End-to-end encrypted · Zero-knowledge · No identity

No identity.
No trace.
No compromise.

GhostLink is a private communication platform built for people who mean it. End-to-end encrypted messages, calls, and files — with nothing stored, nothing logged, and no one in between.

> Get started How it works

25€ / month · Bitcoin Lightning or Monero · No email · No real name · No credit card

End-to-end encrypted

Zero server storage

Bitcoin & Monero payments

No identity required

Forward secrecy

// How it works

Built differently. On purpose.

Your keys, your device

When you register, cryptographic keys are generated on your device and never leave it. GhostLink servers store only your public key — mathematically useless without the private half that only you hold.

Nothing to steal

Messages are not stored on our servers. Files are not uploaded to our servers. Call recordings do not exist. If someone demands your data, we have nothing to give.

Every message, a new key

GhostLink uses the Double Ratchet algorithm — the same cryptography that powers Signal. Every single message is encrypted with a unique key. Compromising one message reveals nothing about any other.

// Features

Everything you need. Nothing you don't.

Encrypted messaging

Real-time and async — messages reach you whether you're online or not. Disappear automatically after 7 days by default.

Secure file transfer

Send photos, PDFs, or any file up to 500MB. Files are encrypted on your device before transfer and EXIF metadata is stripped from every image.

Encrypted calls

Voice and video calls with an additional encryption layer on top of WebRTC. Both parties see a 4-word verification phrase to confirm no one is listening.

Decoy mode & Panic PIN

Three PINs you set yourself. Normal opens your real account. Decoy opens an empty account that looks real. Panic silently wipes every key, message, and trace from the device. Coerced login looks identical to a normal one — no one can tell which PIN you used.

Dead Man's Switch

If you don't log in for a set number of days, your account is automatically and permanently deleted — along with everything on our servers associated with it.

Anonymous payments

Pay with Bitcoin Lightning or Monero. No name. No card. No address. Your subscription is tied to a cryptographic token, not your identity.

// Privacy by design

What we cannot do.

GhostLink is designed so that we are technically incapable of doing the following:

Reading your messages
Identifying who you communicate with
Providing your data to third parties
Recovering your account if you lose access
Knowing your real name, email, or location
Recording your calls

This is not a policy. It is an architectural fact.

// PIN security

Three PINs. One device. Total deniability.

You choose three different PINs during setup. They all look identical when typed. Only you know which one does what — and that decision stays with you, even under pressure.

PIN 1● ● ● ●

Normal

Opens your real account with full access to messages, contacts, calls, and files. The PIN you use every day.

PIN 2● ● ● ●

Decoy

Opens a believable empty account — same interface, no real data. Use it when forced to unlock the app. The observer sees a working GhostLink with nothing inside.

PIN 3● ● ● ●

Panic

Silently and permanently destroys every key, message, contact, and trace on the device. The screen behaves like a normal unlock. By the time anyone notices, there is nothing left to recover.

// Extra protection

After 5 wrong PIN attempts the device locks itself and wipes local keys.
PINs are never sent to our servers. They unlock keys stored only on your device.
Auto-lock after inactivity. Biometrics are optional and disabled by default.
No password reset link. No recovery email. There is no back door — not even for you.

// Registration

No forms. No email. No waiting.

Choose a nickname

Pick any name. No real identity required. Your nickname and an 8-digit Ghost ID are the only identifiers that exist.

Set your passwords

Create a strong password and three PINs — Normal, Decoy, and Panic. All stored only on your device.

Pay anonymously

Send Bitcoin Lightning or Monero. Your account activates automatically within seconds of confirmation.

You're in

Find contacts by their exact nickname or Ghost ID. Start communicating. Nothing is logged from this moment on.

// Payments

Anonymous. Automatic. No middleman.

We do not accept credit cards, PayPal, or bank transfers — those leave a paper trail. We accept only payment methods that work without knowing who you are.

Activates in ~5 seconds

Bitcoin Lightning

Scan the invoice with any Lightning wallet (Phoenix, Wallet of Satoshi, Muun, BlueWallet). Your account activates the moment the payment confirms — usually within seconds. Best for fast, low-fee anonymous payments.

Activates in ~20 minutes

Monero (XMR)

Send to the one-time address shown at checkout. Monero is private by default — amounts, sender, and recipient are hidden on-chain. Activation happens automatically after 10 network confirmations (typically ~20 minutes).

No invoice. No name.

We never ask for billing details. Your subscription is bound to a cryptographic token your device holds — not to your identity.

Renew or walk away.

Subscription does not auto-renew. When it expires, pay again or let the account go dark. No emails. No reminders. No collection.

Fully automated.

