audit 2026-05-03 (round 3): align all public claims surfaces with implementation reality

Sweeps every customer-facing surface that still carried the audit's
flagged claims after the code fixes shipped in 946c308 / 81a178f:

docs/ HTML pages
- privacy.html: Field Link transport description rewritten — BLE
  everywhere with iOS Multipeer Connectivity (AWDL) and Android
  Google Play Services Nearby Connections as parallel transports.
  Encryption posture split: PIN/QR encrypted (AES-256-GCM via ECDH
  P-256), Open unencrypted by design. "Persists locally" replaces
  "ephemeral" for operational data; encryption keys remain ephemeral.
- index.html: hero ecosystem card, Field Link Protocol card,
  Military-Grade Encryption card, Offline Maps card, FAQ structured-
  data, all now reflect the encryption split + Android Nearby
  Connections + offline tile licensing posture.
- link.html: same pass on hero, capability cards, FAQ items, and
  JSON-LD schema.
- about.html: "Transparent Security" rewritten with the encryption
  split and Sentry disclosure.
- terms.html: Field Link communications clause rewritten; privacy
  clause links to PRIVACY.md and discloses Sentry.
- roadmap.html: V1.0 timeline entries updated to current transport
  + encryption description (avoids retroactively misrepresenting
  what shipped).
- privacy.html / terms.html "Last updated" stamps bumped to May 2026.

PRIVACY.md
- Field Link transport paragraph: Android Nearby Connections is now
  active (audit round-2 wired AndroidP2pTransport), so the "planned
  but not yet active" qualifier is removed.
- Permissions table updated to match.

README.md
- Hero/intro updated: BLE everywhere with platform-specific secondary
  transports replaces "Bluetooth and peer-to-peer Wi-Fi".

store.config.json
- Apple + Play description bodies (lines 8 and 71): transport
  description, Field Link bullet list, OFFLINE MAP SYSTEM bullets,
  ZERO FOOTPRINT PRIVACY bullets all rewritten to match the audit-
  aligned README/PRIVACY/STORE_LISTING. Ready for the next listing
  push (next ASC update_listing.py run will pick it up).

Out of scope (intentionally not changed)
- docs/plans/2026-03-28-v1.4-design.md and docs/images/_screenshots.html
  retain "USGS Topo" — these are internal design notes / asset
  build helpers, not user-facing claims.
- STORE_LISTING.md V1.0 What's New historical entries kept as-is to
  preserve the release-notes archive.

Author: RedGridTactical

PRIVACY.md

@@ -32,7 +32,7 @@ Red Grid Link requests access to your device's GPS location **while the app is i
 
 ## Field Link (Proximity Sync) Data
 
-Field Link uses Bluetooth Low Energy (BLE) to sync position, marker, and annotation data between nearby devices. On iOS, Apple Multipeer Connectivity (which uses AWDL) is used as a secondary transport so peers remain discoverable when the app is backgrounded. Android currently uses BLE only; Wi-Fi Direct / Nearby Connections is planned and is not active in the shipped build.
+Field Link uses Bluetooth Low Energy (BLE) to sync position, marker, and annotation data between nearby devices. On iOS, Apple Multipeer Connectivity (which uses AWDL) runs in parallel as a higher-bandwidth secondary transport so peers stay discoverable when the app is backgrounded. On Android, Google Play Services Nearby Connections runs in parallel where Play Services is available; on devices without Play Services the stack falls back to BLE-only.
 
