JustZappIt
JustZappIt

Zapp App Privacy Policy

Last updated: June 11, 2026

This Privacy Policy covers the Zapp mobile application for Android (package xyz.justzappit.zapp), published by JustZappIt ("we", "us", or "our"). It explains what information the app handles, what leaves your device, and who can see it. The JustZappIt website has its own, separate website privacy policy.

1. The short version

  • Zapp is a non-custodial Zcash wallet with built-in private messaging. Your keys, your funds, your messages: they live on your device, not on our servers.
  • We do not require an account. There is no sign-up, username, email, or phone number.
  • The app contains no analytics, no advertising, and no tracking SDKs. We do not collect usage data, and we never sell data. We have essentially nothing to sell.
  • Messages are end-to-end encrypted. We cannot read them.

2. Information stored only on your device

The following never leaves your device and is never transmitted to us: your recovery (seed) phrase and private keys (protected with Android Keystore-backed encryption), wallet balances and transaction history, your chat identity (derived locally from your wallet seed), chat message history, your address book, and app settings. Uninstalling the app permanently deletes all of it from the device.

3. Information that leaves your device

Like any wallet and messenger, Zapp must talk to networks to work. Here is everything that leaves the device, and who receives it:

  • Zcash network synchronization: the app connects to third-party Zcash light-client servers ("lightwalletd", e.g. servers operated by zec.rocks and others) to fetch blockchain data and broadcast your transactions. These servers necessarily observe your IP address and the transactions you broadcast. The app supports routing this traffic over Tor, which you can enable in settings.
  • Public blockchains: transactions you send are recorded permanently on the public Zcash network (and, when you use the offramp feature, the Base network). Shielded Zcash transactions protect amounts and addresses on-chain by design.
  • Peer-to-peer chat: messages are end-to-end encrypted on your device and delivered directly to your contact over a peer-to-peer network or, when your contact is offline, temporarily held by a relay server we operate. The relay stores only ciphertext it cannot decrypt, solely until delivery, and it is then discarded. As with any peer-to-peer system, peers and relays you connect to can observe your IP address and connection metadata, but never message content.
  • Location sharing (optional): if you tap the share-location button in a chat, the app asks for the location permission and sends your coordinates once, end-to-end encrypted, to that chat recipient only. Your location is never sent to us and is never collected in the background. You can decline or revoke the permission at any time; the rest of the app is unaffected.
  • Camera (optional): used to scan QR codes and take photos you choose to send in chat. Scanning happens entirely on the device. Attachments you pick use the Android system photo picker, so the app has no general access to your photo library.
  • Swaps (optional): if you use the swap feature, the addresses and amounts required to quote and execute the swap are sent to the third-party swap service that fills it.
  • Offramp (optional): if you use the offramp feature, your order is executed by the third-party P2P.me protocol on the Base network via standard blockchain infrastructure providers. Order data lives on the public blockchain; the payment details you exchange with your trade counterparty (such as a UPI ID) are transmitted encrypted and are not received by us. Exchange-rate lookups are opt-in and fetched anonymously.

4. What we never do

  • No analytics or telemetry of any kind.
  • No advertising and no advertising identifiers.
  • No automatic crash reporting: crash logs stay on your device and are shared only if you explicitly choose to export and send them.
  • No selling, renting, or monetizing of user data.

5. App permissions

  • Camera: scanning QR codes and taking photos for chat. Optional.
  • Location: only for the user-initiated share-location chat feature described above. Optional, never used in the background.
  • Biometrics: unlocking the app with your fingerprint or face. Biometric data is handled entirely by Android and never leaves the device.
  • Network access: syncing the wallet and delivering messages.

6. Data retention and deletion

Because your data is stored on your device, you delete it by deleting it there: use the in-app reset and delete options, or uninstall the app. We retain nothing about you on our side to delete. The encrypted message blobs temporarily held by our relay for offline delivery are automatically discarded. The one thing nobody can delete is the public blockchain itself: confirmed transactions are permanent by design.

7. Security

Keys are encrypted at rest using Android Keystore; sensitive screens are protected against screenshots and screen recording; the app can be locked behind your device biometrics. Because Zapp is non-custodial, your recovery phrase is the only backup of your funds. We cannot recover it for you, so store it safely offline.

8. Children

Zapp is a financial application and is not directed at or intended for anyone under the age of 18.

9. Changes to this policy

We will update this page when our practices change and revise the "Last updated" date above. Material changes will be called out in the app's release notes.

10. Contact

Questions or requests about privacy: hello@justzappit.xyz.