Privacy Policy

1. Introduction

This Privacy Policy explains how Ghostchart (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use the Ghostchart mobile application and related services (the “Service”).

Ghostchart is a BTC charting and trading tool. We are not a broker, exchange, or financial institution. We do not hold funds, execute trades on your behalf, or provide investment advice.

2. Information We Collect

Account Information

• Email address — for authentication, recovery, and service communications
• Password — stored only as a cryptographic hash (bcrypt). We never store plaintext passwords
• Display name (optional)

Exchange API Keys

API keys you provide are encrypted at rest using AES-256, used only to execute actions you initiate, and never shared with third parties beyond the exchange you connected.

Usage Analytics

We collect anonymized usage data (feature usage patterns, performance metrics, device type). This data cannot identify you personally. You may opt out at any time in Settings.

What We Do NOT Collect

• Location data
• Device contacts, photos, or files
• Financial account numbers or exchange passwords
• Cross-app or cross-site tracking

3. How We Use Your Information

We use your data to provide and operate the Service, send alerts you configure, improve the experience via anonymized analytics, and communicate service updates. We do not use your data for advertising, ad targeting, or selling to third parties.

4. Third-Party Services

• Exchange APIs — Your API keys are sent to the exchange you connected when you take actions
• Sentry — Crash reports (device type, OS, stack traces — no personal data)
• PostHog — Anonymized product analytics

We do not share, sell, rent, or trade your personal information with any other third parties.

5. Data Retention

• Account data: retained while active, deleted within 30 days of account deletion
• API keys: deleted immediately on disconnection
• Usage analytics: anonymized after 12 months
• Crash reports: purged after 90 days

6. Your Rights

All users can request access, deletion, portability, and correction of their data, and opt out of analytics. GDPR users have additional rights including restriction, objection, and withdrawal of consent. California residents have rights under CCPA/CPRA. We do not sell personal information.

Contact privacy@ghostchart.app to exercise any rights. We respond within 30 days.

7. Data Security

API keys encrypted with AES-256. Passwords hashed with bcrypt. All data in transit protected with TLS 1.2+. Regular security reviews. Access restricted on a need-to-know basis.

8. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

Material changes will be communicated via email or in-app notification at least 30 days before taking effect.

10. Contact Us

Email: privacy@ghostchart.app