Privacy FAQ

What info does Peach collect of me?

We strive to store the absolute minimum amount of data on our users as we can. As a quick overview, this is what we have on our servers:

  • A hash* of your app unique ID (AdID)
  • A hash of your payment data
  • Your encrypted chats
  • The data of the trades to make sure anonymous users do not exceed the trading limit (which type of payment methods are being used, buying and selling amounts)
  • Addresses used to send to escrow, and to send from escrow
  • Usage data (Firebase & Google Analytics), only if you agreed to this

For a full breakdown, please see our privacy policy.

* A hash is some data that was made unrecognizable, similar to encrypting it. The same data will always lead to the same hash. This means we don't know what the data is, but we will be able to spot if the same data is used twice.

Who can see my payment details?

Only your counterparty can see your payment details; they are sent via the Peach servers, but are fully end to end encrypted (like with most chat apps) so that we cannot see what they are.

When you start a dispute, you and your counterparty's payment details and your chat history will be visible to the assigned Peach mediator.

How to verify the APK?

Follow this steps to verify that the APK you downloaded is the real Peach APK:

  • Download the APK you want to install from the website, as well as the signature and manifest (everything can be found in https://peachbitcoin.com/apk)

  • Download Peach PGP key https://keys.openpgp.org/vks/v1/by-fingerprint/E970EDB410C8E84198F141584AD3CE3043D8CD1B (can be found in our website also)

  • Generate the checksum of the APK file you’ve downloaded and compare them with the checksum on the manifest.

sha256sum app-prod-arm64-v8a-release.apk

(substitute app-prod-arm64-v8a-release.apk for the name of your file). It should be the same one as on the manifest. Otherwise contact us and make sure you don’t install that application in your device. In this example, you should see the following output:

$ sha256sum app-prod-arm64-v8a-release.apk

09e4e2db837b2a2aef3a51527ef24fae22cff2b7e2ecd4ca01502c8a61961584  app-prod-arm64-v8a-release.apk

If we compare it to the one found in the manifest-peach.txt we can see it is the same one.

  • Add the Peach key to your keyring
gpg --import PGP-peach.asc

(make sure to substitute PGP-peach.asc for the correct file name, usually it will be E970EDB410C8E84198F141584AD3CE3043D8CD1B.asc)

  • Verify the signatures that you previously downloaded with the following command:
gpg --verify manifest-peach.sig manifest-peach.txt

In the output you should see the following line:

gpg: Good signature from "[email protected] <[email protected]>" [unknown]
Is Taproot supported?
  • Yes, you can send to taproot addresses from the Peach wallet.
  • You can also receive directly from the escrow to your external taproot address.
How can I connect to my own node?

Connecting to your node enhances privacy since all transactions are relayed to the Bitcoin network through your own node, instead of Peach's.

Peach currently does not support Tor, so you need to use an IPv4 to connect to your node. If it's not open to the internet, you can only connect to it via the local network or through a private VPN.

Check out our video tutorial to learn how to connect to your own node.

If you're using Umbrel, you can use umbrel.{port number} instead of your node's IP.

How secure are my bitcoins in the peach wallet?

The peach wallet is considered a hot wallet. Hot wallets are wallets that are connected to the internet and exposed to malware and hacking attempts. No system is 100% secure and peach wallet can also only be as secure as the operating system it runs on.

You can see a hot wallet as a regular wallet in your pocket, you would not carry thousands of Dollars in there for a long time. You can lose it or get pickpocketed quickly.

That said, we are doing our best to keep your wallet secure by using standard best practices such as using sufficient entropy (random numbers) to make your private keys unguessable and encrypting the application storage to prevent access by other apps. The random numbers are generated by the operating system you use and usually are derived from non-deterministic inputs like physical inputs such as temperature measurements, phase noise, etc… If you are interested in the details research PRNGs (Pseudo random number generators).

PIN/Password protection is planned as well.

In any case, we advice you to move your funds to cold storage (a hardware wallet such as the Bitbox 02) which has much stronger security guarantees.

What is coin control?

Peach wallet support coin control or coin management. The goal of coin control is to keep your coins separated if you wish so, for privacy management.

Watch our video explaining coin control in detail: How to do coin control using the Peach Wallet