🔒 HideGhost

HideGhost is committed to protecting your privacy. This policy explains how we handle data in our anonymous, encrypted chat service.

• No user registration or accounts
• No email addresses
• No phone numbers
• No personal identification information
• No IP addresses or access logs
• No long-term message storage
• No tracking cookies
• No analytics or user behavior tracking

For the service to function, we temporarily store in RAM memory:

• Chat messages: All messages are AES-256 encrypted and stored only in server RAM
• Files (images, videos, voice): Encrypted before upload and stored in temporary encrypted folders
• Room IDs: Temporary identifiers for chat rooms
• Connection data: WebSocket session IDs (cleared on disconnect)
• Timestamps: For auto-deletion timing only

All messages are automatically end-to-end encrypted using AES-256 encryption in your browser:

• Encryption/decryption happens entirely in your browser
• The encryption key is derived from your Room ID
• We cannot read your messages - only you and the recipients can
• Images, videos, and voice messages are also AES-256 encrypted before upload

Our infrastructure is designed for maximum privacy with zero logging.

We use minimal browser storage for essential functionality only:

• Theme preference: localStorage for dark/light mode (stays on your device)

No tracking cookies. No analytics cookies. No third-party cookies.

None. HideGhost uses no third-party services, no CDNs, no analytics, and no advertisements. Everything runs on our own servers.

All data retention periods:

• Chat messages: Stored encrypted in RAM, deleted after 5 minutes of inactivity
• Files (images/videos/voice): Encrypted on disk, deleted when chat ends
• Room data: Deleted when chat ends or after timeout
• Server logs: None - we don't keep logs
• User data: None - we don't have accounts

We cooperate with law enforcement when legally required. However, due to our architecture:

• We cannot provide historical messages (nothing is stored)
• We cannot decrypt end-to-end encrypted messages (we don't have the keys)
• We cannot identify users (no accounts, no IP logs)
• We have no data to preserve or disclose

HideGhost is intended for general use. We do not knowingly collect information from anyone, including minors. Due to our zero-data-collection model, we cannot verify user ages.

Parents should supervise their children's internet usage.

HideGhost can be accessed from anywhere in the world. Since we don't collect or store user data, there is no data transfer or processing to worry about.

Your encrypted messages stay in RAM on our server briefly before being deleted forever.

We implement multiple security measures:

• HTTPS/TLS: All connections are encrypted in transit
• AES-256 encryption: All messages, images, videos, and voice encrypted
• WebRTC encryption: Peer-to-peer calls with DTLS-SRTP
• Rate limiting: Prevents abuse and brute-force attempts
• Security headers: Protection against XSS, CSRF, and clickjacking
• No persistent storage: RAM-only means data dies with the server

Given our zero-data-collection model:

• Right to Access: No personal data is stored, so there's nothing to access
• Right to Deletion: Data auto-deletes; you can manually end chats anytime
• Right to Portability: Not applicable (no user accounts or stored data)
• Right to Objection: Simply don't use the service
• Right to Rectification: Not applicable (no stored personal data)

We may update this privacy policy from time to time. The "Last Updated" date at the top will reflect any changes. Continued use of HideGhost after changes constitutes acceptance of the updated policy.

For privacy concerns, questions, or feedback, contact us through our Contact Form.