 - Field Link communication is **end-to-end between paired devices** — no data passes through any server or relay
 - In **PIN** and **QR** session modes, Field Link payloads are **encrypted with AES-256-GCM** using session keys derived from an ECDH P-256 key exchange between paired peers
@@ -115,7 +115,7 @@ To opt out: use a build that was compiled without a Sentry DSN. Direct downloads
 | Location (While Using App) | Display MGRS coordinates, share position via Field Link | Foreground |
 | Location (Always) | Maintain Field Link sync during background operation | Optional, user-enabled |
 | Bluetooth | Field Link device discovery and low-power data sync | Active sessions only |
-| Nearby Devices (Android) | Required to scan for BLE peers; Nearby Connections API integration is planned but not yet active | Active sessions only |
+| Nearby Devices (Android) | Required to scan for BLE peers and to use Google Play Services Nearby Connections as a parallel transport | Active sessions only |
 | Local Network (iOS) | Field Link peer discovery via Multipeer Connectivity | Active sessions only |
 | Wi-Fi (iOS) | Multipeer Connectivity uses Wi-Fi for high-bandwidth peer transport when available | Active sessions only |
 | Storage / Files | Save downloaded map packs and After-Action Reports | Local only |

README.md

@@ -19,7 +19,7 @@
 
 **Offline MGRS navigation and proximity team coordination for small teams (2-8 people). No cell service needed.**
 
-Built on the MGRS engine from [Red Grid MGRS](https://github.com/RedGridTactical/RedGridMGRS). Field Link adds zero-config proximity sync over Bluetooth and peer-to-peer Wi-Fi -- your team appears on the map the moment they're in range.
+Built on the MGRS engine from [Red Grid MGRS](https://github.com/RedGridTactical/RedGridMGRS). Field Link adds zero-config proximity sync over Bluetooth, with Apple Multipeer Connectivity (iOS) and Google Play Services Nearby Connections (Android) running alongside as a parallel higher-bandwidth transport -- your team appears on the map the moment they're in range.
 
 > **Solo navigator?** [Red Grid MGRS](https://github.com/RedGridTactical/RedGridMGRS) gives you the same MGRS engine as a standalone tool with DAGR-class precision, 9 tactical tools, and 6 radio-ready report templates. Part of the [Red Grid Tactical](https://redgridtactical.com) ecosystem.
 

docs/about.html

@@ -96,8 +96,8 @@ <h2 class="section-title">Why Red Grid Exists</h2>
   <section class="section fade-in" aria-label="Transparent security">
     <div class="container" style="max-width: 800px;">
       <h2 class="section-title">Transparent Security</h2>
-      <p class="mb-3">We believe security tools should be verifiable. The encryption in Red Grid apps uses industry-standard AES-256-GCM with ECDH P-256 key exchange. No proprietary black boxes. No security through obscurity. Every packet is encrypted with military-grade cryptography, and we publish detailed documentation of our security architecture so you can verify our claims.</p>
-      <p>Your data stays on your device. No analytics, no tracking, no cloud sync, no accounts. Field Link sessions are ephemeral. When you disconnect, the session data disappears. That's not a feature we advertise. It's a design principle.</p>
+      <p class="mb-3">We believe security tools should be verifiable. PIN and QR Field Link sessions wrap every payload in industry-standard AES-256-GCM derived from an ECDH P-256 session key — no proprietary black boxes, no security through obscurity. Open mode is intentionally unencrypted for training and demo use. We publish detailed documentation of our security architecture so you can verify our claims.</p>
+      <p>Your operational data stays on your device. No accounts, no analytics, no advertising networks. Field Link encryption keys are ephemeral and discarded on session end; the data they protected (sessions, markers, tracks) persists locally until you delete it. Optional release-only crash diagnostics use Sentry with PII off and GPS coordinates stripped. That's not a feature we advertise. It's a design principle.</p>
     </div>
   </section>
 

