Privacy Policy

Introduction

This Privacy Policy explains how GENIEFANTOME OÜ, commercially operating as Ghost Genius, collects, uses, stores, and protects personal data in the course of providing its services. The Company is committed to handling personal data in a transparent and responsible manner, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

By creating an account, accessing the platform, or using any of the services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, you should not use the Service.

The Company may update this Privacy Policy from time to time to reflect changes in legal requirements, technological developments, or business practices. The most recent version will always be available on the website, and continued use of the Service after publication of updates constitutes acceptance of the revised policy.

Data Controller

The data controller responsible for the processing of personal data within the meaning of applicable data protection laws is GENIEFANTOME OÜ, commercially operating as Ghost Genius, a private limited company incorporated under the laws of Estonia with registration number 17297613 and VAT number EE102888081. The Company’s registered office is located at Harju maakond, Tallinn, Lasnamäe linnaosa, Ruunaoja tn 3, 11415, Estonia.

For any questions, requests, or concerns regarding this Privacy Policy or the processing of personal data, the Company can be contacted at: contact@ghostgenius.fr.

Data Collected

When you create an account on Ghost Genius, we collect certain information necessary to provide and secure the Service. During registration, you are asked to provide your email address, which is used as your primary identifier and to send a login code to authenticate your access. You may also choose to sign in with Google, in which case we receive from Google only the data strictly required to establish and maintain your access.

In addition to your email, we collect your first name, last name, company name, and an indication of your technical level, which helps us better understand the type of users engaging with the Service. This information is used exclusively for professional communication and for tailoring the Service to your needs.

When you use the Service, we record details of your activity, including the API requests you make. These logs do not include your IP address and are limited to the technical information required to ensure the functioning, security, and improvement of the Service.

For certain private endpoints, the Service may require that you voluntarily provide your own LinkedIn cookies. These cookies are never collected without your explicit action and remain strictly associated with your individual account. Apart from this, the Service operates on a cookieless model, except for the essential cookies required to maintain secure sessions.

All personal and technical data collected through the Service is stored securely on Supabase infrastructure. The Company does not process or store payment information, as all subscription payments are handled entirely by Stripe.

Purposes of Processing

The personal data we collect is used solely to operate, secure, and improve the Service. Your email address is required to create your account, authenticate your access, and communicate with you about important matters such as account activity, subscription status, or security notifications. When you provide your first name, last name, company name, and technical level, this information helps us personalize your experience and understand how different types of users interact with the Service.

We use activity logs, such as the API requests you make, to maintain the stability and security of the platform. These records allow us to monitor performance, detect misuse, and ensure proper functioning of the Service. Because we do not collect your IP address, the scope of these logs is limited strictly to what is necessary for technical and security purposes.

Where you voluntarily provide LinkedIn cookies to access private endpoints, these are used exclusively for enabling that functionality and are not shared, repurposed, or accessed outside of your account.

We may also use your contact details to share professional updates and service announcements, such as platform improvements, subscription changes, or security and compliance information. We do not use personal data for advertising or marketing, and we do not sell or share information with third parties for promotional purposes.

Finally, some of your data must be processed to meet legal obligations, such as compliance with tax and accounting requirements related to your subscription payments.

Legal Basis for Processing

We process your personal data only when we have a valid legal reason to do so under the General Data Protection Regulation (GDPR). In practice, this means the following:

We process your account information (such as your email address and login details) because it is necessary to provide access to the Service and to fulfill our contract with you. Without this information, we would not be able to create your account or allow you to use the platform.

We process subscription details and billing records because we are legally required to keep financial information for accounting and tax purposes.

We process usage data (such as your API requests) to maintain and improve the Service, based on our legitimate interest in ensuring the stability, security, and proper functioning of the platform.

If you choose to provide LinkedIn cookies to use private endpoints, we will only process this data with your explicit consent. You remain free to withdraw consent at any time by removing the cookies from your account settings.

