we will update the effective date above and, where practical, note the change in a subsequent app release. The current version is always at kiekr.app/privacy.
Contact
Marcel Verdult Westfalenstrasse 18 26954 Nordenham, Germany