GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Last updated: March 26, 2026

Data Controller Information

Who We Are

GhostBro acts as the data controller for personal data processed through our service. Our primary database infrastructure is located in Germany, ensuring compliance with EU data protection standards.

Data Protection Officer: [email protected]

Legal Entity: GhostBro Technologies

Jurisdiction: European Union (Germany)

Personal Data We Process

Account Information

Data Collected: Name and email address provided during registration

Legal Basis: Contract performance (Art. 6(1)(b) GDPR)

Storage Location: Secure database servers in Germany

Important: At this time, we do not collect any additional personal data beyond your name and email address.

Authentication Data

Data Collected: Encrypted password for account security

Legal Basis: Contract performance and legitimate interests (Art. 6(1)(b)(f) GDPR)

Security: Passwords are encrypted using industry-standard algorithms

Analytics Data (Website Only)

Data Collected: Anonymized usage patterns through Google Analytics on our website only

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)

Retention: 14 months (configured for privacy)

Important: Google Analytics is only used on our website. The downloaded GhostBro application does not collect any usage data or analytics.

No Additional Data Collection

We do not collect device information, browsing behavior, or any other personal data beyond your name, email, and anonymized website analytics. Our data collection is strictly limited to the information you provide during registration and anonymized website usage data.

Third-Party Data Processing

Google Analytics (Website Only)

We use Google Analytics on our website to understand user behavior and improve our service. This operates under strict data processing agreements.

  • Purpose: Website usage analytics and performance monitoring
  • Data Shared: Anonymized usage patterns, page views, session duration
  • Retention: 14 months (configured for privacy)
  • Location: EU-based servers

Important: Google Analytics is only used on our website. The downloaded GhostBro application does not use any third-party analytics or data processing services.

No Other Third-Party Data Sharing

Beyond Google Analytics on our website, we do not share your personal data (name and email) with any other third-party service providers for processing purposes.

Your account information remains securely stored on our servers in Germany and is not transmitted to external parties.

Your GDPR Rights

Right of Access (Art. 15)

You have the right to obtain confirmation about whether we process your personal data and access to such data, including information about processing purposes, categories, and recipients.

Right to Rectification (Art. 16)

You can request correction of inaccurate personal data and completion of incomplete data through your account settings or by contacting our support team.

Right to Erasure (Art. 17)

You may request deletion of your personal data when processing is no longer necessary, you withdraw consent, or data has been unlawfully processed.

Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object (Art. 21)

You may object to processing based on legitimate interests. For screenshot processing, you can disable the feature at any time in your settings.

Right to Withdraw Consent

For screenshot processing based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

Data Security & Retention

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Staff training on data protection principles

Data Retention Periods

We retain personal data only for as long as necessary:

  • Account Data: Until account deletion or 3 years of inactivity
  • Authentication Data: Until password change or account deletion
  • Screenshots: Immediately deleted after processing (not stored)
  • Legal Requirements: As required by applicable law

Data Breach Notification

Our Commitment

In the unlikely event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay if high risk
  • Document the breach and our response measures
  • Implement additional safeguards to prevent future breaches

Supervisory Authority & Complaints

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of alleged infringement.

German Federal Commissioner for Data Protection

Address: Husarenstraße 30, 53117 Bonn, Germany

Phone: +49 228 997799-0

Website: bfdi.bund.de

Email: [email protected]

Contact Our DPO

Exercise Your Rights

How to Contact Us

To exercise any of your GDPR rights or if you have questions about our data processing practices, please contact us:

Data Protection Officer: [email protected]

Subject Line: "GDPR Rights Request - [Your Request Type]"

Response Time: Within 30 days (extendable to 60 days for complex requests)

Verification: We may request identity verification for security purposes

Request Data Access Delete My Data Data Portability

Contact Information

Questions About GDPR Compliance

If you have any questions about our GDPR compliance or data processing practices, please contact us.

Data Protection Officer: [email protected]

Legal Team: [email protected]

General Support: [email protected]

Contact Support