Memeza Privacy Policy
Last updated: February 24, 2025
Privacy-by-Design. Memeza and XiranduTech are committed to a globally compliant, privacy-by-design approach. We collect only what is necessary for emergency SOS, decentralized messaging, and community safety. Your personal communications are encrypted end-to-end; we do not sell your data; and you retain sovereignty over access, deletion, and portability. By using Memeza, you agree to this policy.
1. Introduction
Memeza ("Memeza" or "the App") is a hybrid peer-to-peer (P2P) and cloud messaging application with Emergency SOS capabilities. It is operated by XiranduTech ("we," "us," or "our").
This Privacy Policy explains our decentralized data architecture, what data we collect, how we use and protect it, and your rights across jurisdictions. By using Memeza, you agree to this policy. If you do not agree, please do not use the App.
2. The Decentralized Data Architecture (Mesh Ecosystem)
Memeza operates across three distinct data layers. Understanding them helps you know where your data lives and who can access it.
- Local Data: Stored only on your device in a local database (Hive). This includes cached messages, drafts, and offline queues. Local data never leaves your device unless you send it or sync when online.
- Transit Data: Encrypted packets that move through peer devices when you are offline. This uses a gossip-style protocol: peers act as blind couriers—they facilitate delivery but cannot access the content. Only the intended recipient can decrypt the payload.
- Cloud Data: Data synced to our global infrastructure (Firebase) for cross-device availability and for authorized emergency responders. This includes account profiles, synced messages, SOS alerts, and reporter submissions once they reach the cloud.
3. Data We Collect
We collect the following categories of data:
- Account information: Email address, phone number (if used for sign-in), display name, optional profile photo
- Location data: Precise GPS coordinates (latitude, longitude)—collected only in the contexts described in Section 4 (Emergency Location Disclosure)
- User-generated content: Chat messages (encrypted), reporter submissions (title, body, images), emergency SOS messages and metadata
- Contacts: We may access your device contacts to help you find other Memeza users by phone number. This data is processed on-device for lookup purposes and is not uploaded to our servers.
- Device identifiers: FCM (Firebase Cloud Messaging) token for push notifications
- Photos and media: Images you select (e.g., for reporter submissions or admin broadcasts), and camera access for scanning QR codes to add contacts
4. Emergency Location Disclosure
Memeza is a safety app. As such, we collect precise location data in limited, purpose-specific cases.
When location is active: Your precise location (GPS) is collected and used only when you trigger an Emergency SOS alert or submit a Field Report. At all other times, we do not continuously track or store your location.
Global standard: Location data is never sold and never shared with third-party advertisers. It is shared only with authorized community responders as defined by app roles (e.g., emergency contacts, administrators, and responders with access to the Responder Dashboard) for the sole purpose of delivering life-safety and community safety services.
5. How We Use Your Data
We use your data to:
- Authenticate you and maintain your account
- Deliver Emergency SOS alerts, including your location, to your designated emergency contacts and app administrators
- Provide messaging (P2P and cloud-based), broadcasts, and reporter submission features
- Send push notifications for chat messages, SOS alerts, and admin broadcasts
- Store and sync your data (messages, contacts, alerts) across devices when online
- Support offline and hybrid messaging via local and peer-to-peer storage
6. End-to-End Encryption: Technical Guarantee
All personal communications and media in Memeza are encrypted using RSA-2048 (key exchange and signatures) and AES-256 (content encryption). This applies to direct messages, media attachments, and sensitive payloads that transit the mesh or the cloud.
Technical guarantee: The service provider (Memeza / XiranduTech) does not hold the private keys to user-to-user messages. Decryption keys remain on user devices. As a result, it is technically impossible for us to provide the content of your encrypted communications to third parties—including law enforcement or other authorities—even if requested. We can only provide metadata (e.g., that a message was sent at a given time) where we hold it; we cannot disclose what was said or shown inside the encrypted envelope.
