GhostRate
← Home

Privacy Policy

Last updated: March 8, 2026

1. Introduction

GhostRate, Inc. ("GhostRate", "we", "us", "our") operates the GhostRate platform at ghostrate.com. This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information.

2. Information We Collect

  • Account data: name, email, company name, password (bcrypt hashed), billing address
  • Usage data: feature usage, board configuration, timestamps (date-only for anonymized flows)
  • Payment data: processed by Razorpay; we store only subscription status and invoice records — no card numbers

3. How We Use Your Information

  • Delivering and improving the service
  • Sending transactional emails (verification, invoices, board notifications)
  • Billing and subscription management
  • Responding to support requests

4. Anonymous Feedback Data

GhostRate's core feature is anonymous feedback collection. By design, we cannot link feedback responses to individual respondents. Here's what this means for data:

  • Invite email lists are deleted immediately after invites are sent
  • Only the date (not time) of submission is stored
  • One-time invite tokens are destroyed before the response is saved
  • Open-board session tokens are destroyed before the response is saved
  • This means anonymous responses are not "personal data" under GDPR — there is no technical path to re-identification

5. Data Sharing

We do not sell your data. We share data only with:

  • Razorpay — payment processing (subject to Razorpay's privacy policy)
  • Amazon Web Services (SES) — transactional email delivery
  • Legal authorities — when required by law

6. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account closure
  • Anonymous responses: stored indefinitely (cannot be linked to individuals)
  • Invoice records: retained for 7 years for tax compliance

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure ("right to be forgotten")
  • Data portability
  • Object to processing
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact [email protected].

8. Cookies

We use cookies for:

  • Session management: keeping you logged in
  • Analytics: understanding feature usage (anonymous aggregate data)
  • Preferences: remembering your cookie consent choice

See our Cookie Policy for full details.

9. Security

We use AES-256 encryption at rest, TLS 1.3 in transit, and bcrypt for password hashing. Access to production systems is restricted to authorized personnel only.

10. Contact

For privacy-related questions: [email protected]