General Privacy Policy
Our privacy policies are divided into two sections to provide clear and detailed information about how we handle your data:
Last Updated: February 27, 2025.
This document (“Privacy Policy”) outlines the principles governing the collection, use, security, and protection of personal data and other information provided when you access, install, or use Ghosty VPN services and website. Ghosty VPN is committed to maintaining the highest standards of data security to ensure your privacy is safeguarded.
The entity responsible for managing your personal data, as described in this Privacy Policy, is Ghosty VPN S.L. (address: Calle de Manzanares, 4, 28005 Madrid, Spain; email: [email protected])
By visiting our websites, submitting your personal data to us, or using our services, you acknowledge that you have read and agreed to the terms of this Privacy Policy. If you do not agree, please refrain from using our services and websites.
INTERPRETATION AND DEFINITIONS
INTERPRETATION
Capitalized words have meanings defined under the following conditions. These definitions shall apply whether they appear in singular or plural form.
DEFINITIONS
For the purposes of this Privacy Policy:
- Account: A unique account created to access our services.
- Affiliate: Any entity that controls, is controlled by, or is under common control with another party. “Control” means ownership of at least 50% of the shares, equity interest, or voting rights.
- Company: Ghosty VPN S.L., also referred to as “we,” “us,” or “our.”
- Cookies: Small text files stored on your device to save browsing activity, preferences, or session identifiers.
- Country: Refers to Spain, where Ghosty VPN S.L. is headquartered.
- Device: Any electronic device capable of accessing our services, such as a computer, smartphone, or tablet.
- Personal Data: Any information related to an identified or identifiable person, including name, email address, and IP address.
- Service: Refers to Ghosty VPN software, including the website, application, and any associated services.
- Service Provider: Third-party companies or individuals that process data on our behalf to facilitate the service, improve its functionality, or analyze usage.
- Usage Data: Data automatically collected through the service, such as IP addresses, browser types, pages visited, time spent on each page, device identifiers, and diagnostic data.
- Website: The Ghosty VPN website accessible at www.ghosty.com.
- You: The individual using our service, or the legal entity on behalf of which such individual is using the service.
COLLECTION AND USE OF PERSONAL DATA
Ghosty VPN collects and processes personal data within a limited scope to provide services, facilitate payments, and optimize website and mobile application functionality. We collect the following personal information:
- Name and surname.
- Email Address: Required for account registration, password recovery, and general account access.
- Device Data: Includes model, operating system, and browser type.
- Connection IP Address and Session Information: Retained for 14 days for security and troubleshooting purposes.
- Payment Details: Billing and payment information. When purchasing the Pro subscription, payment data such as billing address and transaction details may be collected. Payment processing is managed securely by third-party providers like Stripe, which adheres to industry-leading PCI-DSS standards. Ghosty does not store complete payment details (e.g., credit card numbers).
- Subscription Data: Includes email address, selected plan, subscription ID, billing cycle, currency and payment status.
- Cookies and Tracking Technologies: Used for functionality, analytics, and targeted marketing.
We use Cookies and similar tracking technologies to track activity on our service and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze our service.
GOOGLE ANALYTICS
Ghosty VPN uses Google Analytics , a web analytics service provided by Google, Inc. (“Google”). Google Analytics helps us understand how visitors interact with our website by collecting information such as pages visited, time spent on the site, and navigation patterns. This data allows us to improve user experience and optimize our services.
Google Analytics collects and processes data using cookies and similar technologies. The information collected includes:
- IP addresses (anonymized where applicable)
- Device type and browser information
- Geographical location (city-level, based on anonymized IP addresses)
- User behavior (e.g., pages visited, time spent on the website, interactions with features)
Ghosty VPN does not share personally identifiable information with Google. The collected data is used in aggregated form and does not allow us to identify individual users.
Opt-Out Option
If you do not wish to be tracked by Google Analytics, you can disable cookies through your browser settings or install the Google Analytics Opt-Out Browser Add-on. For more information on how Google processes data, please visit Google’s Privacy Policy .
For any questions regarding our use of Google Analytics, please contact us at [email protected].
COOKIE USAGE
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our service.
Cookies can be “Persistent” or “Session” Cookies:
- Persistent Cookies remain on your personal computer or mobile device when you go offline.
- Session Cookies are deleted as soon as you close your web browser.
We use both session and persistent Cookies for the purposes set out below:
Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these cookies, the services that you have requested cannot be provided.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
You can manage your cookie preferences through your browser settings. Disabling cookies may affect functionality.
HOW WE USE PERSONAL DATA
Ghosty VPN S.L. may use personal data for the following purposes:
- Service Provision and Maintenance: Ensuring service functionality and security.
- Contractual Performance: Developing, complying with, and executing purchase agreements.
- Customer Support: Managing user inquiries and technical support. .
- Business Transfers: Sharing or transferring data in case of company restructuring, mergers, or acquisitions.
- With Affiliates and Business Partners: Sharing data under strict privacy obligations for marketing, promotions, or service enhancement.
PRODUCT-SPECIFIC PRIVACY DETAILS
Ghosty VPN offers various products tailored to different user needs. As a result, these products may collect and process specific types of personal data to ensure optimal performance. To learn more about data processing for each product, please refer to Ghosty VPN Privacy Notice (additional terms)
LEGAL BASIS FOR DATA PROCESSING
Ghosty VPN processes personal data based on:
- Contractual Obligations: To provide services and facilitate transactions.
