Legal
Privacy Policy
Last updated: May 23, 2026
1. Data Controller
Ghostt Dev ("we", "us", "our"), operating under the brand ghostt.dev™, is the data controller responsible for your personal data.
Email: contact@gh0stt.dev
Website: https://www.ghostt.dev
2. What Data We Collect
Data you provide directly
- Account data: Name, email address when you create an account or sign in.
- Contact form: Name, email address, subject, and message content.
- Booking data: Name, email address, selected date/time, and any notes you provide when booking a session.
- Payment data: Payment details are processed by our third-party payment provider. We do not store credit card numbers or bank details.
Data collected automatically
- Usage data: Pages visited, time spent, referring URL, browser type, device type.
- Cookies: Essential cookies for site functionality and session management.
3. Why We Process Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and manage your account | Performance of a contract (Art. 6(1)(b)) |
| Respond to contact form inquiries | Legitimate interest (Art. 6(1)(f)) |
| Schedule and deliver booked sessions | Performance of a contract (Art. 6(1)(b)) |
| Process payments | Performance of a contract (Art. 6(1)(b)) |
| Send service-related communications | Legitimate interest (Art. 6(1)(f)) |
| Improve our website and services | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your data for marketing purposes without your explicit consent.
4. Who We Share Data With
| Processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Website hosting and delivery | United States |
| Microsoft Corporation | Calendar booking (Outlook) | United States |
| Payment provider | Payment processing | See provider's policy |
5. Data Retention
- Account data: Retained for as long as your account is active, plus 12 months after deletion.
- Contact form submissions: Retained for 12 months, then deleted.
- Booking records: Retained for 24 months for administrative and tax purposes.
- Payment records: Retained as required by Dutch tax law (7 years).
- Usage data: Retained for 26 months in anonymized/aggregated form.
6. Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time, where consent is the legal basis
To exercise any of these rights, email us at contact@gh0stt.dev. We will respond within 30 days.
7. Cookies
We use essential cookies required for the website to function (session management, authentication). These do not require consent. If we use any analytics or non-essential cookies, we will ask for your consent before setting them.
8. Children
Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it promptly.
9. Security
We implement appropriate technical and organizational measures to protect your data, including HTTPS encryption, access controls, and secure hosting infrastructure.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on our website.
Also see our Terms of Service.