Privacy Policy

PRIVACY POLICY

Last updated February 10, 2024

This privacy notice for Ghost Security, Inc (“we”, “us”, or “our”), describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:

• Visit our website at www.ghost.security, www.ghostsecurity.com, or any website of ours that links to this privacy notice
• Apply for jobs through our website
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@ghost.security.

1. WHAT INFORMATION DO WE COLLECT?

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Name
• Title
• Company name
• E-mail address
• Phone number

If you apply for a job with us through our website, additional voluntarily-provided information may include but not be limited to:

• CV/resume and all information contained therein
• Professional experience
• Educational experience
• References

All personal information that you provide us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Audio, Electronic, or Visual Information

If you attend a Ghost Security hosted in-person or virtual event or agree to be recorded in a telephone or virtual meeting, we may record some or all of that event or meeting. We may document the event in various ways, such as by taking photos at the event, interviewing you at the event, or recording your participation in a live question-and-answer or other interactive session. We use this information for business and marketing purposes, including to enhance our offerings and your customer or user experience.

Information Automatically Collected

We automatically collect certain information when you visit, use, or navigate our website and/or Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

• Log and Usage Data: Log and usage data is service-related, diagnostic, usage, and performance information we automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about you activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use).
• Device Data: We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data: We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Service. 

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

• Business transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company or entity.
• When we use Google Analytics. We may share your information with Google Analytics to track and analyze the use of the Services. The Google Analytics Advertising Features that we may use include: Google Display Network Impressions Reporting and Google Analytics Demographics and Interests Reporting. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through https://adssettings.google.com and Ad Settings for mobile apps. 
• When we use Hubspot analytics. We may share your information with Hubspot to track and analyze the use of the Services. 

Third Party Service Providers

While using the Services we may be using third party service providers, who may collect, store and/or process the information detailed herein. We use commercially reasonable efforts to engage with third parties that post a privacy policy governing their collection, processing and use of non-personal and personal information. Such software may include without limitation:

• AWS, whose privacy policy can be found at: https://aws.amazon.com/privacy/
• Google Analytics, whose privacy policy can be found at: https://policies.google.com/privacy?h
• LinkedIn, whose privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy
• Hubspot, whose privacy policy can be found at: https://legal.hubspot.com/privacy-policy
• Zoom, whose privacy policy can be found at: https://explore.zoom.us/en/privacy/

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar tracking technologies to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and/or by those third parties with whom we may share your personal information, in the United States, and other countries.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible, then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our reports. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@ghost.security.

10. WHAT ARE YOUR PRIVACY RIGHTS?

Withdrawing your consent: We will consider and act upon any request in accordance with applicable data protection laws. If we are relying on your consent to process your personal information which may be expressed and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at privacy@ghost.security. 

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send. You will then be removed from the marketing lists. However, we may still communicate with you – for example, to send you service-related messages that are necessary for the administration and use of your accounts, to respond to service requests, or for other non-marketing purposes.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at privacy@ghost.security.

California Residents: This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the following rights:

The California Code of Regulations defines a “resident” as:

1. Every individual who is in the State of California for other than a temporary or transitory purpose and
2. Every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as “non-residents”.

For residents, we must adhere to certain rights and obligations regarding your personal information.

• Right to opt-out of the sale of your personal information: we will never sell your personal information.
• Right to request deletion of the data: you have the right to request the deletion of your personal information by contacting us at privacy@ghost.security
• Right to be informed: depending on the circumstances, you have the right to know: (1) whether we collect and use your personal information, (2) the categories of personal information we collect, (3) the purpose for which we collect your personal information, (4) whether we sell to third parties, (5) the categories of information sold to third parties, and (6) the business or commercial purpose for collecting, selling, or sharing personal information
• Right to non-discrimination: you will not be discriminated against if you choose to exercise any of the above rights.

If you have questions or comments about your privacy rights, you may email us at privacy@ghost.security.

11. POLICY CHANGES

We reserve the right to change this policy at any time by posting such notice on our website. Such posting shall be the sole notice required to make the new or revised policy statement effective.