Privacy Policy

1.1 Account Information

When you create an account with GhostPOV, we collect the following information:

• Your email address (required for all sign-up methods)
• Your name and profile image (when using Google or GitHub OAuth)
• Your password (for email sign-up only, encrypted and stored securely)

1.2 Usage Data

To provide our core services, we store:

• Echo posts you create and their content
• Anonymous feedback received on your posts
• AI-generated insights and summaries you request
• Basic usage statistics to improve our service

1.3 Technical Information

We automatically collect certain technical information when you use our service:

• IP address and general location information
• Browser type and version
• Device information and operating system
• Pages visited and features used

2.1 Service Provision

• Provide and maintain the GhostPOV platform
• Process and deliver anonymous feedback
• Generate AI-powered insights and summaries
• Manage your account and preferences

2.2 Security and Authentication

• Authenticate your identity and secure your account
• Prevent fraud and abuse
• Provide spam and abuse filtering for premium users
• Monitor for suspicious activities

2.3 Payment Processing

• Process payments through our trusted partner Razorpay
• Manage subscription status and billing
• Send payment confirmations and receipts

2.4 Service Improvement

• Analyze usage patterns to improve our platform
• Develop new features and functionality
• Ensure optimal performance and reliability

3.1 Data Storage

Your data is stored securely using industry-standard cloud infrastructure provided by MongoDB Atlas. We rely on industry-standard security measures and practices to ensure your information is protected.

3.2 Security Measures

We implement comprehensive security measures to protect your information:

• End-to-end encryption for all data transmission
• Secure password hashing using industry-standard algorithms
• Regular security audits and vulnerability assessments
• Multi-factor authentication for administrative access
• Automated backup and disaster recovery systems

4.1 Third-Party Services

We integrate with the following trusted third-party services:

• Google OAuth: For authentication (email, name, profile image)
• GitHub OAuth: For authentication (email, name, profile image)
• Razorpay: For payment processing
• Vercel: For hosting and analytics
• MongoDB Atlas: For secure data storage

4.2 Data Sharing Policy

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share your information only in the following circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect our rights, property, or safety
• In connection with a business transfer or acquisition

4.3 International Transfers

We use secure cloud services like MongoDB Atlas to store your data. These servers might be located in different countries — not just your own. That means your information may be transferred and stored outside your home country.

5.1 Access and Portability

• View all your stored data through your account dashboard
• Request a complete copy of your data

5.2 Modification and Deletion

• Delete your account at any time
• Delete individual echo posts and associated data
• Modify your email address (for email-based accounts)
• Change your password and security settings

6.1 Essential Cookies

We use only essential cookies that are necessary for the core functionality of our service:

• Authentication cookies to maintain your login session
• Security cookies to prevent unauthorized access

6.2 No Tracking Policy

We do not use cookies for tracking, advertising, or behavioral analysis. We do not implement third-party tracking scripts or pixels that could compromise your privacy.

7.1 Retention Periods

• Account data: Retained while your account is active
• Echo posts and feedback: Retained until you delete them or your account
• Payment records: Retained for 7 years for tax and legal compliance
• Technical logs: Retained for 90 days for security and debugging

7.2 Automatic Deletion

Inactive accounts (no login for 2 years) will be automatically deleted after email notification. You can reactivate your account by logging in within 30 days of the notification.