Privacy Policy

Last updated: May 2026  ยท  NearTrace for Android

NearTrace is a Bluetooth Low Energy and Wi-Fi proximity logger. It runs on your phone, catalogues nearby radios, lets you pin specific devices, and alerts you when a pinned device drops out of range. This page explains what NearTrace stores, where it lives, and what โ€” if anything โ€” leaves your device.

The short version: everything stays on your phone unless you explicitly opt in to share it. No analytics, no ads, no account, no telemetry. You can erase all of it at any time.

Who runs NearTrace

NearTrace is published by HARTLE.TECH. For privacy questions, contact robert@hartle.tech.

What NearTrace stores on your device

When you scan, the app records the radios it observes. For each device it sees, NearTrace may keep:

  • Bluetooth Low Energy: the device address (MAC), advertised name, signal strength (RSSI), the manufacturer name resolved from the OUI prefix, the time it was first and last seen, and any Continuity / Find-My-style records the device emits.
  • Wi-Fi access points: the BSSID, SSID (network name) when broadcast, frequency, capability/encryption flags, signal strength, and the same first/last seen timestamps.
  • Approximate location: if you grant location permission, NearTrace tags each sighting with a GPS coordinate, accuracy radius, and a short on-device path of where you were when you saw the device. Location is used only to draw the map and attribute sightings; it is never sent off-device by default.
  • User-added details: custom name, model, icon, and any photo you take of the device through the app.
  • Settings and preferences: RSSI threshold, source filter, theme choice, hidden device list, baseline snapshots.
  • Optional credentials and rules: WiGLE API name + token (only if you configure WiGLE), webhook URLs and match patterns (only if you create webhook rules).

All of this lives in the app's private storage on your device. Credentials and webhook URLs are encrypted at rest with a key held in the Android Keystore. The Room database, photos, exports, and other settings are stored in app-private storage that other apps cannot read on a non-rooted device.

NearTrace explicitly disables Android Auto Backup (android:allowBackup="false") so your scan history and credentials are never silently copied to your Google account.

What leaves your device โ€” and only if you ask

NearTrace makes no automatic network requests for your data. The off-device traffic listed below happens only in response to actions you take:

1. Vendor lookup (automatic, anonymous)

To translate a Bluetooth or Wi-Fi address's first three bytes (the OUI prefix) into a manufacturer name, NearTrace queries api.macvendors.com. Only the OUI prefix โ€” the first 8 hex characters โ€” is sent, never the full MAC address. The OUI is shared by every device from that manufacturer, so this lookup does not identify a specific device. Results are cached locally so each prefix is requested at most once.

2. Map tiles (only when you open a map)

The Maps screen is rendered by the Google Maps SDK for Android. Google receives whatever data the SDK needs to render tiles around your location. We don't send Google any device-identifier data; the SDK fetches its own tiles. Their privacy policy applies to that traffic: policies.google.com/privacy.

3. WiGLE upload (off by default)

If you configure a WiGLE API name and token in Settings and tap Upload now, NearTrace sends a CSV of your captured Wi-Fi sightings โ€” BSSIDs, signal strengths, and GPS coordinates if available โ€” to api.wigle.net. WiGLE is a US-based crowd-sourced wireless survey project. They control retention and may publish anonymised aggregates.

The very first time you upload, NearTrace shows a consent dialog spelling this out and waits for your explicit OK. After that, subsequent uploads are silent until you clear your WiGLE credentials. To stop future uploads, clear your WiGLE credentials in Settings. NearTrace cannot recall data already submitted to WiGLE.

4. Webhooks (off by default)

If you create webhook rules, NearTrace POSTs a small JSON document (the device address, name, vendor, signal, kind, optional coordinates, and timestamp) to whatever URL you supply, when a matching device is sighted. Loopback, RFC 1918, link-local, and IPv6 unique-local addresses are blocked at rule-save time so a sighting cannot trigger an action against your home router or another internal system.

You control where webhooks go. Whatever happens to the data after it reaches your URL is between you and the operator of that endpoint.

5. Privacy-policy link

Tapping the "Privacy Policy" entry in the About screen opens this page in your default browser. The browser request reaches whoever hosts this page. NearTrace does not log it.

What NearTrace does not collect

  • No analytics. No Firebase, Sentry, Amplitude, or similar telemetry SDK.
  • No advertising. No ad-network SDKs, no ad ID.
  • No account. There is no sign-in, no profile, no device fingerprint.
  • No background sync. The tracker monitor runs only while you have an active scan in v1.
  • No microphone or contact list access.

Permissions and why

PermissionWhy
BLUETOOTH_SCAN, BLUETOOTH_CONNECTDiscover BLE devices and connect briefly to enumerate their GATT services.
BLUETOOTH_ADVERTISEOptional iBeacon broadcaster (off by default).
ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATIONAndroid requires these to scan for BLE and Wi-Fi devices. NearTrace also uses your location to attribute sightings on the map.
ACCESS_WIFI_STATE, CHANGE_WIFI_STATE, NEARBY_WIFI_DEVICESList nearby Wi-Fi access points.
INTERNET, ACCESS_NETWORK_STATEMake the optional outbound requests listed above (vendor lookup, maps, WiGLE, webhooks).
CAMERACapture photos of devices you've identified, and the AR Locate viewfinder. Images stay on your device.
POST_NOTIFICATIONSShow tracker leave-behind alerts.

You can revoke any permission in your phone's settings at any time. NearTrace degrades gracefully โ€” denying a permission disables only the feature that needs it.

Data retention and the Red Button

Scan history persists until you clear it. The "Burn all data" button in Settings:

  1. Truncates the scan database tables.
  2. Closes and deletes the SQLite files (including WAL and journal).
  3. Wipes both the plain and encrypted preference files.
  4. Drops the Android Keystore alias that protects the encrypted preferences โ€” once the alias is gone, any encrypted bytes that survive on flash storage are mathematically unreadable. This is called cryptographic erasure.
  5. Deletes captured photos, exported reports, and any tool files.
  6. Clears in-memory caches.
  7. Exits the app.

There is no undo after you type the confirmation word.

Children

NearTrace is not directed at children under 13. We do not knowingly collect data from children.

International transfers

If you opt in to WiGLE upload, your scan CSV is transmitted to a US-based service. If you create webhooks pointed at endpoints outside your country, that traffic crosses borders too. In both cases the routing is determined by you, not by NearTrace.

Changes to this policy

Material changes will be noted here with an updated date. Continued use of NearTrace after a change constitutes acceptance of the updated policy.

Contact

Questions? robert@hartle.tech