Legal

Privacy Policy

Last updated: May 23, 2026

1. Data Controller

Ghostt Dev ("we", "us", "our"), operating under the brand ghostt.dev™, is the data controller responsible for your personal data.

Email: contact@gh0stt.dev
Website: https://www.ghostt.dev

2. What Data We Collect

Data you provide directly

  • Account data: Name, email address when you create an account or sign in.
  • Contact form: Name, email address, subject, and message content.
  • Booking data: Name, email address, selected date/time, and any notes you provide when booking a session.
  • Payment data: Payment details are processed by our third-party payment provider. We do not store credit card numbers or bank details.

Data collected automatically

  • Usage data: Pages visited, time spent, referring URL, browser type, device type.
  • Cookies: Essential cookies for site functionality and session management.

3. Why We Process Your Data

PurposeLegal Basis (GDPR)
Provide and manage your accountPerformance of a contract (Art. 6(1)(b))
Respond to contact form inquiriesLegitimate interest (Art. 6(1)(f))
Schedule and deliver booked sessionsPerformance of a contract (Art. 6(1)(b))
Process paymentsPerformance of a contract (Art. 6(1)(b))
Send service-related communicationsLegitimate interest (Art. 6(1)(f))
Improve our website and servicesLegitimate interest (Art. 6(1)(f))
Comply with legal obligationsLegal obligation (Art. 6(1)(c))

We do not use your data for marketing purposes without your explicit consent.

4. Who We Share Data With

ProcessorPurposeLocation
Vercel Inc.Website hosting and deliveryUnited States
Microsoft CorporationCalendar booking (Outlook)United States
Payment providerPayment processingSee provider's policy

5. Data Retention

  • Account data: Retained for as long as your account is active, plus 12 months after deletion.
  • Contact form submissions: Retained for 12 months, then deleted.
  • Booking records: Retained for 24 months for administrative and tax purposes.
  • Payment records: Retained as required by Dutch tax law (7 years).
  • Usage data: Retained for 26 months in anonymized/aggregated form.

6. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time, where consent is the legal basis

To exercise any of these rights, email us at contact@gh0stt.dev. We will respond within 30 days.

7. Cookies

We use essential cookies required for the website to function (session management, authentication). These do not require consent. If we use any analytics or non-essential cookies, we will ask for your consent before setting them.

8. Children

Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it promptly.

9. Security

We implement appropriate technical and organizational measures to protect your data, including HTTPS encryption, access controls, and secure hosting infrastructure.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website.

Also see our Terms of Service.