Updated on: 28 June, 2015

Technitium Bit Chat Privacy Policy

This document will help you understand what personal information we collect, what we don't collect/know, who can view it and how its used.

Information We Collect

Before you use Bit Chat, you are asked to register for a profile certificate which is basically a digital certificate. All the information that you provide during the registration is mentioned in the digital certificate and stored in our database for reference. The name, email address and country fields are required for the registration while other fields are optional. Apart from the data that you provide during registration, we store your operating system version (via user-agent), IP address and timestamp information for statistical purpose. You may use any of the VPN services during registration process to mask your real IP address.

We are using Google Analytics on bitchat.im website and also keep web server logs for statistical purpose. You may use any script blocking addon in your browser to prevent running Google Analytics.

Bit Chat uses Certificate Revocation List (CRL) feature via HTTPS API calls to technitium.com to verify your and your peer's certificate. You can read the certificate details to find the url that will be used for CRL checks. This is a necessary feature to find out if you or your peer is using a revoked certificate so as to alert you. When you register for a profile certificate with the same email address that you had used earlier, the earlier profile certificate is revoked and will no longer work. If your profile certificate is revoked without your knowledge, you should immediately check for any compromise of your email inbox. It is recommended to setup two factor authentication for your email if your email service provider has this feature. Also, there is option in profile settings to stop checking with the CRL web server for verifying certificates if you really wish to avoid your IP address getting disclosed to the CRL web server.

Bit Chat uses HTTPS secured connections for queries to technitium.com. The HTTPS queries are made to technitium.com during registration and during CRL checks. At no point the software transmits data in clear text over the network.

Bit Chat client checks periodically for software updates and an option to stop checks will be made available in later versions. All updates are digitally signed by Technitium and will be verified by the client after downloading the update.

Information We Don't Collect/Know

The profile password that you enter during registration is used to encrypt your profile data in a file stored locally on your computer. Technitium does not have access to this password and if you forget this password, you will have no option other than to register a new profile certificate and will lose all the settings.

During the profile certificate (digital certificate) registration, the Bit Chat client generates a RSA 4096-bit key pair. The private part of the key is stored in an encrypted profile file on your computer. The public part of the key is mentioned in the profile certificate and thus is known to us or anyone you chat with using Bit Chat.

Bit Chat uses peer-to-peer technology, that is, peers in a group connect with each other directly over the Internet or LAN using TCP protocol in a full mesh network form. Technitium does not know who you chat with using Bit Chat. Anyone, who comes to know about the name of the chat group and its shared secret/password, that you are using to chat with your peers, can find out IP address of most of the peers since Bit Chat uses Bit Torrent trackers to find peers. Thus, care should be taken not to disclose the name and password of the chat group.

In simple terms, Technitium provides only a email verified digital certificate signing service and does not store any other meta data on the usage of the software other than things mentioned in previous section.

Who Can View Your Info

The profile certificate is visible to all your peers, that is, the information you provide during registration is visible to anyone you chat with using Bit Chat and thus, you too can see all the info mentioned in the profile certificate of your peers. Its recommended to keep the info brief or just fill in only the required details. The profile certificate information's purpose is to be able to clearly identify your peers.

Since Bit Chat uses peer-to-peer technology, it will be connecting directly to your peers over the Internet or LAN using TCP and thus your peers know your IP address and so do you know their IP address.

How We Use Your Information

Your email address is verified by Technitium before issuing the profile certificate since, email address is used primarily to identify a peer in Bit Chat. Other than the email verification and registration information purpose, Technitium will never user your contact information to send you any unsolicited email or phone call. Your information will never be shared with any 3rd party for any reasons other than required by law. Technitium uses the stored information only for statistical purpose.

Other Privacy Considerations

The information provided during registration and the digital certificates issued are stored in a database hosted on a secure server which is not accessible directly from the Internet. The registration web server architecture uses a store and forward mechanism which means that, the web server hosted at technitium.com receives registration data using HTTPS and stores it till a remote service running on a secure server reads the data. This secure server is configured with a firewall such that it is not accessible directly from Internet while it can access technitium.com. This server will perform email verification, digital signing process and upload the signed profile certificate on technitium.com. Once a user clicks on "Start Bit Chat" button in the software, the signed digital certificate is downloaded from technitium.com and is immediately removed from there. In simple terms, the server hosted at technitium.com only stores the ongoing registration data for a brief period.

Bit Chat is designed as a peer-to-peer, instant messenger that provides end-to-end encryption with prefect forward secrecy so that, user's instant messages are protected from passive network surveillance. However, it should be clear that Bit Chat cannot protect user against active attacks like malware/keyloggers infecting your computer or active network surveillance that can find out which peers you are connected to. If your computer is hacked or infected with malware/keylogger then, it will be able to read all the keys that you type on your keyboard and read all files on your computer. You should use a good anti-virus solution to protect your computer from common threats. If you doubt that your computer is infected, you should immediately format and reload the operating system. Always keep backup of your important data on external storage devices and encrypt the whole device with a strong password.