Ghost

Privacy Policy

Effective 23 June 2026

1. Overview

Ghost Messenger is a private messaging and calling application operated by PT Money Industrial Factory, a company incorporated in Indonesia and located at Benoa Square Building, Lantai 2, Unit No. 1-4 (2/A) & 23-26 (2/B), Jl. Bypass Ngurah Rai No. 21A, Kabupaten Badung 80361, Bali, Indonesia ("Ghost Messenger", "we", "us", or "our"). PT Money Industrial Factory is the controller responsible for the limited data processed through the service. This Privacy Policy explains what information we do and do not process when you use our mobile applications, and the choices and rights you have. Ghost Messenger is available to users worldwide.

Our core principle is data minimisation. Your messages and calls are end-to-end encrypted, which means we cannot read their content. We do not require your phone number, email address, or real name, and we do not run advertising or third-party tracking. By using the app, you agree to the practices described in this policy.

2. Information We Do Not Collect

We do not collect your phone number, email address, or real name. We do not upload, scan, or store your device address book. We cannot read the content of your messages or calls, which are end-to-end encrypted on your device. We do not use advertising identifiers, and we do not embed third-party advertising or analytics tools that profile you. We do not collect your location unless you choose to share it inside a specific message.

3. Information We Process To Provide The Service

To route encrypted messages and connect calls, our relay processes a limited amount of technical information:

  • Account keys. A public identity key, signed pre-keys, and a routing identifier, all generated on your device, are stored on our relay so that other people can establish an encrypted session with you and so that messages can be delivered to your device.
  • Optional profile. If you choose to set a display name or make your Ghost ID discoverable, that information is stored until you change or remove it.
  • Encrypted messages in transit. Messages are held only until they are delivered to the recipient, then removed from our servers. We cannot decrypt them.
  • Connection data. Your IP address and similar connection details are processed transiently to route traffic. We do not use them to profile you and do not retain them as a history of your activity.
  • Push token. To deliver notifications, we register a push token with Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM).

4. How We Use Information

We use the limited information described above solely to operate Ghost Messenger: to deliver your encrypted messages and calls, to send notifications, and to keep the service secure and reliable. We do not use it for advertising, we do not build a profile of you, and we do not sell or rent it.

5. Legal Bases (EEA / UK Users)

If you are in the European Economic Area or the United Kingdom, we process the limited data above on the basis of our legitimate interests in operating a secure messaging service and performing our contract with you to deliver the app’s functionality. Where required, we rely on your consent, which you may withdraw at any time by discontinuing use of the service.

6. Third-Party Services

A small number of services help deliver the app and receive only what is strictly necessary:

  • Apple (APNs) and Google (FCM) deliver push notifications. They receive a device push token and a wake signal, not your message content or your contacts.
  • Our hosting and relay infrastructure transmits encrypted traffic between devices.

These providers process data under their own privacy policies. We do not share your information with advertisers or data brokers.

7. Data Retention

We do not keep a history of your messages or calls. Encrypted messages are removed from our relay once they are delivered. Account keys and any optional profile information remain only while your account exists; deleting your account removes them. The large majority of your data, including your message history, exists only on your own device under your control.

8. Security

Messages and calls are end-to-end encrypted using a modern key-exchange and ratchet protocol. Data stored on your device is held in an encrypted SQLCipher (AES-256) database whose key is protected by your device hardware keystore (StrongBox or the Trusted Execution Environment). The app also offers a per-conversation lock and a Panic PIN that immediately and permanently erases the encrypted database on your device. No method of transmission or storage is perfectly secure, but we design the service to minimise what could ever be exposed.

9. Your Rights and Choices

Ghost Messenger is available worldwide, and we honor the privacy rights available where you live. Depending on your location (for example, the EEA and the UK under the GDPR, or California under the CCPA/CPRA), you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing.

Because we hold almost no personal data and cannot read your content, most of your information exists only on your device and is within your direct control. You may delete your account and wipe your local data from within the app at any time, or use Panic Mode for an instant on-device wipe. We do not sell or share your personal information, and we do not use it for cross-context behavioral advertising. To exercise a right or ask a question, contact us using the details in section 13.

10. International Data Transfers

We operate globally. The limited, encrypted technical data needed to route your messages may be processed on servers located outside your country, including in jurisdictions whose data-protection laws differ from your own. We minimise this data, and message and call content remains end-to-end encrypted at all times.

11. Children’s Privacy

Ghost Messenger is not directed to children. You must be at least 13 years old to use the app, or older where your country sets a higher minimum age for consent to online services (for example, up to 16 in parts of the EEA). We do not knowingly collect personal data from children below the applicable age. If you believe a child has provided us with data, please contact us and we will take appropriate steps.

12. Account and Data Deletion

You can delete your account and erase your local data directly within the app, and Panic Mode lets you wipe the on-device database instantly. For step-by-step instructions, see our Account Deletion page.

13. Changes and Contact

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and, where appropriate, provide additional notice in the app.

If you have any questions about this policy, how your data is handled, or wish to exercise a privacy right, contact us at:

PT Money Industrial Factory

Benoa Square Building, Lantai 2, Unit No. 1-4 (2/A) & 23-26 (2/B), Jl. Bypass Ngurah Rai No. 21A, Kabupaten Badung 80361, Bali, Indonesia

Email: officemoneyindustrialfactory@gmail.com

See also our Account Deletion page.