Ghost Pad

Privacy Policy

Last updated: March 28, 2026

What we collect

We only collect what is strictly necessary to make GhostPad work:

  • Temporary notes and files you create (stored only until they expire or are burned)
  • Basic technical data (IP address, browser type) for rate limiting and abuse prevention
  • Donation information if you choose to support us via Ko-fi

Client-side encryption

When you set a passcode, your note is encrypted in your browser before it ever reaches our server. We never see or store your plaintext content.

Data retention

All notes and files are automatically deleted after the chosen expiry time or immediately after being read (if burn-after-reading is enabled). We do not keep backups.

Third parties

We use Supabase (Postgres + Storage) to temporarily store notes and files. Supabase's privacy policy applies to the data we send them.

Your rights (GDPR, CCPA, DPDP, etc.)

You can request deletion of any data we hold about you at any time by emailing ghostpad@proton.me. Because notes self-destruct, most data is already gone by the time you ask.

Changes

We may update this policy. We will notify you by posting the new version on this page.