Privacy Policy

Effective Date: October 17, 2025
Last Updated: October 17, 2025
Application: GhostShot Mobile Application

1. Introduction

This Privacy Policy governs the collection, use, and disclosure of information by GhostShot ("we," "our," or "us") in connection with the GhostShot mobile application (the "App"). We are committed to protecting user privacy and have designed our App to minimize data collection while providing full functionality.

2. Information Collection and Use

Core Privacy Principle: GhostShot does not collect, store, or transmit any personal information or user-generated content to our servers or third parties, with the limited exception of anonymized crash reporting data as described in Section 3 below.

2.1 Personal Information

We do not collect, store, or process any personal information, including but not limited to:

Names, email addresses, or contact information
Location data or geolocation information
Device identifiers beyond what is necessary for crash reporting
User behavior or analytics data
Advertising identifiers

2.2 Photo and Media Content

All photographs captured or processed within the App are stored exclusively on your device in the application's private sandbox storage. Specifically:

Photos are never uploaded to our servers or any cloud storage service
Photo content remains entirely under your control
No image analysis, facial recognition, or content scanning is performed on our servers
Photos are only accessible by the App and are isolated from other applications
Deletion of the App results in permanent removal of all stored photos

3. Crash Reporting and Diagnostics

3.1 Firebase Crashlytics

The App uses Firebase Crashlytics, a crash reporting service provided by Google LLC, to help us identify and resolve technical issues. Firebase Crashlytics collects limited, anonymized technical information when the App crashes or encounters errors.

3.2 Data Collected by Crashlytics

Firebase Crashlytics may automatically collect the following technical data:

Crash traces and stack traces
Device model and operating system version
App version and build number
Timestamp of crash events
General device state information (memory usage, disk space, battery level at time of crash)
Installation UUID (a randomly generated identifier that does not identify you personally)

3.3 What is NOT Collected by Crashlytics

Firebase Crashlytics does not collect:

Your photos or any image content
Personal identifying information
User-generated content or text
Precise location data
Contact lists or address book information

3.4 Purpose and Legal Basis

Crash data is collected solely for the purpose of improving App stability and user experience. This processing is based on our legitimate interest in maintaining a functional and reliable application. You may opt out of crash reporting through your device settings, though this may limit our ability to diagnose and fix issues affecting your experience.

4. OCR and Text Recognition

4.1 On-Device Processing

The App includes an Optical Character Recognition (OCR) feature that allows you to extract text from photos. This feature operates entirely on your device using Apple's native Vision framework.

4.2 OCR Data Handling

Text recognition is performed with the following privacy safeguards:

All OCR processing occurs locally on your device
No images or extracted text are transmitted to our servers
No images or text are sent to third-party services
Recognized text is stored only in the App's private sandbox alongside the associated photo
Text data is subject to the same automatic deletion schedule as the photos
No OCR data is used for machine learning, model training, or any other purpose

5. Local Data Storage

5.1 App Sandbox Storage

All data created within GhostShot is stored in the application's private sandbox directory, which is:

Isolated from other applications on your device
Not accessible without your device passcode or biometric authentication
Protected by iOS security measures
Automatically removed upon app deletion

5.2 Automatic Deletion

Photos within the App are automatically deleted based on user-selected retention periods (ranging from 30 minutes to 1 week, or immediate deletion after sharing). This process:

Operates entirely on your device without network connectivity
Results in permanent deletion of photo files and associated metadata
Includes a 24-hour recycle bin feature for recovery of accidentally deleted items
Cannot be reversed once the recycle bin period expires

5.3 User Preferences

Application settings and preferences (language selection, theme, default retention period) are stored using iOS UserDefaults. This information:

Remains on your device
Is not synchronized or backed up to our servers
Is removed when you uninstall the application

6. Device Permissions

The App requires the following permissions to function:

6.1 Camera Access (Required)

Camera permission is necessary to capture photos within the App. The camera is only activated when you explicitly use the capture feature.

6.2 Photo Library Access (Optional)

Photo library access is requested only when you choose to save a photo from the App to your device's Photos library. This permission is not required for basic App functionality. The App cannot access existing photos in your library without your explicit authorization for each access.

You may manage these permissions at any time through your device's Settings application under Privacy & Security.

7. Third-Party Services

The App does not integrate with third-party analytics, advertising networks, or social media services, with the sole exception of Firebase Crashlytics as described in Section 3. The App uses only native Apple frameworks for all core functionality.

8. Data Security

We implement appropriate technical and organizational measures to protect data stored on your device:

All data is stored in the iOS application sandbox with system-level access controls
No network transmission of user content occurs (eliminating transmission-related security risks)
Automatic deletion mechanisms reduce data retention exposure
No server infrastructure eliminates remote breach vectors

9. Children's Privacy

The App does not knowingly collect personal information from children under the age of 13 or any other age threshold defined by applicable law. Because we do not collect personal information from any users, the App is compliant with the Children's Online Privacy Protection Act (COPPA) and similar regulations.

10. International Data Transfers

Because all user data is stored locally on your device and not transmitted to our servers, international data transfer considerations do not apply to user-generated content. The limited crash reporting data transmitted to Firebase Crashlytics may be transferred to and processed in the United States and other countries where Google maintains infrastructure. Google's data processing practices are governed by their privacy policy and applicable data protection agreements.

11. Data Retention

User-generated photos and associated data are retained only for the duration specified by your selected retention period. After this period expires (and after any applicable recycle bin period), data is permanently and irreversibly deleted from your device.

Crash reporting data collected by Firebase Crashlytics is retained according to Google's data retention policies, typically for a period of 90 days.

12. Your Rights and Choices

Given that we do not collect personal information:

No personal data exists in our systems to access, correct, or delete
Data portability rights do not apply as no data is stored centrally
All user-generated content is under your direct control on your device
You may opt out of crash reporting through your device settings or by contacting us

To exercise any privacy rights or request information about crash reporting, please contact us using the information provided in Section 15.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective upon posting to this page with an updated "Last Updated" date. Material changes will be communicated through the App or other appropriate means. Your continued use of the App following the posting of changes constitutes your acceptance of such changes.

14. Legal Compliance

This Privacy Policy is designed to comply with:

Apple App Store Review Guidelines
General Data Protection Regulation (GDPR) - EU
California Consumer Privacy Act (CCPA) - United States
Children's Online Privacy Protection Act (COPPA) - United States
Other applicable data protection and privacy laws

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: help.ghostshot@gmail.com
Support: https://ptroya.github.io/ghostshot-legal/support.html

We will respond to all legitimate requests within a reasonable timeframe in accordance with applicable law.