← Back to login

Privacy Policy

Last updated: February 2026

1. Who We Are

Ghost is an ad serving platform that enables publishers and advertisers to create, deliver, and measure contextual advertising. This policy covers data practices for both ad delivery (end users who see ads served by Ghost) and the Ghost dashboard (customers who manage campaigns, creatives, and placements).

2. Privacy for Ad Delivery (End Users)

Data collected

  • Device type and browser information
  • IP address (hashed for anonymization)
  • Approximate geolocation (country and region)
  • Ad impressions, clicks, and frequency data

How we use it

  • Ad serving decisions and frequency capping
  • Fraud and bot detection
  • Aggregated, anonymized analytics for advertisers

Cookies and tracking

Ghost uses impression tracking pixels and viewability detection via IntersectionObserver. Ghost does not use third-party cookies or cross-site tracking. Ghost supports the Global Privacy Control (GPC) header—when detected, non-essential data collection is suppressed.

No personal profiles are built. Ghost uses contextual targeting (page content, URL, and keywords) rather than behavioral tracking.

3. Privacy for the Ghost Dashboard (Customers)

Data collected

  • Name, email address, and phone number (provided at signup)
  • Business name
  • Account activity logs

How we use it

  • Account management and service delivery
  • Security purposes such as login alerts
  • Product updates and communications

You can update or delete your information at any time through your account settings.

4. Data Sharing

Ghost does not sell personal data. We share data only with infrastructure providers necessary for service delivery, and as required by law. No data is shared with advertisers beyond aggregated, anonymized analytics.

5. Data Retention

  • Raw event data (impressions, clicks): 90 days
  • Aggregated analytics: duration of account
  • Account data (name, email): duration of account plus 30 days after deletion
  • Audit logs: 1 year

6. Your Rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion of your data
  • Opt out of non-essential communications
  • Export your data

To exercise these rights, contact privacy@ghostads.io or use your account settings.

7. CCPA & GDPR Compliance

Ghost respects the Global Privacy Control (GPC) signal. Our SDK includes a consent gate that suppresses ad delivery when consent is not granted.

For California residents: Ghost does not “sell” or “share” personal information as defined by the CCPA.

For EU residents: Our legal basis for processing is legitimate interest (ad delivery) and contract performance (dashboard services).

8. Security Measures

We employ the following measures to protect your data:

  • Encryption in transit (TLS)
  • Hashed IP addresses and API keys
  • JWT with token rotation and family-based replay detection
  • Rate limiting
  • Audit logging

9. Updates to This Policy

We may update this policy periodically. Material changes will be communicated via the dashboard or email. Continued use of Ghost after changes are posted constitutes acceptance of the revised policy.

10. Contact Information

For privacy inquiries, contact us at privacy@ghostads.io.