Privacy without the lecture

What happens at the festival
stays at the festival.

Raavr is built so even we can't watch you. The privacy posture isn't a setting you toggle — it's how the cryptography works. This page is the plain-English version. If you want the technical details, they're at the bottom.

The short version.

Five things to know. The rest is detail.

  • End-to-end encrypted. Even Raavr can't read your messages.
  • No phone number, no email. Identity lives on your device.
  • Identifiers rotate. No one can track you across time.
  • Leave the site, leave the mesh. Nothing follows you home.
  • No ads. No data sale. You are not the product.
  • Open about it. The crypto choices are documented and reviewable.

What Raavr does with your stuff.

Your messages

Group chats use MLS — the same end-to-end encryption protocol that's the international successor to Signal's. One-to-one DMs use the Noise protocol. Both encrypt on your phone before the message leaves your device. The mesh routers (and Raavr's servers, when used) carry encrypted bytes. Even Loxation, who builds Raavr, can't decrypt them.

Your identity

You don't sign up with a phone number, an email, or a password. When you install Raavr, your phone generates a cryptographic identity that lives on your device. If you delete the app, that identity is gone. There's no account to "delete" because there's no account on a server in the first place.

Your location

Raavr uses GPS so your friends can see where you are on the map. Your position is shared peer-to-peer with your group over the mesh — no server tracks you, and no record of where you've been is kept. You can turn GPS off any time; messaging still works, but your crew won't be able to find you on the map.

The discovery layer — who's on the mesh near you — runs over Bluetooth, not GPS. That's short-range radio, only audible to phones in the same physical space. We don't know you're at a festival because we tracked your location; we know because your phone is on the mesh deployed at that festival. When you leave, your phone leaves the mesh and you stop being discoverable.

Your Bluetooth signal

Modern Bluetooth privacy concerns center on persistent identifiers — devices that broadcast the same MAC address everywhere they go, letting trackers correlate your movement across stores, transit, etc. Raavr rotates Bluetooth identifiers constantly so this kind of cross-context tracking doesn't work.

What Raavr doesn't do.

  • No phone number collection
  • No email required
  • No server-side location tracking or history
  • No persistent ad IDs
  • No third-party trackers
  • No data sale to brokers
  • No "engagement" feed designed to keep you scrolling
  • No social graph harvesting
  • No reading of your contacts, photos, or messages outside Raavr
  • No analytics SDK that ships your behavior to a vendor

What Raavr does need.

For the app to work, your phone needs:

  • Bluetooth permission — to discover and talk to nearby phones on the mesh.
  • Local storage — to keep your cryptographic keys, your group memberships, and your message history on your device.
  • (Optional) Notifications — so we can tell you a friend signaled you, or a festival announcement landed, when the app is in the background.
  • (Optional) Internet — used only as a fallback when the mesh isn't reachable, and only to relay end-to-end encrypted ciphertext that Raavr can't read. At a festival deployment, the mesh is independent of the internet entirely.

What we tell festivals.

When Raavr is deployed at a venue (festival, music venue, sports venue), the venue's ops team gets aggregate, anonymized visibility into the mesh — things like "approximately N phones on the mesh in this zone right now," "the announcement broadcast reached N phones," or "the average dwell time near the medical tent is X minutes." Ops teams cannot see who a specific phone belongs to, and they cannot read messages. They can DM individual attendees the same way anyone else can — by using their own Raavr phone like any other user on the mesh.

What we tell advertisers.

Nothing. There are no advertisers.

If you change your mind.

Delete the app. That's it. There's no account on a server to clean up because there was no account on a server in the first place. Your cryptographic identity, your group memberships, and your message history were on your device — they go away with the app.

If you've messaged people in groups, those messages may persist on their devices (just like a text you sent to a friend doesn't disappear from their phone if you delete the conversation from yours). That's how end-to-end encrypted messaging works in any app.

Children.

Raavr is designed for adults — 18 and over. Festival environments are not designed for minors and we don't market the app to them. We follow Apple's and Google's age-gating standards for the relevant region.

The technical details.

For the technically curious, the protocol-level documentation is published by Loxation:

Contact.

Privacy questions: admin@loxation.com. General contact: admin@loxation.com.

Last updated: May 2026 · Maintainer: Loxation, Inc. · This is a plain-English summary written for the people who use Raavr. The legal terms governing the app are linked above and live on loxation.com.