MISDCON

Overview

MISDCON is a location-based note-leaving app built on a privacy-first architecture. Your location data never leaves your device. We do not collect, store, or transmit your GPS coordinates to any server. Your use of MISDCON is also governed by our Terms of Service.

What data stays on your device

GPS coordinates — Your precise location is processed entirely on your device using local SQLite storage. Coordinates are never sent to our servers or any third party.
Route history — Your movement trail is stored locally and automatically deleted based on your chosen retention period (default: 7 days). You control this setting.
Profile information — Your display name, age range, gender, and social links are stored locally on your device only.

What data leaves your device

Zone keys — When you drop a note, a coarse geographic zone key (approximately 1km grid) and the note text are sent to our server (Cloudflare Workers). This zone key cannot be reverse-engineered to determine your precise location.
Anonymous device identifier — A SHA-256 hash of your device's unique ID is used to associate notes with your device. This hash cannot be traced back to you personally.
Note content — The text you write in notes, verification questions, and verification answer hashes are stored on Cloudflare KV (key-value storage).

What we do NOT collect

No email address
No phone number (stored locally only)
No real name (display name is stored locally only)
No social media accounts (stored locally only)
No precise GPS coordinates on any server
No browsing history or app usage analytics
No advertising identifiers
No contact list or address book data

Identity model

MISDCON uses a device UUID identity model. You do not create an account, provide an email, or sign in with any service. Your identity is your device. If you delete the app, your identity is gone.

Location permissions

Foreground location is used to show nearby notes and let you drop notes at your current location.

Background location (optional, opt-in) is used to record your route trail on your device so you can scrub back through your day and drop notes at places you visited earlier. Background location data is stored exclusively in local SQLite on your device and is never transmitted.

Data retention

Route points: Automatically deleted based on your chosen retention period (2 days to 1 year, default 7 days)
Notes on server: Active until matched or expired (configurable)
Local profile: Persists until you clear data or delete the app

User-generated content

When you drop a note, the text you write — including note content, subject descriptions, verification questions, and verification answer hashes — is transmitted to and stored on Cloudflare Workers and KV. Chat messages between matched users are processed through Cloudflare Durable Objects.

MISDCON employs automated content filtering to detect prohibited language before notes are published. If content is reported by other users, it may be reviewed by our moderation team. Content that violates our Terms of Service will be removed and the responsible user may be permanently blocked.

Users can report notes from the note detail screen and report or block other users from the chat interface. All reports are reviewed within 24 hours.

Third-party services

Cloudflare Workers & KV — Server infrastructure for note storage and matching. Cloudflare's privacy policy applies to server-side data processing.
Apple Maps (iOS) / Google Maps (Android) — Map rendering. Standard platform map APIs. We do not send additional data to these services beyond what the map SDK requires.
Expo / React Native — App framework. No data is collected by these frameworks in production builds.

Children's privacy

MISDCON is intended for users 18 and older. We do not knowingly allow users under 18 to use the app. If we learn that a user under 18 has used the service, we will take steps to remove their data.

Your rights

You can delete all your local data at any time from the Profile screen ("Clear all data"). Since we do not collect personal information on our servers, there is no server-side data to request or delete — your anonymous zone keys and note content cannot be linked to your identity.

Canadian privacy compliance

MISDCON is developed in Calgary, Alberta, Canada. Our architecture is designed to comply with PIPEDA (Personal Information Protection and Electronic Documents Act) and provincial privacy legislation through data minimization — we minimize personal information collection by processing location entirely on-device.

Changes to this policy

We may update this policy as the app evolves. The "Last updated" date at the top reflects the most recent revision.

Contact

For privacy questions: [email protected]

EliomMags Studio — Calgary, Alberta, Canada