Legal
Privacy
Last updated: 14 July 2026
Introduction
GhostPush is a one-time secret sharing service operated by NextPoint IT Pty Ltd (ABN 44 692 718 988) ("NextPoint IT", "we", "us", or "our"). This page explains what the GhostPush product collects, what it is not able to collect, and how long any of it is kept.
It sits alongside the NextPoint IT Privacy Policy, which governs how we handle personal information as a company under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where this page and that policy overlap, that policy governs. It is linked at the bottom of this page.
The short version
We cannot read the secrets you send. This is not a policy commitment that we could quietly change later. It is a consequence of how the product is built. Your browser encrypts the secret before it is sent to us, and the decryption key is placed in the fragment of the link, the part after the "#". Browsers do not transmit that part of a URL to servers. We therefore never receive the key, and cannot decrypt what we store.
What we collect
When you send a secret, we hold the following until it is destroyed:
- The encrypted secret. An AES-256-GCM ciphertext blob. We cannot open it. It is deleted the moment the final view is spent, or when its timer expires, whichever happens first.
- View count and expiry time. How many reads remain on a link and when it dies. This is what makes the burn work. It reveals nothing about the contents.
- Whether a passphrase is required. The fact that one exists, so the recipient can be prompted. Never the passphrase itself.
If you create an account, we additionally hold your name, your email address, and a scrypt hash of your password. The hash cannot be reversed into your password.
On Business plans, we record an audit trail for each secret you send: when the link was opened, when the secret was retrieved, the public IP address it was accessed from, and the browser user agent that was reported. This is the most personal information GhostPush holds. It exists because the audit log is the feature. It belongs to the sender, is visible only to the sender, and is retained only for as long as that record exists in the sender's account.
What we never receive
The following never reach our servers. Not in readable form, not hashed, not briefly in memory:
- The secret itself, in readable form
- The decryption key, which lives in the link fragment and is never transmitted by the browser
- The passphrase, if you set one
- The note you wrote for the recipient
- The private name you gave the secret in your dashboard
- Your account password
The recipient note and the private name are encrypted in your browser before they are sent, the same way the secret is. We store them as ciphertext and display them back to you by decrypting them locally in your browser.
Data retention
Encrypted secrets are destroyed automatically when their view limit is reached or their expiry passes, whichever comes first. The maximum life of any secret is seven days. Destruction removes the ciphertext permanently, and it cannot be recovered by us or by anyone else.
Where an audit trail exists, the record of the secret survives its destruction so that the sender can still see what happened to it. That record contains no ciphertext and no key. Account information is retained for as long as the account exists.
Cookies
GhostPush sets a single session cookie when you sign in, so that the service knows who you are between requests. It is essential to the operation of the dashboard and cannot be disabled while remaining signed in. We do not use advertising cookies and we do not track you across other websites.
Where the data is held
GhostPush runs on Microsoft Azure infrastructure in Australia. Because the contents of every secret are encrypted with a key we never hold, the practical exposure of that data to any hosting provider, subprocessor, or jurisdiction is limited to ciphertext that cannot be read.
A consequence worth stating plainly
Because we do not hold your key, we cannot recover anything for you. If you lose the link, the secret is gone. If you forget your account password, the private names in your dashboard are gone with it. There is no recovery process that would not also involve handing us your key, and the moment we hold that, everything else on this page stops being true.
It also means that if we were compelled by a lawful request to produce the contents of a secret, we could not comply. There is nothing readable for us to hand over.
Your rights and complaints
Your rights of access, correction, and complaint under the Australian Privacy Principles are set out in full in the NextPoint IT Privacy Policy, along with the process for escalating a complaint to the Office of the Australian Information Commissioner. Those rights apply to the personal information described on this page.
The full company policy
This page describes the GhostPush product. For how NextPoint IT collects, holds, uses, and discloses personal information as a company, including overseas disclosure, data security, and your rights under Australian privacy law, read the full policy:
Contact us
If you have questions about this page, or about how GhostPush handles your information, contact us:
- NextPoint IT Pty Ltd
- Email: privacy@nextpointit.com.au
Or read how it works if you want the technical detail behind any of the claims above.