Privacy Policy

Last Updated: June 21, 2026

1. Introduction

GhostVault ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use the GhostVault mobile application.

2. Data We Collect

2.1 Data You Provide

  • Vault Data: Passwords, usernames, website URLs, notes, and other credential information you store in your vault
  • Two-Factor Authentication (2FA) Codes: TOTP secrets and related authentication data
  • App Settings: Your preferences for app functionality (e.g., biometric authentication preferences, screen capture prevention)

2.2 Data We Collect Automatically

  • Usage Data: App usage statistics, crash reports, and performance data
  • Device Information: Device type, operating system version, and app version

2.3 Data We Do NOT Collect

  • We do not collect your vault master password
  • We do not have access to your decrypted vault contents
  • All vault data is encrypted locally on your device

3. How We Use Your Data

3.1 Core Functionality

  • Store and manage your passwords and credentials
  • Generate and manage 2FA codes
  • Provide secure access to your vault via biometric authentication

3.2 App Improvement

  • Analyze usage patterns to improve app performance and features
  • Debug and fix issues using crash reports

3.3 Subscription Management

  • Process subscription payments via RevenueCat
  • Manage premium features access

4. Third-Party Services

4.1 RevenueCat

We use RevenueCat to manage in-app purchases and subscriptions. RevenueCat may collect:

  • Subscription status and purchase history
  • App usage data related to subscription features

RevenueCat's privacy policy: https://revenuecat.com/privacy

4.2 Apple App Store

Apple may collect data related to your app usage and purchases as part of their services.

5. Data Storage and Security

5.1 Local Storage

  • All vault data is encrypted using AES-256 encryption
  • Your master password is never stored or transmitted
  • Data is stored locally on your device

5.2 Cloud Storage (Optional)

  • If you enable cloud sync, data is encrypted before transmission
  • We use Apple's iCloud for secure cloud storage
  • We cannot access your cloud-stored data

6. Data Retention and Deletion

6.1 Data Retention

  • Vault data is retained until you delete it
  • Usage analytics are retained for up to 12 months
  • Subscription data is retained as required by law and for subscription management

6.2 Data Deletion

You can delete your data by:

  • Deleting individual entries from your vault
  • Deleting your entire vault from within the app
  • Requesting account deletion through the app's settings

When you delete your data:

  • All vault data is permanently removed from your device
  • Cloud-stored data is deleted from iCloud
  • Subscription data is retained only as required for legal and business purposes

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data
  • Opt out of data collection (where applicable)

8. Children's Privacy

GhostVault is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy in the app and on our website.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

  • Email: support@ghostvault.app
  • Website: https://ghostvault.app/privacy

11. Legal Basis for Processing

We process your data based on:

  • Contractual Necessity: To provide the app's core functionality
  • Legitimate Interest: To improve app performance and security
  • Legal Obligation: To comply with applicable laws

12. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data.

13. California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights under the CCPA, including the right to opt out of the sale of your personal information. GhostVault does not sell your personal information.