Privacy Policy
Last updated · July 12, 2026
Ghost is a serverless, end-to-end encrypted, peer-to-peer chat app. This policy explains what happens to your information. The short version: Ghost has no servers and collects no data about you.
We do not collect any data
Ghost has no backend. There is no Ghost server to send your information to, and we operate no service that receives, stores, or processes your messages or personal information. Specifically:
- No account. Ghost does not ask for — and cannot collect — your name, email address, phone number, or any login. There is no sign-up.
- No message content. Your messages, voice notes, images, reactions, and shared locations are end-to-end encrypted and travel directly between your device and the device you're chatting with. They are never routed through, or stored on, any server operated by us or anyone else.
- No metadata collection. Because there is no server in the path, we do not and cannot log who you talk to, when, how often, or from where.
- No analytics or tracking. Ghost contains no analytics SDKs, no advertising identifiers, and no cross-app or cross-site tracking. It does not phone home.
What stays on your device
Some information is created and stored only on your own device, under iOS protection, and is never transmitted to us:
- Your cryptographic identity keys are generated on-device and stored in the iOS Keychain (device-only, after first unlock). They never leave your phone.
- Your message history is stored locally on your device with iOS file protection. Deleting the app removes it.
- Your settingsare stored in the app's local preferences on your device.
You are in control of this data through your device: it is protected by your device passcode/biometrics and removed when you delete the app.
How messages travel
Ghost connects two devices directly — over your shared local network (Wi-Fi or one device's Personal Hotspot) or via a QR-paired direct link. Message content is end-to-end encrypted using standard, published cryptography (Curve25519 key agreement, the Double Ratchet, and ChaCha20-Poly1305 authenticated encryption). Only the two paired devices hold the keys; no intermediary — including us — can read the content.
Device permissions
Ghost requests certain iOS permissions only to provide features you invoke, and uses them only on your device:
- Camera — to scan a pairing QR code. No photos or video are stored or sent.
- Microphone — only while you record a voice message, which is sent end-to-end encrypted.
- Local Network — to discover and connect directly to nearby devices.
- Location — only when you choose to share your location in a chat; it is sent end-to-end encrypted.
- Photo Library (add) — only when you tap Save on an image someone sent you.
- Face ID — only to unlock the app locally, if you enable app lock.
Granting a permission does not send anything to us; there is no “us” in the network path.
Children's privacy
Ghost is not directed at children and collects no data from anyone, including children.
Third parties
Ghost integrates no third-party analytics, advertising, or data-sharing services. There are no third parties with whom we could share data, because we collect none.
Changes to this policy
If this policy changes, the “Last updated” date above will change and the revised policy will be posted at this page's URL.
Contact
Questions about this policy or the app's privacy design can be sent to: ghost@gaithano.com.