Payments are processed by an on-chain watcher. No human ever sees them. Confirmation triggers account activation in real time.

// Pricing

One plan. No tiers. No tracking.

GHOSTLINK

25€

/ month

Unlimited encrypted messages
Voice and video calls
File transfers up to 500MB
Decoy mode + Panic wipe
Dead Man's Switch
Anonymous Bitcoin & Monero payment
No identity required
No ads. Ever.

> Get started

Lightning activates in seconds. Monero in ~20 minutes.

Account auto-deletes after 60 days of inactivity.

No refunds — if you lose access, your account is gone.

This is the point.

// Install

No app store. No approval. No censorship.

GhostLink is a Progressive Web App. Install it directly from your browser — on iPhone, Android, or desktop — without going through Apple or Google.

No app store means no one can remove it, restrict it, or demand we add backdoors.

iPhone / Safari

Tap Share ⬆ → Add to Home Screen → Add

Android / Chrome

Tap the install prompt → Install

// FAQ

Questions worth answering.

Honest answers to what people actually ask before trusting a communication tool with their life.

// Getting started & messaging

How do I start using GhostLink as a messenger?+

Register with a nickname (no email, no phone), set a password and three PINs, pay anonymously with Bitcoin Lightning or Monero, and you are in. To message someone, search their exact nickname or 8-digit Ghost ID, send a contact request, and once they accept you can chat, call, and send files. All encryption happens automatically — there is nothing to configure.

How does GhostLink actually work under the hood?+

When you register, your device generates a cryptographic key pair. The private key never leaves your device — it is stored inside the operating system's secure storage and unlocked only by your PIN. Our servers store only your public key. When you send a message, your device encrypts it directly for the recipient using the Double Ratchet algorithm (the same protocol Signal uses). Every single message uses a unique key, so even if one message were ever broken, no other message would be exposed. We relay the encrypted bytes and forget them once delivered.

Where are my messages stored?+

Locally on your device, inside an encrypted database. Messages waiting for delivery sit on our relay only long enough to reach you — typically seconds — and are deleted on download. Messages also auto-disappear after 7 days by default, and you can shorten that per conversation. We never store plaintext, ever.

Can I use GhostLink on multiple devices?+

GhostLink is single-device by design. Multi-device sync would require key material to leave your device, which would weaken the security model. If you need to switch devices, you log out (which wipes local data) and re-register on the new one. This is intentional — fewer copies of your keys means fewer ways to be compromised.

// Payments & why no credit cards

Why can I not pay with a credit card or PayPal?+

Because the moment you do, you stop being anonymous. Card networks, banks, and PayPal record your name, address, IP, and purchase. That record is shared with payment processors, stored for years, and can be subpoenaed, leaked, or sold. A privacy product that knows your real identity is a contradiction. We only accept payment methods that work without identifying you.

How does Bitcoin Lightning payment work?+

At checkout you see a Lightning invoice (QR code). Open any Lightning wallet — Phoenix, Wallet of Satoshi, Muun, BlueWallet — scan it, and confirm. Your account activates within seconds of the payment settling. Fees are typically a fraction of a cent. We never see your wallet address or identity.

How does Monero payment work and why does it take longer?+

Monero gives you a one-time receiving address. You send the exact amount from any Monero wallet. The network needs roughly 10 confirmations before we consider the payment final — about 20 minutes on average. Monero hides amounts, sender, and recipient on-chain by default, so even the blockchain itself does not reveal who paid.

What if my payment is delayed or fails?+

Payments are watched automatically by an on-chain monitor. If your transaction is delayed (network congestion, low fee), activation simply waits for confirmations to arrive. If it never arrives, no account is created and no money is held — Lightning invoices expire, Monero addresses go unused. Pay again when you are ready.

// Security & why it matters

Why is this level of security actually necessary?+

Mainstream messengers protect message content, but still know who you are, who you talk to, when, how often, and from where. That metadata alone can map your entire social and professional life. For journalists, activists, lawyers, doctors, abuse survivors, business negotiators, or anyone living under a hostile regime — that map is dangerous. GhostLink is built for people who cannot afford to be wrong about who is watching.

What makes GhostLink different from Signal, Telegram, or WhatsApp?+

Signal is excellent at content encryption but still requires a phone number, which ties your identity to your account and to your contact graph. Telegram is not end-to-end encrypted by default and stores most data in the cloud. WhatsApp is owned by Meta and shares extensive metadata. GhostLink has no phone number, no email, no real name, no contact-list upload, no cloud backup, no telemetry, and no servers that hold readable data. The trade-off: if you lose access, there is no recovery. That is the price of true anonymity.

