Back to Ghostlytic

Privacy Policy

Last updated: February 5, 2026

1. Introduction

Ghostlytic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our competitive intelligence monitoring service.

This policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Name, email address, business name, business location, phone number
  • Payment Information: Credit card details, billing address (processed securely through third-party payment processors)
  • Profile Information: Business category, monitoring preferences, competitor selections
  • Communications: Messages you send us, support tickets, feedback

2.2 Information We Collect Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, interaction patterns
  • Device Information: Browser type, operating system, device identifiers, IP address
  • Location Data: Approximate geographic location based on IP address (not precise GPS)
  • Cookies and Tracking: Session data, preferences, authentication tokens (see Cookie Policy below)

2.3 Publicly Available Business Information We Collect

Ghostlytic aggregates publicly available information about businesses, including:

  • Business names, addresses, and contact information from public directories
  • Google Business Profile data (reviews, ratings, photos, posts)
  • Public social media activity (posts, engagement metrics)
  • Publicly listed promotions, services, and pricing
  • Online advertising presence and campaigns

Important: This data is publicly accessible and collected from sources that any individual could manually access. We do not access private accounts or non-public information.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Monitor competitors, generate reports, send alerts and insights
  • Account Management: Create and maintain your account, process payments, manage subscriptions
  • Communication: Send transactional emails, service updates, respond to inquiries
  • Product Improvement: Analyze usage patterns, develop new features, enhance user experience
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations, enforce our terms, protect our rights
  • Marketing: Send promotional emails (only with your consent, which you can withdraw at any time)

4. How We Share Your Information

We may share your information with:

4.1 Service Providers

  • Payment Processors: Stripe, PayPal, or other payment gateways to process transactions
  • Cloud Hosting: AWS, Google Cloud, or similar providers for data storage and infrastructure
  • Analytics: Google Analytics, Mixpanel, or similar tools for usage analytics
  • Email Services: SendGrid, Mailchimp, or similar for transactional and marketing emails
  • Customer Support: Intercom, Zendesk, or similar platforms for support ticketing

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor entity.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoenas, court orders)
  • Government investigations
  • Protecting the safety of our users or the public
  • Detecting or preventing fraud or security issues

4.4 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, marketing, or business purposes.

5. Data Retention

We retain your personal information for as long as:

  • Your account is active
  • Necessary to provide you with the Service
  • Required by law or to resolve disputes
  • Needed for legitimate business purposes (e.g., fraud prevention)

After account deletion, we will delete or anonymize your personal information within 90 days, except where retention is required by law.

6. Your Privacy Rights

6.1 Rights Under GDPR (for EU/EEA Users)

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request we limit processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or direct marketing
  • Withdraw Consent: Withdraw consent for data processing at any time

6.2 Rights Under CCPA (for California Residents)

  • Know: Request disclosure of categories and specific pieces of personal information we collect
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
  • Non-Discrimination: Exercise your rights without discrimination

6.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@ghostlytic.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Necessary for authentication, security, and core functionality
  • Analytics Cookies: Understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling essential cookies may impair Service functionality.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Employee training on data protection practices
  • Incident response procedures for data breaches

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Ghostlytic is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US or other countries.

For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data.

10. Children's Privacy

Ghostlytic is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will promptly delete it.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through a prominent notice on our Service.

Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or requests, contact us at:

Email: privacy@ghostlytic.com
Mail: Ghostlytic Privacy Officer
[Address to be determined]

EU Representative: [To be designated if required under GDPR]

14. Data Protection Officer

If you are in the EU/EEA and have concerns about how we handle your data, you may also contact your local data protection authority.

Terms & ConditionsPrivacy PolicyFAQ