Privacy First: Ghost Car is built with your privacy as the top priority. Your location data stays on your device and syncs only via your private iCloud account. We don't collect, sell, or share your personal information.
Overview
Ghost Car ("we", "our", or "the app") is a drive recording and comparison app for iOS. This Privacy Policy explains how we handle your information when you use our app.
Information We Collect
Location Data
When you record a drive, the app collects:
- GPS coordinates - Your location points during the drive
- Speed data - Current, average, and maximum speeds
- Distance - Total distance traveled
- Duration - Time spent driving
- Altitude - Elevation data from GPS
- Heading - Direction of travel
Device Information
When you share drives, we temporarily collect:
- Device ID - Anonymous identifier for rate limiting (prevents abuse)
- IP Address - Used for rate limiting only, not stored long-term
How We Use Your Information
Local Storage
All your drive data is stored locally on your device using Apple's SwiftData framework. We cannot access this data.
iCloud Sync (Optional)
If you're signed in to iCloud, your drives sync across your devices using CloudKit Private Database. This means:
- Data is encrypted and stored in your personal iCloud account
- We cannot access your iCloud data
- Apple's iCloud Privacy Policy applies
- You can disable sync by turning off iCloud for Ghost Car in iOS Settings
Drive Sharing
When you share drives with others:
- Drive data is temporarily uploaded to our server (
api.ghostcar.app)
- A unique share link is generated (
share.ghostcar.app/[unique-id])
- Links expire after 24 hours and are automatically deleted
- Anyone with the link can view and import the shared drives
- Recipients get their own independent copy of the data
- We use device ID and IP address for rate limiting (5 uploads/hour, 20/day per device)
Data Retention
On Your Device
Drive data stays on your device until you delete it. You have full control.
Shared Links
When you share drives:
- Data is stored on our server for up to 24 hours
- Files are automatically deleted after expiration
- An automated cleanup process runs every hour
- Rate limiting data is kept temporarily for spam prevention
What We DON'T Do
Ghost Car is committed to protecting your privacy. We do NOT:
- ❌ Sell your data to third parties
- ❌ Use your data for advertising
- ❌ Track your location when you're not actively recording
- ❌ Share your data with anyone (except when you explicitly create a share link)
- ❌ Require an account or login
- ❌ Use analytics or tracking tools
- ❌ Access your photos, contacts, or other personal data
Third-Party Services
Apple iCloud
If you enable iCloud sync, your data is handled by Apple's CloudKit service. Apple's Privacy Policy applies.
Apple Maps
The app uses Apple MapKit for displaying maps. Apple's Privacy Policy applies to map data.
Security
We take reasonable measures to protect your data:
- All data transmission uses HTTPS encryption
- Share links require unique, unguessable IDs
- Rate limiting prevents abuse of the sharing service
- API access requires authentication
- Shared files are validated and sanitized
Your Rights
You have complete control over your data:
- Access - View all your drives in the app
- Delete - Swipe to delete any drive
- Export - Share drives to save them elsewhere
- Opt-out of sync - Disable iCloud in iOS Settings
Children's Privacy
Ghost Car is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us.
Location Permissions
The app requires location permissions to function:
- "While Using" - Records drives only when the app is open
- "Always" - Optional, for background tracking (future feature)
You can change permissions anytime in iOS Settings → Privacy & Security → Location Services → Ghost Car
Changes to This Policy
We may update this Privacy Policy occasionally. We'll notify you of significant changes through the app or by updating the "Last Updated" date above.
Data Processing Location
Shared drive data is temporarily processed and stored on servers located in the United States. By using the sharing feature, you consent to this transfer.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us:
California Privacy Rights
If you're a California resident, you have additional rights under CCPA:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we don't sell your data)
GDPR Compliance (European Users)
If you're in the European Economic Area:
- Legal basis for processing: Your consent when you use the app
- Right to access, rectify, erase, or port your data
- Right to object to processing
- Right to lodge a complaint with supervisory authorities
Bottom Line: Ghost Car is designed to give you full control over your data. Everything stays on your device unless you explicitly choose to share it. We believe your drives are your business, not ours.