Why is ghostlink.pro the right choice for me?+

Because we made architectural decisions that competitors cannot easily reverse. We do not ask for an email — so we cannot leak one. We do not store messages — so we cannot hand them over. We do not accept cards — so we cannot link payments to identity. We do not offer account recovery — so no support agent can be socially engineered. If your threat model includes anyone with subpoena power, court orders, or coercion, GhostLink is one of the few products where the honest answer to 'can you give us their data?' is 'we cannot, even if we wanted to.'

Can the GhostLink team read my messages if forced to?+

No. We do not hold the keys. Decryption happens inside your device, using a private key we have never seen and cannot derive. A court order asking us to hand over your messages would receive encrypted blobs that nobody — including us — can open.

// Lost password & no recovery

What happens if I forget my password?+

You lose the account. Permanently. There is no 'reset password' link, no email recovery, no support ticket that can get you back in, and no secret backdoor. Your password is the only thing that turns the math into your keys — without it, your messages and contacts are unreadable ciphertext, even to us. If you forget it, treat the account as gone and register a new one.

Why is there no password recovery? Every other app has one.+

Because every recovery mechanism is also an attack mechanism. If we could email you a reset link, an attacker who compromises your email could too. If we stored a recovery key on our servers, a subpoena or breach would expose it. If a support agent could re-issue access, they could be bribed, coerced, or socially engineered. The only way to guarantee that nobody — not us, not a court, not an attacker — can take over your account is to make sure nobody, including us, can recover it.

Is there really no seed phrase, recovery code, or backup file?+

Correct. No 12-word seed, no recovery sheet, no encrypted backup you could lose. Your password plus your nickname is everything. That is also why you can sign in on a new device just by entering your nickname and password — the same inputs re-derive the same keys. Anyone who knows both can sign in as you, so guard them like the keys they literally are.

How should I actually remember my password then?+

Pick a long passphrase (4+ random words) that means something only to you, and write it down on paper stored somewhere physically safe — a home safe, a sealed envelope with a trusted lawyer, a hidden note. Do not store it in cloud notes, password managers synced to a Google or Apple account, screenshots, or email drafts. The threat model that justifies GhostLink also rules out trusting any cloud with the one secret that unlocks it.

What happens to my account on the server if I forget my password?+

Nothing — for a while. The encrypted blobs sit there, unreadable to anyone. Eventually the Dead Man's Switch notices the account has been inactive past your configured threshold and auto-deletes the server-side record. Your contacts will simply see that you are no longer reachable. Nobody, including us, ever gains the ability to read the data in the meantime.

// The three PINs & forced unlock

What exactly happens with the Normal PIN?+

You enter it, the app unlocks your real account, you see all your messages, contacts, calls, and files. This is your everyday PIN. Use it when you are alone and unobserved.

What happens with the Decoy PIN?+

You enter it under the same login screen, and the app opens a fully functional but empty GhostLink account. The interface looks identical to your real one — same theme, same layout, same menus — but with no messages, no contacts, and no history. To an observer looking over your shoulder, it appears you just unlocked a clean account that you rarely use. Your real account remains hidden and untouched.

What happens with the Panic PIN?+

You enter it and the app appears to behave normally for a fraction of a second, then silently and irreversibly destroys every local key, message, contact, attachment, and trace on the device. After the wipe, the screen shows a benign 'account not found' or empty state — the same thing a fresh install would show. No alarm, no confirmation dialog, no progress bar. By the time anyone realizes what happened, there is nothing left to recover, even with forensic tools.

What should I do if someone forces me to unlock GhostLink?+

Stay calm and enter the PIN you decided in advance for that situation. If you only need to satisfy a casual observer (border check, suspicious partner, employer), use the Decoy PIN — they see an empty account and move on. If the situation is genuinely dangerous and you believe your data must not survive, use the Panic PIN — the wipe is silent and complete, and the screen afterwards looks like a clean device. Both PINs unlock with the exact same animation as the Normal PIN. The person watching cannot tell which one you used.

Can the attacker tell I used the Decoy or Panic PIN?+

No. The unlock animation, the timing, the sounds, and the post-unlock screen are identical for all three PINs. The Decoy account looks like a real (just unused) account. The Panic-wiped device looks like a fresh install. There is no log, no flag, no indicator that another PIN exists. Plausible deniability is the entire point.

What if I forget my PIN or enter it wrong?+

After 5 consecutive wrong attempts the device locks itself and the local keys are wiped — the account on the server becomes inaccessible and will eventually auto-delete via the Dead Man's Switch. We cannot reset a PIN. We do not have one to reset. Pick PINs you will remember; write them down somewhere only you can reach if you must.

Still have a question? We do not run a support email — by design. Read the docs inside the app after you register, or re-read how it works.

No identity.No trace.No compromise.