Privacy-First
We only collect what's needed to protect you
No Data Sales
We never sell or share your data with advertisers
Right to Delete
Delete your account and all data anytime
1. Introduction
At GhostVault ("we", "our", or "us"), operated by GhostVault LLC, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our data broker removal and breach monitoring service at ghostvault.live.
2. Information We Collect
Information You Provide
- Account Information: First name, last name, and email address
- Scan Information: Your name and location, used to search data broker databases for your exposed personal information
- Monitored Email Addresses: Up to 5 email addresses (Pro plan) that you choose to monitor for data breach appearances
- Payment Information: Billing details processed securely through Stripe. We do not store your full card number, CVC, or billing address on our servers.
Information Collected Automatically
- Usage Data: Login times, feature usage, and page views collected via Vercel Analytics
- Conversion Tracking: We use Meta Pixel (Facebook) to measure advertising effectiveness. This tracks page views, sign-ups, and checkout events. No personal scan data or removal information is shared with Meta.
- Device Information: Browser type, operating system
- Log Data: IP addresses, access times, pages viewed
3. CCPA Authorized Agent
Important: By subscribing to GhostVault Pro, you authorize GhostVault LLC to act as your authorized agent under the California Consumer Privacy Act (CCPA) and the California Delete Act (SB 362) to submit data deletion requests to data brokers on your behalf.
This means:
- We send legally compliant deletion demands via email to 500+ California-registered data brokers on your behalf
- Data brokers are required to comply within 45 days under California law
- We track the status of all requests (queued, sent, confirmed) and display progress on your dashboard
- We re-scan and re-send deletion demands quarterly to any broker that re-lists your data
- You can revoke this authorization at any time by canceling your subscription
4. How We Use Your Information
We use the information we collect to:
- Scan data broker databases for your exposed personal information and generate an exposure score
- Send CCPA deletion demands to data brokers as your authorized agent
- Monitor your email addresses for appearances in data breaches via Have I Been Pwned
- Check passwords against known compromised credential databases
- Process subscription payments and manage your billing through Stripe
- Send security alerts and removal status notifications
- Respond to support requests
- Measure advertising effectiveness and optimize our marketing (via Meta Pixel and Vercel Analytics)
5. Data Sharing
We do NOT:
- Sell your personal information to anyone
- Share your scan results, removal data, or breach information with advertisers
- Use your data for any purpose other than providing our service
We share information only with:
- Data brokers: Solely to submit deletion requests on your behalf as your authorized agent. Only the minimum information necessary (your name) is included in removal demands.
- Stripe: To process subscription payments securely
- Have I Been Pwned: To check your monitored email addresses against known breach databases (using k-anonymity — your full email is never sent)
- Vercel: For hosting and privacy-friendly analytics
- Meta: Conversion events only (sign-up, checkout). No personal data, scan results, or removal information is shared.
- Law enforcement: Only when required by law
6. Data Security
We implement robust security measures including:
- bcrypt password hashing for all account passwords
- TLS encryption for all data in transit
- Encrypted database at rest on Railway infrastructure
- Stripe payment processing (PCI-DSS Level 1 compliant)
- Rate limiting and access controls to prevent unauthorized access
- JWT-based authentication with secure token handling
7. Data Retention
We retain your personal information only for as long as necessary to provide the Service. Scan results, removal request history, and breach monitoring data are retained for the duration of your account.
When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
8. Your Rights
You have the right to:
- Access your personal data via your dashboard
- Correct inaccurate personal data through your account settings
- Delete your account and all associated data
- Export your data in a portable format
- Object to processing of your personal data
- Withdraw consent for authorized agent status at any time by canceling your subscription
9. Cookies and Tracking
We use essential cookies to maintain your session and authentication state. We also use:
- Vercel Analytics: Privacy-friendly, cookie-free analytics to understand usage patterns
- Meta Pixel: Conversion tracking for advertising measurement. You can opt out via your browser's ad preferences or by using an ad blocker.
We do not use third-party tracking cookies for behavioral advertising.
10. Children's Privacy
Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us and we will delete it.
11. International Transfers
Your information is stored and processed on servers in the United States via Railway and Vercel infrastructure. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the US where data protection laws may differ from those in your jurisdiction.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us at: