Privacy Policy
overtchat is an open-source chat client that connects to a server you choose. This page describes what data the mobile app handles and what leaves your device. If you read one thing: the app is a client, we do not run a server for you, and the server you point it at is governed by whoever runs that server (which may be you).
What overtchat is
The mobile app is a thin client. On first launch you enter a server URL — usually one you self-host, but it can be any compatible deployment. Your chats, messages, projects, and uploaded files live on that server, not on our infrastructure. We do not operate a hosted backend.
What the app sends to your server
The app communicates only with the server URL you configured, over HTTPS or HTTP, in order to:
- sign you in and keep you signed in (a session cookie stored locally on your device),
- send your messages, attachments, and voice dictation audio to your server so it can talk to a language model on your behalf,
- load chat history, projects, and settings you have created on that server.
How that server stores, retains, or shares that data is governed by whoever administers it — that is a separate policy from this one. If you self-host, you are that administrator.
What is stored on your device
- The server URL you entered (in Android secure storage).
- Your auth session cookie (in Android secure storage).
- Your appearance preference (light / dark / system).
- Cached image previews and any files you have attached during a session.
Uninstalling the app removes all of the above. You can also clear the server URL from inside the app to start over.
What we collect
We — the publisher of the app — do not run a backend, so there is no usage analytics service, telemetry pipeline, or advertising SDK in the app. We do not know who installs it, how often it is opened, or what you type into it.
The one exception is crash reporting, described next.
Crash reporting (Sentry)
When the app crashes, a crash report is sent to Sentry, a third-party error monitoring service, so we can fix bugs. A crash report contains:
- the JavaScript error and stack trace,
- device model, OS version, and app version,
- a randomly generated install identifier (not tied to your name or email).
A crash report does not contain:
- the contents of your chats, messages, or attachments,
- your auth session cookie or any credentials,
- the server URL you configured.
Sentry is bound by their own privacy terms, linked above. If you would prefer no crash reports leave your device, you can build the app from source without the Sentry DSN configured.
Permissions and why we ask for them
- Microphone — used only when you tap the dictation button. The recording is sent to your configured server for transcription and is not retained on the device after the chat is sent.
- Camera — used only when you choose "Take Photo" to attach an image to a message.
- Photos / Storage — used only when you pick an image or document to attach to a message.
- Foreground Service / Media Playback — used so audio playback (text-to-speech) does not cut off when you switch apps.
None of these permissions cause data to leave the device on their own. Data leaves only when you send a message, and then only to the server URL you configured.
Children
overtchat is not directed at children under 13. We do not knowingly collect data from children, and as noted above, we do not collect data from anyone in the first place.
Changes to this policy
If we change this policy, we will update the "Last updated" date at the top of this page. The change history is visible on GitHub.
Contact
Questions or concerns? Open an issue at github.com/yoloyash/overtchat/issues.