Skip to content

Privacy policy

Last updated: July 13, 2026

Ghostwall (“the app,” “we,” “us”) is built on a simple principle: your data should stay on your device. This policy explains exactly what that means in practice.

The short version

Ghostwall doesn’t have user accounts, doesn’t run analytics or advertising SDKs, and doesn’t operate a server that receives your browsing activity, location, or app usage. The data the app generates to do its job — firewall rules, blocked-domain history, tracking-attempt logs — is stored in a local database on your device and is never transmitted to us. We don’t have a way to see it, because it never leaves your phone.

What Ghostwall stores locally

To provide DNS Shield, the firewall, tracker detection, and related features, the app maintains a local database containing:

  • Firewall rules — which apps you’ve blocked, and whether that block applies to Wi-Fi, mobile data, or both.
  • Blocked-domain and event history — a log of tracker/ad domains DNS Shield has blocked, used to show your blocked-tracker counts and 7-day trend chart.
  • Tracking attempts — a record of which installed apps have tried to reach known tracker domains, and how often.
  • Custom blocklist entries (Pro) — domains you’ve imported from a hosts-file blocklist.
  • Per-app DNS routing rules (Pro) — which DNS provider you’ve assigned to specific apps.
  • Privacy Profiles (Pro) — the automation rules you’ve configured (time windows, Wi-Fi network names, and which protections they toggle).

None of this is linked to your name, email, or any account, because no account exists. Uninstalling the app deletes this data along with it — the app does not back this database up to any cloud service.

You can also erase this history at any time from inside the app: Settings → Panic Wipe disconnects all active protections and permanently deletes your tracker and event history immediately.

Permissions, and exactly what they’re used for

  • VPN service permission powers DNS Shield and the firewall. It lets the app intercept DNS queries (to check them against tracker/ad blocklists) and enforce per-app network rules. It does not let us read, log, or transmit the content of your browsing — only domain names involved in DNS lookups are inspected, and only to decide whether to block them.
  • Location permission (fine/coarse) is used exclusively to power GPS spoofing (showing apps a fake location you choose). Your real location is never read, logged, or transmitted by Ghostwall. This permission also lets Android list Ghostwall as an available mock-location app in Developer Options, which has no effect beyond that listing.
  • Wi-Fi state permission is used only to read the currently-connected Wi-Fi network’s name, so Pro Privacy Profiles can trigger based on which network you’re on. This check happens locally on your device and is never transmitted anywhere.
  • Notification permission is used to show the ongoing protection-status notification and tracker-blocked alerts.

Network connections Ghostwall makes on your behalf

Because Ghostwall is a networking and anonymity tool, it necessarily makes some outbound connections as part of doing its job. These go to the third party you’ve selected or specified, not to us:

  • DNS-over-HTTPS queries go to whichever resolver you choose (Cloudflare, Google, AdGuard, Quad9, or NextDNS). Each operates under its own privacy policy — we encourage you to review the one for your chosen provider.
  • Tor connections route through the public Tor network, operated by independent, volunteer-run relays outside our control.
  • IP-check requests — when you tap “Check My IP” or connect to Tor, the app queries api.ipify.org or cloudflare.com/cdn-cgi/trace to display your current public IP address and, if applicable, your Tor exit node’s country. These third parties receive your IP address as an inherent part of that lookup.
  • Custom blocklist imports (Pro) — if you enter a URL to import a hosts-file blocklist, the app downloads it directly from that URL. Only use sources you trust.
  • Decoy DNS traffic (Pro) — when enabled, the app periodically sends randomized DNS lookups for ordinary domains through your selected resolver, to obscure the timing of your real lookups. These are not linked to your real activity.

Purchases

Ghostwall Pro is sold through Google Play Billing. We receive your purchase/entitlement status (so the app knows to unlock Pro features) — we never receive your payment card, billing address, or other payment details, which Google Play handles directly under its own privacy policy.

Advertising ID

Ghostwall does not read or use your Android Advertising ID. Settings includes a shortcut to Android’s ad-personalization controls in case you want to reset or limit it for other apps, but Ghostwall itself doesn’t use it.

Children’s privacy

Ghostwall is not directed at children and we do not knowingly collect personal information from children. Since the app collects no personal information at all, there is no user data associated with any age group to remove — but if you believe a child has otherwise interacted with our services in a way requiring attention, contact us using the details below.

Changes to this policy

If we change what data the app stores or how it’s used, we’ll update this page and revise the “Last updated” date above. Material changes will also be reflected in the in-app “How To” / About screens with the app’s release notes