FlirtSpot Home
🛠️ Technical Whitepaper

FlirtSpot v2.0

The complete technical specification of the Self-Cleaning architecture — anonymous profiles, identity standards, dual-mode networking, 24-hour auto-wipe, and forensic data sanitization.

v2.0.4 Target: API 36 (Android 15) Min: API 26 (Android 8.0)
01

Identity & Anonymous Profiles

FlirtSpot utilizes UUID version 7 for peer identification in anonymous profiles. Unlike standard random UUIDs, version 7 is time-ordered, providing two primary benefits:

Anonymous Profiles

No personal information attached — no email, no phone, no social login. Anonymous by design.

Chronological Integrity

Peer IDs naturally sort by creation time, aiding in session management without storing timestamps.

peer_identity.json
{
  "peerId": "018f3a2b-1234-7abc-8def-0123456789ab",
  "structure": "[48-bit Timestamp] + [12-bit Ver/Var] + [62-bit Random]"
}
02

Dual-Mode Communication

Device A Device B ☁️ WSS Relay MODE A: ENCRYPTED RELAY MODE B: DIRECT P2P ⚡ Bluetooth / Local Link
☁️

Mode A: WebSocket Relay

  • Transport: Encrypted WebSocket (WSS) via OkHttp
  • Payload: Binary serialization using Protocol Buffers (Protobuf) to minimize latency and metadata leakage
  • Infrastructure: Proprietary relay servers operating on a Zero-Disk Policy. All traffic handled in volatile RAM; user data (username, selfie) auto-wiped 24h after last activity

Mode B: Direct P2P

  • Protocol: Hardware-to-hardware proximity links
  • Discovery: Low-energy beaconing for peer detection
  • Privacy: No server, no middleman, zero possibility of remote logging
03

Media Lifecycle & Forensic Wipe

FlirtSpot does not rely on simple file deletion. We implement a Forensic Wipe Protocol to prevent data recovery from physical storage. User data from anonymous profiles (username and selfie) is automatically wiped 24 hours after last activity, or can be instantly erased via the Delete Profile button on the profile page.

Lifecycle Stage Action Security Layer
Ingress Encrypted write to Context.cacheDir App-Private Sandboxing
Display 60-Second Countdown FLAG_SECURE
Expiry Secure Overwrite 3-Pass Random Bit Injection
Finalization File Descriptor Removal System-Level Deletion
Ingress
Encrypted cache write
Display
60s countdown + FLAG_SECURE
Overwrite
3-pass random bit injection
Gone
File descriptor destroyed
04

Local Data Persistence (Room)

The local SQLite database is the only place where interaction history resides. Users have total control over their local history, which is never synced to any cloud service.

👤

MyProfile

Encrypted local settings for your anonymous profile and immutable gender ID. Stored exclusively in the app's private sandbox. Auto-wiped 24 hours after last activity, or instantly via the Delete Profile button.

📡

DiscoveredPeers

Temporary cache of nearby signals discovered via automatic hardware handshake. Purged on app close. No persistent record of who you've encountered.

💬

MessageLog

Interaction history with 24-hour auto-wipe. After 24 hours of inactivity, all message data is forensically wiped. Need it gone sooner? Hit Delete Profile in Settings to erase everything instantly.

room_entities.kt
@Entity
data class DiscoveredPeer(
    @PrimaryKey val peerId: String,
    val connectionTag: String,
    val discoveredAt: Long,
    val mode: ConnectionMode  // RELAY | P2P
)

// Auto-purged on onDestroy()
fun clearDiscoveryCache() = dao.deleteAll()
05

Server-Side Self-Cleaning

Our relay servers retain your anonymous profile's username and selfie for up to 24 hours after your last activity, then everything is auto-wiped. You can also trigger an immediate wipe at any time using the Delete Profile button in Settings — this erases your data from both the device and the server without waiting.

1

24-Hour Auto-Wipe

The server automatically purges all session data, public keys, and tokens 24 hours after your last activity. No manual action needed.

2

Instant Delete Profile

Don't want to wait? The Delete Profile button in Settings immediately erases your anonymous profile from both the device and the server — username, selfie, keys, everything.

3

Total Amnesia

Once the 24-hour window expires or Delete Profile is triggered, the server retains no record of the Peer ID or the duration of the connection. As if you were never there.

06

Versioning & Compliance

Whitepaper Version
2.0.4
Target Android SDK
API 36 (Android 15)
Minimum Android SDK
API 26 (Android 8.0)
Privacy Standards
GDPR & CCPA
Engineered for GDPR and CCPA compliance through total data avoidance.