This Privacy Policy applies to Ghostyk, our iOS and Android mobile application (our “App”). In the below policy, we inform you about the scope of the processing of your Personal Data.
GENERAL INFORMATION
a) What is Personal Data?
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number, as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data.
b) What is Special Category Data?
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data. As well as data concerning health, a person’s sex life, and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
c) What is processing?
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
d) What law applies?
In principle, we will only use your Personal Data in accordance with the applicable data protection laws, in particular the Delaware Personal Data Privacy Act (“DPDPA”) and the EU's General Data Protection Regulation (“GDPR”).
e) Who is the data controller?
The Data Controller is Ghostyk LLC, 8 The Green #21576, Dover, Delaware, 19901, USA (“Ghostyk”, “we”, “us”, “our”). Please direct any questions you may have to info@ghostyk.com with “Data Protection” in the subject line.
f) What are the legal bases of processing?
We only process your Personal Data if we at least one of the following applies:
● you have given your consent,
● the data is necessary for the fulfillment of a contract/pre-contractual measures,
● the data is necessary for the fulfillment of a legal obligation or
● the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
PROCESSING OF AUTOMATICALLY COLLECTED DATA
a) Downloading our App
The App can be downloaded from the “Google Playstore'' a service offered by Google, or the Apple App service “App Store” a service of Apple. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
b) Installing our App
As far as we are aware, Google collects and processes the following data: license check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App Store and App Store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, and location information. It cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple, as the operator of the Apple App Store.
c) Device information
Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength, and information about device sensors such as accelerometer, gyroscope, and compass.
d) Authorizations and Access
We may request permission to store your App data, including your internet connection and network, and push notifications, camera, microphone and media storage. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures, and your consent. You can deny access on your device via the Settings/Notifications options of your device; however, this means that our App may not function as intended.
e) Push messages
When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via a) the device settings of your device or b) by enabling or disabling specific types of notifications within the App. The service used is Firebase Cloud Messaging for push notifications from Google. It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.
f) OneSignal
We use the service of OneSignal for In-App Messaging. OneSignal receives information about our App and its usage, the temporary unique device identifier, the current location linked to the temporary unique device identifier, your IP address, the type of your device, the type and version of your operating system, your mobile carrier, your language settings, time zone, and network settings. The legal basis is the fulfillment of the contract for the use of our App.
In the course of our business and App operations, we process data in our Delaware-based headquarters. All data collected is generally transferred to our Infomaniak server, a MySQL database. In addition, App-specific data is typically stored on our Cloudflare server, and media files are stored using the services of Backblaze. Video data will be automatically deleted after 30 days. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements including non-disclosure agreements, data processing agreements, and standard contractual clauses regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer. The legal basis for the data processing is our legitimate interest in providing our App.
DATA PROCESSING BY US
a) Contacting Us
We offer you the opportunity to contact us using various methods. We collect the data you submit, such as your name, email address, telephone number, and your message, in order to process your inquiry and respond to you. The legal basis is both your consent and contract.
a) Providing our services
The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data (for example, your name, address, and e-mail address) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfill our contractual obligations to you or to carry out pre-contractual measures.
b) Registration
If you register, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form, including your full name, username, email address, and optionally your zip or post code, your city, age, profile picture, and country. The entry of your data is encrypted so that third parties cannot read your data when it is entered. Your data will remain stored for as long as the registration lasts, in particular if the storage is necessary for the fulfillment/execution of the contract, to enforce our rights, or for our other legitimate interests, or we are required by law to retain your data (e.g., within the framework of tax retention periods).
c) Profile
As a registered user, you have the opportunity to create a user profile with just a few clicks and details, and the relevant profile data you provide will be posted on your profile. Of course, you can change the information at any time via the settings in your profile. You have choices about the information on your profile. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add Personal Data to your profile that you would not want to be available. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of our platform.
d) Using our platform
If you wish to use our platform and its features, we process the Personal Data you voluntarily provide for the purpose of providing our platform. Depending on how you use our services, you may provide content and upload data and content such as text, images and video etc. While we need certain data to allow you to participate in our services, your data is never shared without a lawful reason; however, content uploaded by you will be made available and may be viewed and otherwise accessed by others. In turn we may process:
● Content
Content Data includes photos, videos, text messages, or other digital content you create, broadcast, perform, or upload on our platform and information about the content you create, broadcast, perform, or upload, including metadata that is provided with that content. Please remember that Content Data that you transmit may reveal Personal Data about yourself as well, including identifying information about yourself depicted in any photos or videos. Video data will be automatically deleted after 30 days.
● Personal Data
Personal Data you provide may be considered “special” or “sensitive”. Special category data is Personal Data that is more sensitive because there could be significant risks posed to an individual's rights and freedoms. This includes Personal Data concerning, for example, your racial or ethnic origins, sexual orientation, sexual preferences, and gender. In contrast, sensitive data is Personal Data that could cause harm or discrimination if it were disclosed without authorization. By choosing to provide this data, you consent to our processing of that data. You have choices about the data you provide and how you share it. You don’t have to provide this data. It’s your choice whether to include this data and to make that information available to us. Please do not share information that you would not want to be available. The legal basis for the processing is the establishment and implementation of the user contract for the use of the service as well as your consent.
