Privacy Policy

Last Updated: February 11, 2025

1. Introduction

Welcome to the Ghost Genius API Privacy Policy.

At Ghost Genius API, your privacy is fundamental to our relationship with you. This Privacy Policy outlines our practices for collecting, using, and protecting your personal information when you use our API service and dashboard interface.

We've designed this policy to be clear and straightforward about how we handle your data. It applies to all users of our service, whether you're using our free tier or a paid subscription. By using Ghost Genius API, you acknowledge that you've read and understood this policy.

As we operate an API service, we aim to maintain transparency about data flows, both the data you provide to us and the data you access through our service. We regularly review and update this policy to reflect any changes in our practices or legal requirements. When we make significant changes, we'll notify you through our dashboard or via email.

This policy covers both our technical infrastructure and business operations, including our partnerships with trusted service providers. We invite you to read each section carefully to fully understand how we protect your privacy and maintain the security of your information.

2. Regulatory Compliance

Ghost Genius API operates in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. As a data controller established in France, we process personal data according to the following legal principles:

Lawfulness and Transparency

Our data processing activities are based on legitimate business purposes or user consent. We maintain transparency about our data collection and processing practices.

Purpose Limitation

We collect and process data only for specific, explicit, and legitimate purposes outlined in this policy. We do not process data in ways incompatible with these purposes.

Data Minimization

We limit data collection to what is necessary for the operation of our service. We regularly review our data collection practices to ensure we only maintain essential information.

Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.

3. Data Collection

When you interact with Ghost Genius API, we collect and process information in several ways:

Account Information

We collect basic identification details when you create an account, including your email address and authentication preferences. For users who choose to authenticate through Google or GitHub, we receive only the necessary information to create and secure your account.

Technical Data

Our systems automatically collect technical information essential for service operation, including IP addresses, API request logs, usage patterns, and error reports. This technical data helps us maintain service reliability and protect against potential security threats.

Payment Information

For paid subscriptions, our payment partner Stripe handles all financial transactions. While we store basic billing details for account management, we never have direct access to your sensitive payment information such as credit card numbers.

Service Usage

We track your credit usage, API calls, and service interaction patterns. This includes monitoring successful and failed requests, credit consumption, and overall usage patterns to ensure fair service usage and prevent abuse.

Our collection practices are designed to gather only the information necessary to provide and improve our service. We avoid collecting unnecessary personal data and maintain strict controls over how collected data is processed and stored.

4. Use of Data

The data we collect serves specific, essential purposes in operating and improving Ghost Genius API. We use your information with intention and care, always mindful of privacy and security implications.

Our primary use of your data focuses on delivering and maintaining our API service. We analyze usage patterns to optimize performance, manage credit allocation, and ensure fair resource distribution across our user base. This analysis helps us identify and address potential issues before they impact service quality.

Service Communications

We send essential communications about our service, including credit usage alerts, technical updates, and security notifications. These communications are integral to your service experience and cannot be opted out of, as they contain critical information about your account and service status.

Service Providers

To provide our service effectively, we work with carefully selected third-party providers:

• Our infrastructure is hosted with Supabase in Germany (Frankfurt region), ensuring your data remains within EU jurisdiction
• Payment processing is handled entirely by Stripe, adhering to the highest security standards in financial transactions
• Authentication services may involve Google or GitHub when you choose these login methods

Analytics and Service Improvement

We analyze service usage data to improve our API's performance and reliability. This includes studying error patterns, monitoring system performance, and identifying opportunities for service enhancement. All analysis is conducted with respect for user privacy and security.

5. Data Security

The security of your data is fundamental to our operations at Ghost Genius API. We employ industry-standard security measures and follow best practices to protect your information from unauthorized access, disclosure, alteration, and destruction.

Infrastructure Security

Our service operates on Supabase's secure infrastructure, hosted in their Frankfurt (eu-central-1) facility. This ensures compliance with European data protection standards while providing enterprise-grade security. Our infrastructure includes automated security updates, continuous monitoring, and regular security assessments.

