1. Scope and provider
This policy describes how BeeOrbit processes information when you use the international BeeChat Android application, website, account services, messaging services, and support channels.
2. Information we process
Account and profile information
Email address, username and display information, password verifier and salt, invitation records, account and session identifiers, account status, profile text, avatar reference, email-verification state, and account-security settings.
Device, authentication, and security information
Client-instance and device registrations, public cryptographic keys and prekeys, authentication sessions, security events, IP address, user agent, request timestamps, and abuse-prevention records. Private encryption keys are designed to remain on your devices.
Connections and service activity
Friend requests and relationships, blocked-contact settings, group and conversation membership, notification and read state, message delivery state, account preferences, and other actions needed to operate the service.
Messages, media, and files
Supported messages, chat media, attachments, and BeeDrive content are designed to be encrypted before upload. The service processes encrypted payloads and the routing metadata needed for delivery, including account and conversation identifiers, sequence numbers, timestamps, delivery state, file size, and encrypted or placeholder media metadata. Other participants may retain copies of content delivered to them.
Support and safety reports
If you contact support or report abuse, we process the contact details, description, attachments, and other evidence you choose to provide so we can respond, investigate, and protect users.
3. Android permissions
- Internet: account, messaging, synchronization, media, email-security, and configuration services.
- Camera: scanning BeeChat friend QR codes. Camera access is requested at the point of use.
- Notifications and vibration: user-controlled local message and service alerts.
- Foreground service and remote-messaging service type: keeping the user-enabled real-time connection active on supported Android devices.
The current Android manifest does not request location, microphone, phone, SMS, call-log, calendar, or address-book permissions.
4. How information is used
- Create accounts, authenticate users, verify email access, and secure sessions.
- Provide friends, groups, messaging, media, BeeDrive, notification, backup, and account-management functions.
- Deliver and synchronize encrypted messages and supported account state.
- Detect abuse, enforce our rules, protect service integrity, and investigate security incidents.
- Respond to support, safety, privacy, and account-deletion requests.
- Meet applicable legal obligations.
5. Encryption and local storage
BeeChat uses Signal-style cryptographic components and device-side keys for supported conversations. The server stores encrypted envelopes and delivery metadata and is not designed to hold users’ private messaging keys. On the device, authentication tokens use secure storage. BeeChat also uses local databases and caches for conversations, messages, settings, pending operations, and media. Sensitive local content fields and cache bytes are protected with device-derived encryption; this is not whole-device or whole-database encryption, so structural metadata such as routing, time, and size may remain visible to the operating system or device owner.
6. Service providers and sharing
BeeChat currently uses Tencent-hosted VPS and PostgreSQL infrastructure for the business API and account data, Cloudflare R2 for encrypted media and file storage, and Resend for transactional security email. These providers process data on our instructions to provide their services. We do not sell personal information and the current application does not include advertising, behavioral analytics, crash-reporting, or remote-push SDKs. We may disclose limited information when legally required or when necessary to protect users, investigate abuse, or secure the service.
7. Retention
Account and security records are retained while an account is active and for the periods needed to operate and secure the service. Current default server policy keeps undelivered encrypted messages for up to 7 days, delivered-message cache for a 1-day grace period, and incremental synchronization data for no more than 30 days. Chat media follows a default 7-day delivery window plus a 1-day delivered grace period. Local copies and backups remain on users’ devices until users remove them. Security, abuse-prevention, audit, dispute, and legally required records may be retained for a limited period based on their purpose.
8. Account and data deletion
You can request deletion in BeeChat under account security settings or through the public account deletion page. After required identity verification, active sessions are revoked; email, password records, profile fields, avatar, active device and authentication material, friend relationships, and pending friend requests are removed or invalidated. The account becomes permanently unavailable for login.
To preserve other users’ conversation history, prevent username impersonation, and maintain conversation integrity, BeeChat currently retains the internal user ID, username, normalized username, conversation membership references, and encrypted historical message records until they expire under the applicable retention policy. These records are marked as belonging to a deleted account and cannot be used to restore the account. Content already delivered to other users and their device backups is not deleted from those users’ devices.
9. Your choices
You may update profile information, manage notification and discovery settings, block contacts, manage devices, export or delete local data, request account deletion, and contact us with privacy questions. See the Data Safety disclosure for a code-based summary.
10. Children and safety
BeeChat is not directed to children below the minimum age required to consent to online services where they live. Child sexual abuse and exploitation are strictly prohibited. See our Child Safety Standards and Community Guidelines.
11. Changes
We may update this policy when BeeChat, its permissions, providers, or data practices change. Material changes will be reflected by an updated effective date and, where appropriate, an in-app notice.
12. Contact
For privacy questions or requests, email support@beeorbit.net. For security, abuse, or child-safety reports, email security@beeorbit.net. Never email a password, private key, recovery secret, or unredacted government ID.