● Images and facial-related information
In providing our platform and publishing your content, including video, images, chats, we may process images and facial-related information from our Users. Images and facial-related information are used and processed solely for the purpose explicitly consented to, and we do not collect, use, or store any images and facial-related information for the purpose of recognising faces or outside the described purposes. The legal basis is your consent.
● Chats and communications
Of course, we also process your chats and communications with other users as well as the content you may provide to others through our platform as you interact with them.
Some of the Personal Data you provide may be considered “special” or “sensitive”. This includes Personal Data concerning for example your racial or ethnic origins, sexual orientation, sexual preferences and gender. By choosing to provide this data, you consent to our processing of that data. You have choices about the data you provide and how you share it. You don’t have to provide Personal Data or Special Category Data. It’s your choice whether to include Personal Data or Special Category Data and to make that information available to us. Please do not share information that you would not want to be available. The legal basis for the processing of your Personal Data and Special Category Data is the establishment and implementation of the user contract for the use of the service as well as your consent.
In providing our platform and publishing your content including video, images, chats we may process images and facial-related information from our Users. Images and facial-related information are used and processed solely for the purpose explicitly consented to and we do not collect, use, or store any images and facial-related information for the purpose of recognizing faces outside of this purpose. The legal basis is your consent.
Of course, we also process your chats and communications with other users as well as the content you publish, as necessary for the operation of our platform.
In addition to the information you may provide us directly, we receive information about you from others. Users may provide information about you as they use our platform, for instance, as they interact with you. The legal basis is the fulfillment of the user contract for the use of the platform as well as your consent.
We also share some users’ information with service providers and partners who assist us in operating our platform. You share information with other users when you voluntarily disclose information on the service (including your profile). Please be careful with your information and make sure that the content you share is stuff that you’re comfortable being visible. The legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as your consent.
In addition to the information you provide to us directly, we receive information about you from others, including other users who provide us with information about you when they use our platform. For example, we may receive information about you from other users when you contact them about us.
We also collect information about your activities on our platform, such as how you use them (e.g., the date and time you logged in, features you used, searches you performed, clicks and pages you were shown, content you clicked on) and how you interact with other users (e.g., users you connect and interact with, the time and date of your exchanges). The legal basis is the fulfillment of the user contract for the use of the platform as well as your consent.
Finally, if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.
e) Aggregated Data
We also collect, use, and share aggregated data, such as statistical or demographic data, for any purpose, including improving our platform and services. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law, as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.
f) Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our business and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
g) Payment Data
If you make a purchase, your payment data will be processed via our payment service providers, Stripe or ApplePay. Payment data will solely be processed through the by you selected payment service provider, and we have no access to any payment data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.
h) Promotional use of your data
We use your data within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive sales, promotions, or special events. The legal basis for processing is our legitimate interest.
CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
GENERAL PRINCIPLES
● We do not request Personal Data from minors and children;
● We do not process special category data without obtaining prior specific consent;
● We do not use Automated decision-making including profiling; and
● We do not sell your Personal Data.
a) Sharing
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Ghostyk (or a part of Ghostyk) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect our business.
b) International Transfer
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
c) Data Security
Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”), for example, encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through our App.
Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
YOUR RIGHTS AND PRIVILEGES
a) Your rights
You can exercise the following rights:
● Right to information
● Right to rectification
● Right to object to processing
● Right to deletion
● Right to data portability
● Right to withdraw consent
● Right to complain to a supervisory authority
● Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
b) Update your information and withdraw your consent
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object (including withdrawing of consents you have given us) to its processing, please do so in your account or by contacting us.
c) Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).
d) Complaint to a supervisory authority
The Office of the Attorney General. If you believe that the processing of your Personal Data is not lawful, you can lodge a complaint with the AG or your local data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the AG or any other supervisory authority.
USA SPECIFIC PROVISIONS
The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the GDPR exists on a federal level, we are committed to following and applying the relevant state privacy rules and regulations.
As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.
Further, the following also apply
i) “Shine the Light”
“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.
ii) COPPA (Children Online Privacy Protection Act)
When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
iii) CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
iv) Telephone Consumer Protection Act (TCPA)
If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.
v) Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
vi) Right to complain
Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above-mentioned states may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
CANADA AND MEXICO SPECIFIC PROVISIONS
Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.
In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx).
HELP AND COMPLAINTS
If you have any questions about this policy or about data protection at Ghostyk in general, you can contact us using info@ghostyk.com with “Data Protection” in the subject line.
CHANGES
The first version of this policy was issued on Tuesday, 22nd of April 2025, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.
Arabic
English
French
Spanish