FlirtSpot Home
🛠️ Technical Whitepaper

FlirtSpot v2.0

The complete technical specification of the Zero-Persistence architecture — identity standards, dual-mode networking, and forensic data sanitization.

v2.0.4 Target: API 36 (Android 15) Min: API 26 (Android 8.0)

Contents

01 Identity & Addressing Standard 02 Dual-Mode Communication 03 Media Lifecycle & Forensic Wipe 04 Local Data Persistence 05 Server-Side Forgetfulness 06 Versioning & Compliance
01

Identity & Addressing Standard

FlirtSpot utilizes UUID version 7 for peer identification. Unlike standard random UUIDs, version 7 is time-ordered, providing two primary benefits:

Anonymous Indexing

Efficient local database (Room) indexing without requiring a central registry or user metadata.

Chronological Integrity

Peer IDs naturally sort by creation time, aiding in session management without storing timestamps.

peer_identity.json 
{
  "peerId": "018f3a2b-1234-7abc-8def-0123456789ab",
  "structure": "[48-bit Timestamp] + [12-bit Ver/Var] + [62-bit Random]"
}
02

Dual-Mode Communication

Device A Device B ☁️ WSS Relay MODE A: ENCRYPTED RELAY MODE B: DIRECT P2P ⚡ Bluetooth / Local Link
☁️

Mode A: WebSocket Relay

  • Transport: Encrypted WebSocket (WSS) via OkHttp
  • Payload: Binary serialization using Protocol Buffers (Protobuf) to minimize latency and metadata leakage
  • Infrastructure: Proprietary relay servers operating on a Zero-Disk Policy. All traffic handled in volatile RAM; no logs or databases

Mode B: Direct P2P

  • Protocol: Hardware-to-hardware proximity links
  • Discovery: Low-energy beaconing for peer detection
  • Privacy: No server, no middleman, zero possibility of remote logging
03

Media Lifecycle & Forensic Wipe

FlirtSpot does not rely on simple file deletion. We implement a Forensic Wipe Protocol to prevent data recovery from physical storage.

Lifecycle Stage Action Security Layer
Ingress Encrypted write to Context.cacheDir App-Private Sandboxing
Display 60-Second Countdown FLAG_SECURE
Expiry Secure Overwrite 3-Pass Random Bit Injection
Finalization File Descriptor Removal System-Level Deletion
📥
Ingress
Encrypted cache write
👁️
Display
60s countdown + FLAG_SECURE
🔄
Overwrite
3-pass random bit injection
💨
Gone
File descriptor destroyed
04

Local Data Persistence (Room)

The local SQLite database is the only place where interaction history resides. Users have total control over their local history, which is never synced to any cloud service.

👤

MyProfile

Encrypted local settings and immutable gender ID. Stored exclusively in the app's private sandbox.

📡

DiscoveredPeers

Temporary cache of nearby signals. Purged on app close. No persistent record of who you've encountered.

💬

MessageLog

Interaction history with user-configurable retention. You decide how long messages survive. Auto-wipe by default.

room_entities.kt 
@Entity
data class DiscoveredPeer(
    @PrimaryKey val peerId: String,
    val connectionTag: String,
    val discoveredAt: Long,
    val mode: ConnectionMode  // RELAY | P2P
)

// Auto-purged on onDestroy()
fun clearDiscoveryCache() = dao.deleteAll()
05

Server-Side Forgetfulness

Our relay servers are engineered to be stateless. When a user disconnects:

1

Connection Close Event

The WebSocket onClose event triggers an immediate memory purge.

2

Key & Token Erasure

Associated Public Keys and session tokens are erased from RAM. No traces remain in memory.

3

Total Amnesia

The server retains no record of the Peer ID or the duration of the connection. As if you were never there.

06

Versioning & Compliance

Whitepaper Version
2.0.4
Target Android SDK
API 36 (Android 15)
Minimum Android SDK
API 26 (Android 8.0)
Privacy Standards
GDPR & CCPA
Engineered for GDPR and CCPA compliance through total data avoidance.
💬

Join the FlirtSpot Slack

Connect with the team, ask questions, and contribute to the project.

Join Slack