When we contact you with professional updates or important announcements about the Service, we rely on our legitimate interest in keeping you informed and maintaining clear communication with our users.

Data Retention

We keep your personal data only for as long as it is needed to provide the Service and to meet the purposes described in this Privacy Policy. Your account information is kept for as long as your account remains active. If you decide to close your account or ask us to delete your data, we will remove it promptly and without unnecessary delay, unless we are legally required to keep certain information.

For example, some financial and billing records may need to be kept for a longer period to comply with accounting or tax obligations. In such cases, the data is kept securely and only for the minimum time required by law.

Technical data, such as API usage logs, is retained only for the time needed to ensure the stability, security, and proper functioning of the Service. Once no longer necessary, the data is either deleted or anonymized.

We are committed to respecting your right to have your personal data deleted on request, and we provide an easy way to contact us if you wish to exercise this right.

Data Sharing

We do not sell, rent, or trade your personal data to third parties. Your information is only shared with trusted service providers essential to the operation of Ghost Genius, and always under strict confidentiality and data protection agreements.

Payments are processed exclusively through Stripe, which handles all subscription transactions on our behalf. Ghost Genius does not store payment card details. Stripe acts as an independent payment processor and is responsible for the secure handling of your financial data.

All account and activity data is stored securely on Supabase, which provides the database infrastructure for the Service. Supabase acts as a data processor and processes information strictly under our instructions.

The Service is hosted on Vercel, which provides the cloud infrastructure that ensures the availability and performance of the platform. In certain cases, this may involve the transfer of limited data necessary for hosting and delivery.

Other than these providers, your personal data is not shared with third parties unless required by law, such as in response to a valid legal request from public authorities or to comply with legal obligations.

International Data Transfers

Some of our service providers, including Stripe, Supabase, and Vercel, may process data outside the European Union. Whenever this happens, we ensure that your personal data continues to be protected to the same high standards required under European data protection laws.

These providers are carefully selected and operate under strong contractual and legal safeguards designed to keep your information secure, regardless of where it is processed. We only work with partners that commit to protecting personal data and that provide guarantees recognized under European law.

In practice, this means that even if your data is transferred outside the EU, it remains protected by measures that ensure confidentiality, integrity, and lawful processing at all times.

Data Security

We take the security of your personal data seriously and implement technical and organizational measures to protect it against unauthorized access, loss, alteration, or disclosure. While no online service can guarantee absolute protection, we apply industry-standard safeguards to ensure that your information is handled with care and remains secure throughout its lifecycle.

These measures are designed to maintain the confidentiality, integrity, and availability of your data and are regularly reviewed to reflect technological developments and evolving security practices.

Your Rights

As a user of the Service, you have rights over your personal data. You may request access to the information we hold about you, ask for corrections if it is inaccurate, or request its deletion when it is no longer needed. You also have the right to limit or object to certain types of processing, as well as the right to receive your data in a portable format where applicable.

If you wish to exercise any of these rights, you can contact us directly at contact@ghostgenius.fr, and we will handle your request without unnecessary delay.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe that your rights have not been respected.

Cookies

Ghost Genius is designed to operate with minimal reliance on cookies. We only use essential cookies that are strictly necessary to maintain secure sessions and enable the proper functioning of the platform. These technical cookies do not track your browsing activity outside the Service and are not used for advertising or profiling.

In certain cases, you may choose to provide your own LinkedIn cookies in order to access specific private endpoints of the Service. These cookies are never collected automatically and are only used to enable the functionality you have explicitly requested. They remain linked to your account and are not shared or reused for any other purpose.

Other than these essential and user-provided cookies, the Service does not rely on tracking technologies such as advertising cookies, analytics trackers, or third-party marketing pixels.

View Cookies Policy

Contact

If you have any questions about this Privacy Policy, the way we handle your personal data, or if you wish to exercise your data protection rights, you can contact us at any time at contact@ghostgenius.fr. We are committed to handling all requests with transparency and care, and to ensuring that your personal information is treated in accordance with the highest standards of data protection.