docs/index.html

@@ -48,7 +48,7 @@
       "name": "How does Field Link work?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "Field Link uses Bluetooth Low Energy and peer-to-peer Wi-Fi to auto-discover nearby teammates and share encrypted position data. No pairing, no configuration. AES-256-GCM encryption with ECDH ephemeral session keys."
+        "text": "Field Link uses Bluetooth Low Energy on every platform, with Apple Multipeer Connectivity (AWDL) on iOS and Google Play Services Nearby Connections on Android as a parallel higher-bandwidth transport. PIN and QR sessions wrap every payload in AES-256-GCM derived from an ECDH P-256 session key; Open sessions auto-join without encryption for training and demo use."
       }
     },
     {
@@ -64,7 +64,7 @@
       "name": "What data does Red Grid Link collect?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "None. No accounts, no analytics, no cloud sync, no tracking. Location data stays on your device. Field Link session data is ephemeral and disappears when the session ends."
+        "text": "No accounts, no analytics, no advertising networks. Operational data (sessions, markers, tracks) stays on your device until you delete it. Field Link encryption keys are ephemeral and discarded on session end. Optional release-only crash diagnostics use Sentry with PII off and GPS coordinates stripped."
       }
     },
     {
@@ -164,7 +164,7 @@ <h1><span class="accent">Red Grid</span> Tactical</h1>
           <img src="images/icon.png" alt="Red Grid Link icon" class="ecosystem-icon" width="64" height="64">
           <h2>Red Grid Link</h2>
           <p class="ecosystem-subtitle">Team Coordinator</p>
-          <p>Encrypted Bluetooth team sync with real-time position sharing, waypoint coordination, and after-action reports. BLE + peer-to-peer Wi-Fi proximity sync keeps your team on the map without cell towers or servers.</p>
+          <p>BLE-based team sync with real-time position sharing, waypoint coordination, and after-action reports. PIN and QR sessions encrypt every payload with AES-256-GCM. Apple Multipeer Connectivity (iOS) and Google Play Services Nearby Connections (Android) run alongside BLE for higher-bandwidth peer transport. No cell towers, no servers.</p>
           <a href="link.html" class="btn btn-primary">Learn More</a>
           <div class="app-badges">
             <a href="https://apps.apple.com/app/id6760084718" class="btn btn-secondary">Download on App Store</a>
@@ -248,19 +248,19 @@ <h2 class="section-title">The Technology Behind Red Grid</h2>
       <div class="grid-2">
         <div class="card">
           <h3>Field Link Protocol</h3>
-          <p>Custom BLE + peer-to-peer Wi-Fi proximity sync with CRDT-based state management. Delta-encoded updates under 200 bytes each.</p>
+          <p>Custom BLE on every platform with Apple Multipeer Connectivity (AWDL) on iOS and Google Play Services Nearby Connections on Android as a parallel transport. CRDT-based state management with delta-encoded updates under 200 bytes each.</p>
         </div>
         <div class="card">
           <h3>Military-Grade Encryption</h3>
-          <p>AES-256-GCM with ECDH P-256 ephemeral key exchange. New session keys every connection. No pre-shared secrets.</p>
+          <p>PIN and QR sessions wrap every payload in AES-256-GCM with ECDH P-256 session keys derived per session. Open mode auto-joins without encryption for training and demo use.</p>
         </div>
         <div class="card">
           <h3>MGRS Navigation Engine</h3>
           <p>10-digit Military Grid Reference System precision. 1-meter accuracy. The same coordinate system used by NATO forces worldwide.</p>
         </div>
         <div class="card">
           <h3>Offline Maps</h3>
-          <p>MBTiles-based offline maps with USGS Topo and OpenTopoMap. Download regions over WiFi, use offline forever.</p>
+          <p>MBTiles-based offline region downloads from OpenStreetMap or OpenTopoMap with throttling that respects the public-tile-server usage policy. Native USGS / Mapbox / MapTiler integrations are on the roadmap.</p>
         </div>
       </div>
     </div>

