GhostHow it worksPrivacyJoin waitlist
Legal

Privacy Policy

Last updated · July 12, 2026

Ghost is a serverless, end-to-end encrypted, peer-to-peer chat app. This policy explains what happens to your information. The short version: Ghost has no servers and collects no data about you.

We do not collect any data

Ghost has no backend. There is no Ghost server to send your information to, and we operate no service that receives, stores, or processes your messages or personal information. Specifically:

  • No account. Ghost does not ask for — and cannot collect — your name, email address, phone number, or any login. There is no sign-up.
  • No message content. Your messages, voice notes, images, reactions, and shared locations are end-to-end encrypted and travel directly between your device and the device you're chatting with. They are never routed through, or stored on, any server operated by us or anyone else.
  • No metadata collection. Because there is no server in the path, we do not and cannot log who you talk to, when, how often, or from where.
  • No analytics or tracking. Ghost contains no analytics SDKs, no advertising identifiers, and no cross-app or cross-site tracking. It does not phone home.

What stays on your device

Some information is created and stored only on your own device, under iOS protection, and is never transmitted to us:

  • Your cryptographic identity keys are generated on-device and stored in the iOS Keychain (device-only, after first unlock). They never leave your phone.
  • Your message history is stored locally on your device with iOS file protection. Deleting the app removes it.
  • Your settingsare stored in the app's local preferences on your device.

You are in control of this data through your device: it is protected by your device passcode/biometrics and removed when you delete the app.

How messages travel

Ghost connects two devices directly — over your shared local network (Wi-Fi or one device's Personal Hotspot) or via a QR-paired direct link. Message content is end-to-end encrypted using standard, published cryptography (Curve25519 key agreement, the Double Ratchet, and ChaCha20-Poly1305 authenticated encryption). Only the two paired devices hold the keys; no intermediary — including us — can read the content.

Device permissions

Ghost requests certain iOS permissions only to provide features you invoke, and uses them only on your device:

  • Camera — to scan a pairing QR code. No photos or video are stored or sent.
  • Microphone — only while you record a voice message, which is sent end-to-end encrypted.
  • Local Network — to discover and connect directly to nearby devices.
  • Location — only when you choose to share your location in a chat; it is sent end-to-end encrypted.
  • Photo Library (add) — only when you tap Save on an image someone sent you.
  • Face ID — only to unlock the app locally, if you enable app lock.

Granting a permission does not send anything to us; there is no “us” in the network path.

Children's privacy

Ghost is not directed at children and collects no data from anyone, including children.

Third parties

Ghost integrates no third-party analytics, advertising, or data-sharing services. There are no third parties with whom we could share data, because we collect none.

Changes to this policy

If this policy changes, the “Last updated” date above will change and the revised policy will be posted at this page's URL.

Contact

Questions about this policy or the app's privacy design can be sent to: ghost@gaithano.com.

Ghost

Peer-to-peer chat that never touches a server. No accounts, no numbers, no trace.

iOS · Coming soon

Product

  • How it works
  • Privacy
  • Join the waitlist

Legal

  • Privacy Policy
  • Terms of Service
  • Security

Security

  • Security overview
  • Report a vulnerability
© 2026 GhostPrivacyTermsSecurity