Home
Most apps want to know who you are, where you've been, and who you talk to. We want the opposite. FlirtSpot is engineered to facilitate the moment and then vanish. No accounts. No tracking. No footprints.
Three pillars that make data breaches impossible.
No phone numbers. No emails. No social logins. You are represented by a UUID v7—a time-ordered random string that contains zero personal information.
We don't use cookies, advertising IDs, or third-party analytics. We have no idea where you go after you put your phone away.
Your interactions live only in the temporary memory of your device. Once a session ends or a timer expires, the data is purged.
The deep dive into how we protect you.
Every selfie and message is encrypted with the recipient's public key before it leaves your device. Not even our relay server can see your face or read your words. You hold the only keys.
encrypted_payload = AES-256-GCM(plaintext, recipient_public_key)
We utilize Android's FLAG_SECURE system-level protection. This automatically disables screenshots and screen recordings on all ephemeral views. If someone tries to capture your photo, they get a solid black screen.
Our server acts like a mirror, not a hard drive. It reflects your encrypted signal to nearby users using temporary memory (RAM). Once you disconnect, that memory is instantly overwritten. We store nothing on a disk.
For maximum privacy, use our P2P mode. Your phone communicates directly with nearby devices without touching the internet. No server, no middleman, and zero possibility of remote logging.
From capture to complete wipe in four steps.
You take a selfie. It is encrypted in the app's private, non-shared cache.
The selfie travels through an encrypted tunnel (Direct P2P or Relay).
The recipient opens the selfie. A 60-second timer begins.
At 0 seconds, the file is overwritten with random bits and deleted from the device storage. It is gone from the universe.
We collect zero PII (Personally Identifiable Information). We cannot share or sell what we do not have.
We verify age via Year of Birth during onboarding. This data remains on your phone and is never uploaded to a central database.
Want to leave? Simply delete the app. There are no accounts to "deactivate" and no "data archives" to request. You are already gone.