Ghostly ("us," "we," or "our") operates the website https://ghostly.ai (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have regarding that data. We are committed to protecting your privacy and ensuring that your personal information is handled securely and in compliance with applicable laws, including the General Data Protection Regulation (GDPR). By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Introduction
Company information:
Name: Clubhub d.o.o. (operating as Ghostly) - from Zagreb, Croatia
Contact Email: hello@ghostly.ai
Purpose of the Policy:
Ghostly is committed to protecting the privacy of users.
This policy outlines how personal data is collected, used, and protected.
2. Information we collect
2.1. Data we collect
Account information
Name
Email address
Password (hashed)
Subscription type
Company or team info (if applicable)
Payment information
Billing address
Payment card details (processed through secure third-party payment processor - Stripe)
Usage data
IP address
Browser type and version
Interactions with the platform
Pages visited
Time and date of access
Time spent on pages
Unique device identifiers
Time spent, clicks, settings
AI prompts and responses
Crash logs and diagnostics
Device & technical data
Browser and OS
IP address (for security and analytics)
Device identifiers
2.2. Cookies and similar technologies
We use cookies on our website to enhance user experience and analyze website traffic.
Types of cookies used:
Essential cookies
Analytical/performance cookies
Functionality cookies
Targeting/advertising cookies
Users will be prompted to provide consent for non-essential cookies in compliance with EU regulations.
3. How we use collected information
3.1. Providing and improving services
To operate and maintain the Services.
To process transactions and billing.
To improve, personalize, and expand the Services.
3.2. Communication
To contact users with updates, newsletters, marketing materials, and other information.
To respond to inquiries, support requests, and feedback.
We obtain explicit consent before sending marketing communications to users in the European Economic Area (EEA).
3.3. Analytics
To monitor usage and analyze trends to improve user experience.
Use of third-party analytics tools (e.g., Google Analytics).
3.4. Legal obligations
To comply with legal requirements and protect legal rights.
To prevent fraud and enhance security.
4. Legal basis for processing personal data
Consent: When users have given consent for processing (e.g., subscribing to newsletters).
Contractual necessity: Processing necessary for the performance of a contract (e.g., providing Services).
Legitimate interests: Processing for legitimate business interests that do not override user rights.
Legal obligations: Compliance with legal and regulatory obligations.
For users in the EEA, we ensure that personal data is processed in accordance with GDPR requirements.
5. Data sharing and disclosure
5.1. Third-party service providers
Categories of service providers:
Payment processors - Stripe
Cloud hosting services
Analytics providers
Marketing and communication tools
AI Service Providers (e.g., OpenAI)
Third parties are obligated to protect user data and use it only for specified purposes.
Use of OpenAI as a third-party processor:
We utilize OpenAI's services to enhance our AI-powered features.
OpenAI may process user data to provide these services.
Data shared with OpenAI is subject to their privacy policy and data processing agreements.
OpenAI is committed to complying with applicable data protection laws.
Data processing agreements:
We have agreements in place to ensure compliance with data protection laws, including with OpenAI and Stripe.
5.2. Business transfers
In the event of a merger, acquisition, or asset sale, personal data may be transferred.
Users will be notified of any change in ownership or use of personal data.
5.3. Legal requirements
Disclosure of personal data if required by law or in response to valid requests by public authorities.
5.4. Protection of rights
To enforce Terms of Service.
To protect the rights, privacy, safety, or property of the Company, users, or others.
All third parties are GDPR-compliant and bound by strict data processing agreements.
6. International data transfers
Data may be transferred to and processed in countries outside of the user's country of residence, including countries outside the EEA.
Data transfer mechanisms:
Use of Standard Contractual Clauses or other legally recognized mechanisms.
Assurance of adequate levels of data protection in accordance with applicable laws.
Third countries:
When transferring data to countries without an adequacy decision, appropriate safeguards are in place.
European data protection compliance:
We are committed to complying with the GDPR and other applicable data protection laws in Europe.
7. Data security
We take data security seriously. Measures include:
Protection measures
Implementation of access controls and authentication measures.
Regular security assessments and updates.
Encryption of sensitive data at rest.
No absolute security guarantee
Acknowledge that while efforts are made to protect data, no method is 100% secure.
8. Data retention
Retention periods
Personal data is retained only as long as necessary to fulfill the purposes outlined.
Criteria for determining retention periods include legal obligations and business needs.
Deletion policies
Procedures for securely deleting or anonymizing data that is no longer needed.
9. User rights
9.1. Access and correction
Right to request access to personal data.
Right to correct or update inaccurate or incomplete data.
9.2. Deletion requests
Right to request deletion of personal data (Right to be forgotten).
Conditions under which deletion requests will be honored.
9.3. Data portability
Right to receive personal data in a structured, commonly used, and machine-readable format.
9.4. Objection and restriction
Right to object to or restrict processing of personal data under certain circumstances.
9.5. Withdraw consent
Right to withdraw consent at any time where processing is based on consent.
Effect of Withdrawal:
Does not affect the lawfulness of processing before withdrawal.
9.6. Opt-out options
Instructions on how to opt out of marketing communications (e.g., unsubscribe link in emails).
Cookie consent:
Users in the EU will be prompted to provide consent for non-essential cookies in compliance with the ePrivacy Directive and GDPR.
Cookie management:
Users can manage cookie preferences through their browser settings or our website's cookie management tool.
9.7. Lodging complaints
Information on how to lodge a complaint with a data protection authority.
10. Children's privacy
Age restrictions:
Services are not intended for individuals under 18 years of age.
Parental consent:
If data is inadvertently collected from individuals under 18, we will delete it upon discovery.
Contact us at hello@ghostly.ai if you believe we have collected such data.
11. Changes to this Privacy Policy
Notification of changes:
We reserve the right to update this Privacy Policy at any time.
Changes will be reflected on this page with an updated "Effective Date."
Significant changes will be notified via a notice on our website and, where appropriate, through email.
Review and updates:
Users are encouraged to review the policy periodically.
Effective date:
This policy is effective as of 03.10.2024.
12. Contact information
For privacy concerns:
Email: hello@ghostly.ai
Address: Clubhub d.o.o., Zagreb, Croatia