PRIVACY POLICY

Privacy Policy — GhostChat.live

Effective Date: October 31, 2025
Operator: GhostChat.live (independent developer, Romania)
Contact: ghostchatlive@gmail.com

This Privacy Policy explains how GhostChat.live (“GhostChat”, the “Service”) processes information. We designed GhostChat to minimize data: no accounts, no permanent message storage. If you do not agree with this Policy, do not use the Service.

1) What We Are (and Aren’t)

Anonymous & ephemeral. Messages, drawing/voice payloads are processed only to operate an active session and are not written to disk by us. No accounts, no archives. We cannot restore past sessions. No ads or behavioral profiling.

2) Data We Process

A. Session Content (Ephemeral)
What: chat payloads you send (e.g., encrypted blobs iv + ct, public keys for key exchange). How: relayed in memory between paired sockets; not persisted by us. When deleted: on delivery/timeout or when the session ends.

B. Technical Data (Minimal)
What: IP address (networking + per-IP rate-limit), device name/user-agent (compatibility/diagnostics), timestamps/error events (reliability). Retention: per-IP rate-limit entries ~1 minute; live connection data exists only while connected and is cleared on disconnect; pairing codes are deleted when consumed or expired (waiter 60s, backup up to ~5 minutes). We do not build profiles and do not store conversation history.

C. Local Device Storage (On Your Device)
What: simple preferences like “Terms accepted.” Where: your device (e.g., localStorage). Not shared with us unless you send it.

3) Purposes & Legal Bases (GDPR)

Provide the Service (operate the live relay): performance of a contract (Art. 6(1)(b)). Security & reliability (rate-limit, prevent abuse): legitimate interests (Art. 6(1)(f)). Legal compliance (respond to valid legal orders): legal obligation (Art. 6(1)(c)). Optional device permissions (e.g., microphone for voice): consent (Art. 6(1)(a))—granted by enabling the feature.

4) Sharing / Disclosure

No sale or “sharing” of personal information for behavioral advertising. Service providers: none beyond essential hosting/networking at the time of this Policy. If added, they will act as processors under contract and only on our instructions. Legal requests: we disclose only what we actually hold at that time (often nothing persisted due to our design).

5) International Transfers

Hosting is intended in the EU/EEA where possible. If data is processed elsewhere, we use appropriate safeguards (e.g., SCCs).

6) Retention

Session content: in memory only; discarded when delivered/timeout or when the session ends. Technical data: per Section 2(B) above; short-lived and auto-deleted. Legal holds: if we must preserve minimal data to comply with a legal obligation, we retain only what’s required and only as long as required.

7) Security

Transport encryption (TLS), no content logging, and in-memory processing for chat content. No system is perfectly secure; keep your device and network safe.

8) Your Rights

Control: choose what you send; you can stop using the Service at any time. GDPR (EEA/UK): rights to access, rectify, erase, restrict, object, portability, and withdraw consent (where applicable). Because we do not keep accounts or archives, some rights (e.g., access/portability of message history) may not apply. CCPA/CPRA (California): rights to know, delete, correct, and opt-out of sale/sharing (we do not sell/share). Requests: ghostchatlive@gmail.com. You may also complain to your data protection authority.

9) Children’s Privacy

The Service is intended for users 16+. We do not knowingly process data from children under that age.

10) Cookies & Similar Tech

We avoid cookies. If any are used, they will be strictly necessary for operation. We do not run analytics/ads by default. Local preferences may be stored on your device.

11) Law Enforcement & Emergencies

We do not proactively monitor private sessions. Upon a valid legal order, we respond within the limits of data actually held. If we become aware of an imminent risk of serious harm, we may use minimal technical information already available and, where permitted by law, contact appropriate services.

12) Changes to This Policy

We may update this Policy; the Effective Date will change. Continued use means you accept the updated Policy.