Privacy Policy

GhostCode
Moonsail Software LLC
Last updated: May 2, 2026

This Privacy Policy explains how GhostCode ("the App", "we", "us") collects, uses, and protects your information.

1. No Account Required

GhostCode does not require an account, login, email address, or registration of any kind. We have no way to identify you as an individual.

2. Information We Collect

Message Content and Encryption Keys
Your message plaintext and saved encryption keys never leave your device. All encryption and decryption happens locally. We never receive, store, or have access to your plaintext or your keys.

Attestation and Verification Data
Creating or opening a Protected QR code requires a network request to our Verification Backend. As part of this request, the App collects a device integrity token from Google Play Integrity API (Android) or Apple App Attest (iOS). This token is sent to our backend to verify that you are running a genuine, unmodified copy of GhostCode on a non-compromised device. The backend stores short-lived, anonymous audit records (rate-limiting counters, attestation results, entitlement state) that contain no plaintext, no key material, and no personally identifying information. These records are automatically deleted within hours to days.

Analytics and Crash Reporting
The App uses Google Firebase Analytics to collect anonymized usage data such as screen views and feature interactions, and Firebase Crashlytics to collect crash reports. Firebase may collect device identifiers, IP address, and general device information. This data is used to understand how the App is used and to improve it. This collection is governed by Google's privacy policy.

Advertising Data
The free version of the App uses Google AdMob to serve ads. AdMob may collect your device's advertising identifier (Android Advertising ID or iOS IDFA), IP address, and other device information to serve personalized or non-personalized ads. When Ghost Mode is active, all ad requests are blocked at the application level. This collection is governed by Google's privacy policy.

In-App Purchases
If you purchase Ghost Mode or the ad-removal upgrade, the transaction is processed entirely by Google Play (Android) or the App Store (iOS). We receive only a confirmation of the purchase; we do not receive your payment details.

3. Permissions

The App requests only the permissions necessary to function:

• Camera — required to scan QR codes.
• Storage / Photo Library — required to read and save images for steganography.
• Biometric / Device Credentials — optional, used only if you enable the app lock feature. Biometric data is processed entirely by the operating system and never leaves your device.
• Internet — required for Protected QR creation and opening (Verification Backend), and by the Ad SDK in the free tier.

4. App Lock

App lock is a local, device-at-rest protection feature. Your PIN or biometric unlock is processed entirely on-device by the operating system. No unlock material, password verifier, or wrapped secret is ever transmitted to our servers or any third party. App lock does not provide account recovery — if you forget your PIN and have no biometric fallback, local protected data cannot be recovered.

5. Third-Party Services

Google Play Integrity API / Apple App Attest — used to verify the authenticity of the App and device before allowing Protected QR operations. Privacy policy: policies.google.com/privacy / apple.com/legal/privacy

Google Firebase Analytics & Crashlytics — collects anonymized usage and crash data to help us improve the App. Privacy policy: policies.google.com/privacy

Google AdMob — serves ads in the free version of the App and may collect device identifiers and usage data. Privacy policy: policies.google.com/privacy

Google Play Billing / Apple App Store — processes in-app purchases. Privacy policy: policies.google.com/privacy / apple.com/legal/privacy

6. Data Retention and Deletion

Message content and encryption keys are stored locally on your device only. Uninstalling the App removes all locally stored data. We have no copy of this data and cannot delete or recover it on your behalf.

Attestation audit records on our Verification Backend are automatically deleted within hours to days. We retain no long-term personal records.

If you use the panic wipe feature, all app lock state, saved keys, and creator registry data stored locally by the App are immediately and permanently deleted from your device.

7. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information through the App, please contact us and we will take appropriate action.

8. Your Rights

Because we do not collect personally identifying information ourselves, there is no personal profile for us to provide or delete. For data collected by third-party services such as Google AdMob, you can manage your ad preferences through your device settings (Android: Google → Ads; iOS: Privacy & Security → Apple Advertising).

If you are located in the European Economic Area or California, you may have additional rights under GDPR or CCPA. Contact us at the address below to exercise those rights.

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the App after any changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, please contact us at:
[email protected]