Access Control

We implement strict access controls within our organization. Only authorized personnel with specific job requirements can access user data, and all access is logged and monitored. We regularly review these access permissions and adjust them based on operational needs.

Data in Transit and at Rest

All data transmitted between your systems and our API is encrypted using industry-standard TLS protocols. Data stored in our databases is encrypted at rest, adding an additional layer of security to your stored information. API keys and sensitive credentials are handled with particular care, using secure hashing and encryption methods.

Security Monitoring

Our systems continuously monitor for unusual activity that might indicate security threats. We maintain detailed security logs and regularly review them for potential security issues. In the event of a security incident that affects your data, we commit to prompt notification and transparent communication about the situation and our response.

6. User Rights

Under data protection regulations, particularly the General Data Protection Regulation (GDPR), you possess specific rights regarding your personal data. We at Ghost Genius API are committed to honoring these rights and making their exercise as straightforward as possible.

Data Access and Control

You have direct access to much of your information through our dashboard interface. Here you can view your usage data, update your account information, and manage your subscription preferences. For information not directly accessible, you may submit a request to our support team.

Your key rights include the ability to:

• Access your personal data that we process
• Correct any inaccurate information we hold about you
• Request deletion of your data under certain circumstances
• Export your data in a machine-readable format
• Object to certain types of processing
• Withdraw consent where processing is based on consent

Request Handling

To exercise any of these rights, contact us through our support channels. We aim to respond to all legitimate requests within 30 days. In cases where we need additional time due to request complexity, we'll notify you promptly. While most requests can be handled without charge, we reserve the right to charge a reasonable fee for excessive or unfounded requests.

Right to be Forgotten

You may request the deletion of your account and associated data. However, we may need to retain certain information for legal or technical reasons, such as billing records for tax purposes or logs for security auditing. We'll clearly communicate what data we must retain and for how long.

7. Cookies and Tracking

Ghost Genius API uses essential cookies and similar technologies to ensure our service functions properly and securely. These technologies help us maintain your session, remember your preferences, and provide a seamless experience across our dashboard interface.

Strictly Necessary Cookies

We use certain cookies that are essential for our service to function. These handle critical tasks like maintaining your login session and ensuring secure authentication. These cookies cannot be disabled as they are necessary for basic service operation.

Analytics and Performance

We collect anonymous usage data to understand how users interact with our service. This helps us identify potential improvements and optimize performance. This data is processed in a way that does not personally identify individual users.

Dashboard Interface

Our dashboard interface uses local storage and session cookies to maintain your settings and ensure a consistent experience. These store basic preferences such as your chosen interface language and dashboard layout configurations.

Cookie Control

Modern browsers offer various controls for managing cookies. While you can adjust your browser settings to reject non-essential cookies, please note that blocking certain cookies may affect your ability to use all features of our service.

8. International Data Transfers

As a service based in France operating with infrastructure in Germany, we maintain strict controls over international data transfers. Our primary data storage and processing occurs within the European Union, specifically in Frankfurt through our infrastructure provider Supabase.

While we prioritize European data processing, certain aspects of our service involve trusted international partners. For example, our payment processor Stripe operates globally but maintains robust data protection standards that align with European requirements. These partnerships are governed by appropriate safeguards, including standard contractual clauses approved by the European Commission.

We carefully assess any potential international data flows to ensure they meet legal requirements and maintain appropriate levels of data protection. When we engage service providers outside the EU, we implement necessary legal, technical, and organizational measures to protect your data.

Our commitment to data protection extends across borders. Whether your data remains within the EU or is processed by our international partners, we maintain consistent security standards and privacy protections.

Contact Information

If you have any questions about these Terms, please contact us at contact@ghostgenius.fr or on our chatbot. Our support team is available to assist you with any clarifications you may need.