Privacy Policy

Privacy Policy

Last updated: 23 May 2026

GhostSIM ("we", "the App") is committed to protecting your privacy. This policy explains what limited data we collect, why we collect it, and the choices you have. The App is designed to be anonymous by default — we do not require an email, name, phone number, or any personal identifier to use it.

1. Information We Collect

We collect the absolute minimum required to operate the service:

• Anonymous Device ID — a random identifier generated on your device the first time you open the App. This is not linked to your real identity, your phone number, your Apple ID, or your Google account.
• RevenueCat User ID — generated by our purchase processor (RevenueCat) to associate your subscription with your installation. Not linked to any personal information.
• FCM Push Token — issued by Firebase Cloud Messaging if you allow notifications. Used solely to deliver push notifications when SMS codes arrive. Does not identify you personally.
• Locale & platform — your selected language (e.g. "en", "tr") and whether your device is iOS or Android, used only to deliver the correct UI.
• Purchase records — when you subscribe or buy credits, we record a transaction identifier and the SKU code. We never see your full card number or Apple/Google account email.
• Activation history — for each temporary phone number you request, we log the service code (e.g. "telegram"), country code, status, and timestamps so we can refund credits if no SMS arrives.
• SMS content — verification codes received via your temporary number are temporarily stored on our servers so the App can display them to you. They are visible only inside your anonymous session and automatically deleted after 90 days.

2. What We Do NOT Collect

• We do not access or read the SMS messages on your real device. The App has no SMS-reading permission.
• We do not collect your real phone number.
• We do not collect your email address, full name, or any contact information.
• We do not collect your IP address for tracking purposes (it appears only in standard server access logs).
• We do not embed Facebook SDK, Google Analytics, or any third-party advertising trackers in the App.
• We do not sell, rent, or trade any of your data with third parties.

3. Third-Party Services

The App relies on a small number of third-party services to function:

• Telephony provider — a third-party SMS gateway supplies the temporary phone numbers and forwards incoming SMS to our backend. The provider does not receive your Device ID or any user-level identifier; they only see that our service rented a number.
• RevenueCat — processes in-app subscriptions and credit purchases on behalf of Apple App Store and Google Play. Privacy policy: revenuecat.com/privacy.
• Firebase Cloud Messaging (Google) — delivers push notifications to your device. Receives only your push token and the notification payload. Privacy policy: firebase.google.com/support/privacy.
• Apple App Store / Google Play — handle payment, refunds, and subscription management directly. We do not see your credit card.

4. Data Retention

• Anonymous Device ID, RevenueCat User ID, and FCM token: retained while your account is active.
• Activation history: retained while your account is active.
• SMS codes received: retained for up to 90 days, then automatically deleted.
• Purchase transaction logs: retained per Apple/Google requirements (typically up to 7 years for tax/audit purposes), but never linked to a name or email.

5. Your Rights

You can permanently delete all your data at any time:

• Open the App → Settings → Delete Account
• This irreversibly removes your Device ID, credit balance, activation history, SMS codes received, and push token under your account.
• The deletion is immediate and final. No backup is kept.

If you are in the EU or UK and wish to exercise your GDPR rights (access, rectification, erasure, portability, objection), email us at semihmalkoc53@gmail.com. We respond within 30 days.

6. Notifications

If you enable push notifications, we send you alerts solely when an SMS verification code arrives at one of your active virtual numbers. We never use push notifications for advertising, marketing, or news. You can disable notifications at any time in your device settings.

7. Children

The App is rated 4+ and contains no objectionable content. However, in-app purchases require an Apple ID or Google account, which themselves have minimum age requirements set by the platform. Parents and guardians should supervise in-app purchases. We do not knowingly collect personal data from children since the App does not collect personal data at all.

8. Security

All communication between the App and our servers is encrypted via HTTPS (TLS 1.2+). Data at rest is stored in an encrypted database. Purchase webhook deliveries to our servers are authenticated with a shared secret. While we take reasonable precautions, no internet transmission is 100% secure.

9. International Transfers

Our servers are located in the European Union. Push notifications are routed through Google's global Firebase infrastructure. By using the App, you consent to your anonymous Device ID, push token, and activation logs being processed in these locations.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced inside the App. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For any privacy-related questions, contact us at:
Email: semihmalkoc53@gmail.com