Privacy Policy

Last Updated: January 4, 2026

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address (for authentication and communication)
  • Password (encrypted and never stored in plain text)
  • Account creation date and last login timestamp

Report Data

When you submit a report, we collect:

  • Company name and domain
  • Job title (optional)
  • Application date and contact timeline
  • Report status (pending, approved, rejected)

Email Verification Data

When you forward emails to verify@getghostindex.com, we collect:

  • Email sender domain (to verify company)
  • Email subject and body (to extract application details)
  • Email timestamp (to track application timeline)
  • Email metadata (headers, routing information)

2. How We Use Your Information

We use collected information to:

  • Verify the authenticity of reports via email confirmation
  • Calculate Ghost Index Scores for companies
  • Detect and flag applications ghosted after 30+ days
  • Display anonymized, aggregated data to other users
  • Prevent spam, fraud, and abuse of the platform
  • Send service-related notifications (verification confirmations, score updates)
  • Improve the Service and develop new features

3. Data Sharing and Disclosure

Public Data

The following information is publicly visible:

  • Company names, domains, and Ghost Index Scores
  • Aggregated report counts (total reports, verified reports)
  • Anonymized report summaries (no personal identifiers)

Private Data

The following information is never shared publicly:

  • Your email address or account credentials
  • Individual report details linked to your identity
  • Raw email content forwarded for verification
  • Personal contact information

Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication (GDPR compliant)
  • Mailgun/Postmark: Email parsing and delivery
  • Vercel: Hosting and deployment
  • Clearbit: Company logo retrieval (no personal data shared)

4. Data Retention

We retain data as follows:

  • Account data: Until you delete your account
  • Reports: Indefinitely (for historical scoring accuracy)
  • Email verification data: 90 days after verification, then deleted
  • Aggregated scores: Indefinitely (anonymized, no personal data)

5. Your Rights (GDPR Compliance)

If you are in the EU/EEA, you have the right to:

  • Access: Request a copy of all data we have about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Delete your account and associated data
  • Portability: Export your data in machine-readable format
  • Objection: Opt out of certain data processing activities
  • Restriction: Limit how we process your data

To exercise these rights, contact: privacy@getghostindex.com

6. California Privacy Rights (CCPA)

California residents have the right to:

  • Know what personal information is collected and how it's used
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising privacy rights

Do Not Sell My Personal Information

7. Cookies and Tracking

We use cookies for:

  • Authentication: Keep you logged in (essential)
  • Preferences: Remember your settings (functional)
  • Analytics: Understand how users interact with the Service (optional)

You can disable non-essential cookies in your browser settings.

8. Data Security

We implement security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (database encryption)
  • Row-level security policies (Supabase RLS)
  • Webhook signature verification (prevent fake data)
  • Regular security audits and updates

However, no system is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

GhostIndex is not intended for users under 18. We do not knowingly collect data from children. If we discover a child's account, we will delete it immediately.

10. International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers (Standard Contractual Clauses, Privacy Shield, etc.).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or requests:

  • Email: privacy@getghostindex.com
  • Data Protection Officer: dpo@getghostindex.com
  • GDPR Requests: gdpr@getghostindex.com