- Legal Compliance: are deleted as soon as you close your web browser.
- User Consent: For marketing communications and participation in promotions.
- Legitimate Interest: To enhance service reliability, detect fraud, and optimize user experience.
SHARING OF PERSONAL DATA
Ghosty VPN does not sell or rent personal data. However, data may be shared with:
- Service Providers: Third-party providers for payments (Stripe) and analytics (Google Analytics).
- Legal Authorities: Under exceptional circumstances, we may be required to disclose your personal data to comply with legal obligations. However, due to our strict no-logs policy, Ghosty VPN S.L. does not store any VPN traffic logs, connection history, or user activity data, meaning we cannot provide information on websites visited, user identities, or VPN session details.
- Corporate Transactions: If Ghosty VPN S.L. is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. In such cases, we will notify you in advance, and any new privacy policy governing your data will be clearly communicated.
We may disclose limited operational data if legally required, but only under the following conditions:
- To comply with applicable legal obligations (such as responding to lawful governmental requests where we hold relevant information).
- To protect our rights or property from fraudulent activities, service abuse, or security threats.
- To investigate and prevent malicious behavior such as cyberattacks or unauthorized access.
- To cooperate with law enforcement when legally compelled, but only where such disclosure is legally enforceable and relevant to the data we collect.
If we receive a request for user data that we do not retain (e.g., browsing history or VPN session logs), we cannot provide such information.
DATA SECURITY MEASURES
Ghosty VPN S.L. implements industry-standard security measures to protect your personal data. However, no transmission or storage system can be guaranteed 100% secure. While we strive to ensure the highest level of security, we encourage users to take precautions, such as enabling two-factor authentication and using strong passwords.
Ghosty VPN takes strict precautions to ensure the security and confidentiality of your personal data. We employ a combination of physical, technical, and organizational safeguards to prevent unauthorized access, loss, or breaches of personal information.
- Physical Security: Our facilities are protected with access control measures, security badges, and surveillance systems to prevent unauthorized entry. Sensitive data is stored securely in controlled environments.
- Technical Protections: Advanced cybersecurity mechanisms, including firewalls, encryption, and intrusion prevention systems, help secure data. Regular updates and security audits ensure the ongoing protection of information.
- Organizational Measures: Data protection policies are strictly enforced, with routine employee training to uphold security standards. Access to personal data is restricted based on necessity to minimize risks.
Although we take rigorous security measures, no system can be entirely secure. Users should exercise caution when sharing personal information. If we detect a security threat affecting your data, we will notify you and provide guidance on necessary actions. For any concerns, please contact us at [email protected].
DATA RETENTION AND DELETION
- Billing Records: Stored for 10 years as per legal requirements.
- Account Deletion: Users can delete their account at any time through their account settings or by contacting support.
- Operational logs (IP addresses, user agents, session data in the web application): Retained for 14 days to ensure security and troubleshooting.
- System logs (CPU usage, network utilization): Stored for 30 days to maintain operational integrity.
- VPN servers: Do not store activity logs, browsing history, or session interactions. Only temporary connection data (such as active IPs) is stored in memory and deleted upon server restart.
USER PRIVACY RIGHTS
Depending on your jurisdiction, you may have rights to:
- Access – You can request a copy of the personal data we hold about you.
- Correction – You can ask us to correct inaccurate or incomplete information.
- Deletion – You can request the deletion of your personal data, subject to legal and operational requirements.
- Restriction – You can ask us to limit the processing of your data under certain circumstances.
- Objection – You can object to certain types of processing, such as direct marketing.
- Data Portability – You can request to receive your personal data in a commonly used, structured, and machine-readable format or ask us to transfer it to another provider, where technically feasible.
- Withdraw Consent – If processing is based on your consent, you can withdraw it at any time.
- Lodge a Complaint – If you believe your rights have been violated, you may contact us directly or file a complaint with a data protection authority.
Additionally, you may also delete your Account in our application.
You can control the use of cookies at the individual browser level on your device. To disable cookies, follow your browser’s instructions on how to block or clear cookies.
PROTECTION OF MINORS
Ghosty VPN does not knowingly collect data from individuals under 18 years old. If such data is identified, it will be promptly removed from our systems.
OTHER TERMS
Limitation of Liability
Ghosty VPN implements comprehensive security measures to protect personal data; however, users are responsible for ensuring safe usage of our services. Any misuse, unauthorized activities, or violations of third-party rights are the user’s sole responsibility. Ghosty VPN shall not be held liable for any illegal, negligent, or unauthorized activities beyond our reasonable control.
Third-Party Links
Our websites may contain links to external sites with different privacy policies. If you access third-party websites, your data will be governed by their privacy practices. We encourage you to review their policies before sharing personal information.
Governing Language
This Privacy Policy is currently available only in English. In the event of any future translations, the English version shall prevail in case of discrepancies or legal interpretations. For legal purposes, the English version of this Privacy Policy prevails over any translations. In case of discrepancies, the English text will govern.
Policy Updates
Ghosty VPN continuously enhances its services, which may require periodic updates to this Privacy Policy. Any significant modifications affecting data processing will be communicated through our website or other means. Users are encouraged to review the policy regularly, as continued use of our services constitutes acceptance of any updates.
CONTACT
If you have any questions about our privacy policy, please feel free to contact us by email: [email protected]