Privacy Policy

Data Storage

All data — including authenticator secrets, PIN, and recovery codes — is encrypted with AES-256-GCM and stored locally on your device. Encryption keys are held in your platform's secure keystore (Windows Credential Manager, macOS Keychain, iOS Keychain, or Android KeyStore). Ghost Auth has no servers, accounts, or cloud storage.

Network Access

Ghost Auth is offline-first and has no cloud connection. Network activity only occurs in two cases, both requiring explicit user action:

Device sync — When you initiate device-to-device or device-to-extension sync, accounts are transmitted over your local network with end-to-end encryption (AES-256-GCM with HKDF-SHA256 session keys).

Crash reporting — If you opt in via Settings, anonymized crash reports are sent to a self-hosted GlitchTip instance. See the section below for details.

Analytics & Tracking

Ghost Auth does not include analytics, telemetry, or advertising. There are no third-party SDKs that collect usage data.

Crash Reporting

Ghost Auth includes an optional, opt-in crash reporter. It is disabled by default and must be explicitly enabled in Settings.

When enabled, crash reports are sent to a self-hosted GlitchTip instance (not a third-party service). All reports pass through an aggressive sanitizer that redacts TOTP secrets, otpauth:// URIs, PINs, passwords, recovery codes, account names, file paths, and other sensitive data before transmission. Reports are encrypted with AES-256-GCM on disk and automatically deleted after 30 days.

Reports include: app version, OS name/version, crash type, code location, and up to 20 recent warning/error breadcrumbs (sanitized). Reports do not include: TOTP secrets, account names, PINs, passwords, IP addresses, device identifiers, or file paths.

When you disable crash reporting, all queued reports and breadcrumbs are immediately deleted.

Biometrics

If you enable biometric unlock, authentication is handled by your device's operating system. Ghost Auth does not access or store biometric data.

Backups

Backups are encrypted with a password you choose (derived via Argon2id) and saved locally. Ghost Auth does not upload backups anywhere.

Browser Extension

The companion browser extension stores encrypted data in browser.storage.local, sandboxed to the extension. It does not access browsing history, page content, or cookies. The only content script interaction is an optional on-demand QR scanner overlay, triggered explicitly by the user.

Third Parties

Ghost Auth does not share data with third parties.

Open Source

Ghost Auth is open source. You can review the code and cryptographic design on GitHub.

Contact

Questions? Open an issue on GitHub.