docs/link.html

@@ -61,7 +61,7 @@
       "name": "How does Field Link work?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "Field Link uses Bluetooth Low Energy and peer-to-peer Wi-Fi to auto-discover nearby teammates and share encrypted position data. No pairing, no configuration. AES-256-GCM encryption with ECDH P-256 ephemeral session keys. New keys are generated for every session."
+        "text": "Field Link uses Bluetooth Low Energy on every platform with Apple Multipeer Connectivity (AWDL) on iOS and Google Play Services Nearby Connections on Android as a parallel higher-bandwidth transport. PIN and QR sessions wrap every payload in AES-256-GCM derived from an ECDH P-256 session key; Open sessions auto-join without encryption for training and demo use. Session keys are derived per session and discarded on session end."
       }
     },
     {
@@ -77,7 +77,7 @@
       "name": "What data do you collect?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "None. No accounts, no analytics, no cloud sync, no tracking. Location data stays on your device. Field Link session data is ephemeral and disappears when the session ends."
+        "text": "No accounts, no analytics, no advertising networks. Operational data (sessions, markers, tracks) stays on your device until you delete it. Field Link encryption keys are ephemeral and discarded on session end. Optional release-only crash diagnostics use Sentry with PII off and GPS coordinates stripped."
       }
     },
     {
@@ -200,11 +200,11 @@ <h2 class="section-title text-center mb-4">What Red Grid Link Does</h2>
       <div class="grid-3">
         <div class="card">
           <h3>Field Link — Encrypted Team Sync</h3>
-          <p>Auto-discover teammates via BLE + peer-to-peer Wi-Fi. AES-256-GCM encrypted with ECDH ephemeral keys. No servers, no pairing, no configuration. Sync positions with 2-8 team members in real time.</p>
+          <p>Auto-discover teammates via BLE on every platform with Apple Multipeer Connectivity (AWDL) on iOS and Google Play Services Nearby Connections on Android. PIN and QR sessions wrap every payload in AES-256-GCM with ECDH P-256 session keys; Open mode auto-joins for training and demos. No servers, no pairing, no configuration. Sync positions with 2-8 team members in real time.</p>
         </div>
         <div class="card">
           <h3>Offline MGRS Maps</h3>
-          <p>Download USGS Topo and OpenTopoMap regions. MGRS grid overlay at all zoom levels. Full offline operation with MBTiles. Never depend on cell service for maps.</p>
+          <p>Download offline region packs from OpenStreetMap or OpenTopoMap with throttling that respects the public-tile-server usage policy. MGRS grid overlay at all zoom levels. Full offline operation with MBTiles. Native USGS / Mapbox / MapTiler integrations are on the roadmap.</p>
         </div>
         <div class="card">
           <h3>11 Tactical Tools</h3>
@@ -434,15 +434,15 @@ <h2 class="section-title text-center mb-4">Frequently Asked Questions</h2>
       <div style="max-width: 800px; margin: 0 auto;">
         <details class="faq-item">
           <summary>How does Field Link work?</summary>
-          <p>Field Link uses Bluetooth Low Energy and peer-to-peer Wi-Fi to auto-discover nearby teammates and share encrypted position data. No pairing, no configuration needed. AES-256-GCM encryption with ECDH P-256 ephemeral session keys means new cryptographic keys are generated for every session. Data syncs peer-to-peer with no servers involved.</p>
+          <p>Field Link uses Bluetooth Low Energy on every platform with Apple Multipeer Connectivity (AWDL) on iOS and Google Play Services Nearby Connections on Android as a parallel higher-bandwidth transport. PIN and QR sessions wrap every payload in AES-256-GCM derived from an ECDH P-256 session key; Open mode auto-joins without encryption for training, demos, and trusted environments. Session keys are derived per session and discarded on session end. All data syncs peer-to-peer with no servers involved.</p>
         </details>
         <details class="faq-item">
           <summary>Does it work without cell service?</summary>
           <p>Yes. Red Grid Link uses GPS satellites for positioning and Bluetooth for team sync. No cell towers, no WiFi, no internet connection required. Download your map regions over WiFi before heading out and you have full offline operation with MGRS grid overlay, all 11 tools, and team coordination.</p>
         </details>
         <details class="faq-item">
           <summary>What data do you collect?</summary>
-          <p>None. No accounts, no analytics, no cloud sync, no tracking. Your location data never leaves your device. Field Link session data is ephemeral and disappears when the session ends. We have no servers to store data on even if we wanted to.</p>
+          <p>No accounts, no analytics, no advertising networks. Operational data (sessions, markers, tracks) stays on your device until you delete it. Field Link encryption keys are ephemeral and discarded on session end; the data they protected persists locally. Optional release-only crash diagnostics use Sentry with PII off and GPS coordinates stripped — opt out by using a build compiled without a Sentry DSN. We have no servers to store operational data on.</p>
         </details>
         <details class="faq-item">
           <summary>How is this different from ATAK?</summary>

