Privacy Policy

"We can't see your data, even if we wanted to."

Effective Date: December 2025 | Jurisdiction: New South Wales, Australia

The Promise

Most privacy policies explain how they manage your data. GhostLine is architected to make data collection technically impossible.

This policy complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). However, because we do not collect personal information, most APPs do not apply to us.

Zero Server LogsWe do not store who called whom, or when.
Client-Side KeysEncryption keys are generated on your device and never leave it.

What We CANNOT See

1. Your Encryption Keys
The decryption key lives in the URL hash fragment (after the # symbol). Browsers do not send hash fragments to web servers. Our servers see ghostline.app/call/123, but they never see the key.

2. Your Video and Audio
All media streams are Peer-to-Peer (WebRTC). Video data flows directly between participants. It does not pass through our servers. WebRTC mandates DTLS-SRTP encryption for all media, meaning even if data were intercepted, it would be unreadable.

3. Your Identity
We do not require accounts, emails, phone numbers, or any personally identifiable information.

What We DO Collect

Ephemeral Signaling Data: To connect two browsers, our signaling server (PeerJS) temporarily holds a randomized Peer ID and your IP address. This data is not logged and is discarded immediately upon disconnection.
IP Address Exposure: WebRTC connections may reveal your IP address to the other party in the call. This is inherent to P2P technology. Use a VPN if you require IP anonymity.
Hosting Provider Logs: Our hosting provider (Vercel) may collect standard web server logs (IP addresses, access times, URLs visited). These logs are subject to Vercel's privacy policy.

Third-Party Services

Service	Purpose	Data Access
PeerJS (0.peerjs.com)	WebRTC Signaling	Peer ID, IP (ephemeral)
Vercel	Website Hosting	Standard access logs
Google/Twilio STUN	NAT Traversal	IP address (not logged by us)

Your Rights (Australian Residents)

Under the Privacy Act 1988, you have the right to:

Request access to personal information we hold about you (we hold none).
Request correction of inaccurate information (not applicable).
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Cookies and Tracking

GhostLine does not use cookies, analytics trackers, or any form of persistent client-side storage. We do not track you across sessions or websites.

Contact

Questions? Found a vulnerability? Contact: contact@sreekarreddy.com

Last updated: December 2025

← Return to GhostLine