Ghost Watch for iOS — Effective May 15, 2026
Ghost Watch scans for potential surveillance threats using sensors and system APIs on your device. This includes Bluetooth signals (to detect nearby trackers and FAA Remote ID drones), network metadata (to identify suspicious connections), battery usage patterns, and cellular signal characteristics. All of this processing happens entirely on your iPhone. No scan results, threat data, or device information ever leaves your phone.
Ghost Watch requests location permission solely for the SOS emergency feature. When you trigger an SOS alert, your current GPS coordinates are included in the text message sent to your chosen emergency contacts and/or 911, so they can find you. Location data is never stored, logged, or transmitted to any server. If you do not use the SOS feature, Ghost Watch never accesses your location.
Ghost Watch uses Bluetooth Low Energy (BLE) scanning to detect nearby tracker devices such as AirTags, Tile, Samsung SmartTags, ZOLEO and Garmin inReach satellite communicators, and FAA Remote ID drone broadcasts. To detect a tracker that has been following you across multiple days, the app keeps a local history of which device identifiers have been seen and when. This history is stored only on your device and is never transmitted anywhere. Drone Remote ID broadcasts are public by federal regulation; storing them locally on your phone is not a privacy escalation.
When Shadow Watch is active, the back camera and microphone are used for on-device face / attention detection. The detection itself produces no stored images or audio.
However, you can deliberately trigger two evidence-capture actions with your safe-word voice triggers: Capture Photo and Start Recording. When you trigger one of these, the resulting JPEG photo or M4A audio file is saved to an Evidence Vault on this device. Files in the Evidence Vault are encrypted with AES-GCM-256 using a key derived from a PIN that you set; without that PIN they cannot be decrypted. iOS Data Protection (NSFileProtectionComplete) adds a second layer. You can review, export, and delete vault contents inside the app. Nothing in the vault leaves your device unless you choose to export an item via the system share sheet.
If you set up trusted contacts for the SOS feature, those phone numbers are stored locally on your device using iOS standard storage (UserDefaults). They are never uploaded, synced, or shared with any external service.
Ghost Watch monitors active network connections and cellular signal characteristics to detect anomalies that may indicate surveillance. This analysis is performed entirely on-device. No network traffic is intercepted, recorded, or transmitted.
Ghost Watch does not require or offer user accounts. There is no sign-up, no login, no email collection, and no cloud backend. The app operates fully offline after installation.
Ghost Watch contains zero third-party SDKs, analytics frameworks, crash reporters, or advertising networks. We do not use Firebase, Google Analytics, Facebook SDK, or any similar services.
Ghost Watch Pro is available as a subscription through Apple's App Store. All payment processing is handled entirely by Apple. We never see, collect, or store any payment information.
Ghost Watch stores the following data locally on your iPhone, all of it removed when you delete the app:
Ghost Watch is rated 12+ and is not directed at children under 13. We do not knowingly collect any information from anyone, including children.
If we update this privacy policy, the revised version will be posted at this URL with an updated effective date. Since we collect no data, meaningful changes to this policy are unlikely.
Questions about this privacy policy can be directed to: support@ghostwatch.ai