Privacy Policy

Last updated: May 5, 2026

Disclaimer: PhasmoSync is an unofficial, fan-made companion app for Phasmophobia. It is not affiliated with, endorsed by, or sponsored by Kinetic Games. Phasmophobia is a trademark of Kinetic Games.

PhasmoSync ("we", "us", or "the app") is an unofficial, ad-free companion app for the game Phasmophobia. This policy explains what information the app handles, what it does not, and the choices you have. We aim to collect as little as possible — and we never sell data.

Summary in plain English: No ads. No trackers. No accounts. No email or password. We do not know who you are. We do not sell data. The only data sent off your device is what's required for features you actively use — multiplayer sessions, in-app purchases, feedback you submit yourself, and anonymized crash reports if the app crashes.

1. Information we do not collect

No name, email address, phone number, or other personal identifiers.
No user accounts — the app has no login system.
No advertising identifier, IDFA, or ad tracking.
No third-party analytics (Firebase Analytics, Mixpanel, Amplitude, etc.) — we collect anonymized crash reports only, described below.
No location data.
No access to contacts, photos, microphone, or camera.
No cross-app or cross-device tracking.

2. Information we do collect

2.1 Anonymous device identifier

When you first open the app, a random identifier is generated and stored locally on your device. It is not linked to your name, email, Google account, Apple ID, or advertising ID. It is used only to:

Identify your device within a multiplayer lobby so markers and room states stay in sync.
Reconnect you to your own room state if you drop and rejoin.

You can reset this identifier at any time by reinstalling the app.

2.2 Multiplayer session data

If you choose to host or join a multiplayer room, the following data is sent to our server during the session:

The anonymous device identifier described above.
Room state: markers, room clearance states, crossed-out hiding spots, and similar gameplay data.
A short, shareable room code.

Multiplayer session data is held in server memory while the room is active. It is not written to a persistent database and is deleted when the room ends or becomes empty.

2.3 Feedback submissions

If you submit feedback through the in-app feedback form, the text you type and the device identifier are forwarded to a private Discord channel used by the developer. No feedback data is stored in a database. Only submit feedback you are comfortable sharing.

2.4 In-app purchases

The optional Pro one-time in-app purchase is handled by the Apple App Store (iOS) or Google Play (Android), and by RevenueCat (a purchase-management service). When you make a purchase, the following is processed:

The purchase receipt issued by Apple or Google.
The anonymous device identifier, so the entitlement can be restored on reinstall.

We do not receive your payment information, billing address, Apple ID email, or Google account email. That data stays with Apple or Google. RevenueCat's privacy policy is available at https://www.revenuecat.com/privacy.

2.5 App integrity check

To reduce piracy of paid features, the app verifies it is a genuine, unmodified PhasmoSync binary running on a genuine device before connecting to the multiplayer server:

iOS: uses Apple's App Attest framework. On first connection per device, the app generates a hardware-backed cryptographic key inside the device's Secure Enclave; Apple signs an attestation that the key, the app binary, and the device are genuine. The attestation is sent to our server, verified against Apple's certificate authority, and the resulting public key is retained on our server for up to 90 days so subsequent connections can be verified without re-attesting. The key contains no personal information and is not linked to your Apple ID, name, or email.
Android: uses Google's Play Integrity API. The attestation token generated by Google is sent to our server, verified, and discarded. It is not retained.

2.6 Crash reports

If the app crashes, anonymized crash data is sent to Sentry (a diagnostics service). Crash reports include the app version, OS version, device model, and the technical stack trace at the time of the crash. They do not include personal information, your anonymous device identifier, multiplayer room contents, or anything you typed into the app. Sentry's privacy policy is available at https://sentry.io/privacy/.

3. Third parties and service providers

We use a small number of third parties to run the app. Each is used only for the purpose described:

Apple App Store — iOS app distribution, in-app purchases, App Attest framework.
Google Play — Android app distribution, in-app purchases, Play Integrity API.
RevenueCat — managing entitlements for the Pro one-time purchase.
Sentry — receiving anonymized crash reports.
Fly.io — hosting our multiplayer and feedback server.
Cloudflare — DNS and delivery of this website.
Discord — receiving feedback you choose to submit via the in-app feedback form.

We do not sell, rent, or trade data with any third party. The providers above process data solely on our behalf to operate the listed features.

4. Data retention

Multiplayer rooms: stored only in server memory, deleted when the room closes.
Feedback: forwarded to a private Discord channel and retained there per Discord's own retention policy. We do not store it separately.
Purchase entitlements: retained by Apple, Google, and RevenueCat per their policies, for as long as required to restore purchases.
Integrity data: attestation tokens are verified and immediately discarded. On iOS, the App Attest cryptographic public key is retained on our server for up to 90 days so subsequent connections can be verified without re-attesting; the key is not linked to any personal identifier.
Crash reports: retained by Sentry per their data retention policy.

5. Security

All network traffic between the app and our server uses HTTPS/TLS. The anonymous device identifier is stored locally on your device using the platform's standard secure storage. Because we do not maintain user accounts, there is no password or authentication secret to compromise.

6. Children's privacy

PhasmoSync is a companion for a game rated Mature and is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has submitted information to us, please contact us and we will delete it.

7. Your choices

You can use all single-player features without any data leaving your device.
You can decline multiplayer, feedback, and purchases at any time — nothing is collected from those features unless you use them.
You can reset the anonymous device identifier by reinstalling the app.
You can request deletion of any feedback you sent by emailing us with the text you submitted.

8. International users

Our server is hosted in the United States. By using multiplayer or submitting feedback, you acknowledge that the minimal data described above may be processed outside your country of residence.

9. Changes to this policy

If we materially change what data is collected or how it is used, we will update the "Last updated" date at the top of this page and, where appropriate, surface a notice inside the app. Continued use of the app after a change means you accept the updated policy.

10. Contact

Questions, concerns, deletion requests, or general feedback can be sent to privacy@phasmosync.com.