docs/privacy.html

@@ -24,7 +24,7 @@
   <div class="container">
     <a href="index.html" class="back">&larr; Back to Red Grid Link</a>
     <h1>Privacy Policy</h1>
-    <p class="updated">Last updated: March 2026</p>
+    <p class="updated">Last updated: May 2026</p>
 
     <h2>1. Overview</h2>
     <p>Red Grid Link ("the App") is built with a privacy-first, offline-first architecture. We do not collect, transmit, or store any personal data on external servers. Your location data, session history, waypoints, and configuration remain entirely on your device.</p>
@@ -41,14 +41,14 @@ <h2>2. Data We Do Not Collect</h2>
     <p>The App has no user accounts, no login, and no cloud sync.</p>
 
     <h2>3. Field Link Peer-to-Peer Data</h2>
-    <p>When you use the Field Link feature, position data is shared directly between nearby devices via Bluetooth Low Energy and peer-to-peer Wi-Fi. This data:</p>
+    <p>When you use the Field Link feature, position, marker, and annotation data is shared directly between nearby devices via Bluetooth Low Energy. On iOS, Apple Multipeer Connectivity (AWDL) runs in parallel as a higher-bandwidth secondary transport so peers stay discoverable when the app is backgrounded. Android currently uses BLE only with Google Play Services Nearby Connections as a parallel transport when available; Wi-Fi Direct is a roadmap item.</p>
     <ul>
-      <li>Is encrypted with AES-256-GCM</li>
+      <li>In <strong>PIN</strong> and <strong>QR</strong> sessions, payloads are encrypted with AES-256-GCM using session keys derived from an ECDH P-256 key exchange between paired peers</li>
+      <li>In <strong>Open</strong> sessions (auto-join, no PIN/QR), payloads are not encrypted; this mode is intended for training, demos, and trusted environments</li>
       <li>Travels only between devices in the same session</li>
       <li>Is never sent to any server</li>
-      <li>Is not retained on peer devices after the session ends</li>
+      <li>Persists locally on your device as part of session history, saved markers, and tracks until you delete it; the encryption keys themselves are ephemeral and discarded on session end</li>
     </ul>
-    <p>Session keys are generated via ECDH P-256 key exchange and are ephemeral &mdash; they exist only for the duration of a session.</p>
 
     <h2>4. Local Storage</h2>
     <p>The App stores the following data locally on your device:</p>

docs/roadmap.html

@@ -85,8 +85,8 @@ <h1>Product <span class="accent">Roadmap</span></h1>
           <div class="timeline-date">March 2026</div>
           <ul class="timeline-features">
             <li>MGRS navigation with 10-digit precision</li>
-            <li>Field Link: BLE + peer-to-peer Wi-Fi proximity sync (2-8 devices)</li>
-            <li>AES-256-GCM encryption with ECDH key exchange</li>
+            <li>Field Link: BLE proximity sync with platform-specific secondary transports (iOS Multipeer Connectivity, Android Nearby Connections), 2-8 devices</li>
+            <li>AES-256-GCM payload encryption in PIN and QR sessions with ECDH P-256 key exchange (Open mode is unencrypted by design)</li>
             <li>11 tactical tools</li>
             <li>Offline MBTiles map downloads</li>
             <li>After-Action Report PDF export</li>