7. Data Storage and Security
Your data is stored according to the three layers described in Section 2 (Mesh Ecosystem). In addition:
- Cloud (Firebase): Cloud Firestore and Firebase Storage hold account profiles, synced messages, emergency alerts, reporter submissions, and media. All data is transmitted over TLS.
- Local (Hive): Used for offline caching; message content in the cloud is stored with encryption metadata—only sender and recipient can decrypt it.
- Secure storage: Private keys and session tokens are stored in encrypted secure storage on your device and are never transmitted to our servers.
8. International Data Transfers
Memeza is a global app. Data may be stored on infrastructure in the United States, Europe, Asia, or other regions, and may be relayed through devices in any country via the P2P mesh or the cloud bridge.
We process data in accordance with international best practices and applicable law. By using the App, you consent to your encrypted data (including transit and cloud-synced data) being transferred across international borders—whether via the P2P mesh or the cloud—for the purposes of delivering the service, including emergency response and cross-device sync. We rely on appropriate safeguards (including encryption, contractual commitments, and where relevant, adequacy decisions or standard contractual clauses) to protect your data regardless of where it is processed.
9. Third-Party Services
We use the following third-party services that may process your data:
- Google Firebase (Authentication, Firestore, Cloud Storage, Firebase Cloud Messaging) — for authentication, database, file storage, and push notifications. Firebase is subject to Google's privacy policy: firebase.google.com/support/privacy.
- Buy Me a Coffee — If you choose to support us, you may be directed to an external donation page. That site has its own privacy policy; we do not control it.
10. Data Sharing
We share your data in these limited ways:
- Emergency SOS: When you trigger SOS, your sender ID, name, message, and GPS location are shared only with (1) users you have designated as emergency contacts, and (2) app administrators. This is necessary to deliver life-safety alerts.
- Chat messages: Messages are shared only with the intended recipient(s) in each chat room.
- Reporter submissions: Submitted reports (title, body, images) are visible to administrators for moderation.
- Broadcasts: Admin broadcasts (including any media) are sent to users based on their role or to all users.
We do not sell your personal data to third parties.
11. Permissions and Why We Need Them
Memeza requests the following permissions:
- Location (including background): Required only for Emergency SOS to include your GPS coordinates in the alert so responders can find you.
- Camera: Used to scan QR codes when adding contacts.
- Contacts: Used to find Memeza users by phone number; data stays on your device for lookup.
- Bluetooth and WiFi: Used for peer-to-peer messaging when internet is unavailable (BLE relay, WiFi Direct).
- Notifications: To deliver chat messages, SOS alerts, and admin broadcasts.
- Storage / Photos: To select images for reporter submissions and admin broadcasts.
12. User Rights (User Sovereignty — Global Citizen)
We harmonize rights recognized under frameworks such as the GDPR (EU), CCPA (California), POPIA (South Africa), and similar laws into a single set of User Sovereignty rules. Regardless of where you are, you have the following rights:
- Right to Access: You can view your stored data. In the app, you can see and correct your profile (display name, email, phone) in settings. For a full copy of the data we hold about you, contact us at the address below.
- Right to be Forgotten: You can delete your account and all associated cloud-synced data. You may delete your Firebase Auth account from the app; for complete removal of all Firestore and cloud data linked to your account, contact us and we will process your request in accordance with our retention and deletion procedures.
- Right to Portability: You can export your data. We support export of your community reports and broadcast history (where applicable) in a machine-readable format. Contact us to request an export.
- Additional controls: You can opt out of push notifications in your device settings, and you may deny location permission—SOS alerts will still be sent but without GPS coordinates.
13. Children
Memeza is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have collected such data, please contact us immediately so we can delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised policy at this URL and update the "Last updated" date. Continued use of Memeza after changes constitutes acceptance of the updated policy.
15. Contact Us
For questions, data access requests, or account deletion requests, please contact us at:
You can also visit memeza.org for more information about Memeza.