Aller au contenu
GhostAgent
FonctionnementTarifs
ConnexionCommencer

Privacy Policy

Last updated: 28 May 2026

GhostAgent (“we”, “us”) operates ghostagent.online, a service that analyses receipts and similar documents to help consumers identify possible refunds or compensation. This policy explains what personal data we process, why, how long we keep it, and what rights you have under applicable law (including the EU General Data Protection Regulation where it applies).

1. Who is responsible for your data?

The data controller for personal data processed through GhostAgent is the operator of the GhostAgent service reachable at ghostagent.online. For privacy requests, contact ghostagentsupport@gmail.com.

We use subprocessors to run the service (for example hosting, payment, email delivery, and AI analysis). Those providers process data only on our instructions and under appropriate contractual safeguards.

2. What data we collect

Account data: email address, name (if provided), password hash (for email sign-in), verification and password-reset tokens, session identifiers, and sign-in method (email or Google OAuth where enabled).

Document and audit data: files you upload (images or PDFs), text extracted from them, analysis results (merchants, amounts, dates, dispute triggers, confidence scores), generated claim letters, and payment status linked to an audit.

Usage and technical data: IP address (for rate limiting and security), browser type, approximate timestamps, referral codes, cookie preferences (including language), and error logs needed to operate the service.

Payment data: we do not store full card numbers. Stripe processes payments; we may store Stripe customer or session identifiers, amounts, currency, and whether a claim delivery was purchased.

Communications: if you email support, we process the content of your message and your email address to respond.

3. Why we use your data (legal bases)

Contract: to create and manage your account, run document analysis you request, deliver claim letters you purchase, and maintain your dashboard history.

Legitimate interests: to secure the platform (fraud prevention, rate limits, abuse detection), improve reliability, and understand aggregated usage without profiling you for unrelated marketing.

Consent: where required for optional cookies or marketing beyond core service emails; you may withdraw consent without affecting analysis you already paid for.

Legal obligation: to keep records required by tax or consumer law where applicable.

4. AI analysis and automated decisions

Uploads are analysed using automated systems (including large-language-model APIs) to extract facts and suggest possible consumer claims. Outputs are estimates and drafts, not legal advice or guaranteed outcomes.

You are not subject to a decision with legal or similarly significant effect based solely on automation; you review results before sending any claim. If you believe an analysis is wrong, you can upload another document or contact support.

5. How long we keep data

Account and audit records are kept while your account is active and for a reasonable period afterward so you can access history, unless you delete your account.

When you delete your account from the dashboard, we delete or anonymise personal data tied to your email across audits, outcomes, referral stats, and login credentials, subject to backups expiring on a normal cycle and legal retention where required.

Security logs may be kept for a limited period. Payment records may be retained as required by Stripe and accounting rules.

6. Sharing and international transfers

We share data with service providers that help us operate GhostAgent (hosting, database, email, payments, AI APIs). Some providers may be located outside the EU/EEA; where required we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

We do not sell your personal data. We may disclose information if required by law, court order, or to protect rights, safety, and integrity of the service.

7. Security

We use encryption in transit (HTTPS), access controls on production systems, and industry-standard password hashing. No online service can guarantee absolute security; please use a strong, unique password and keep your email secure.

8. Your rights

Depending on your location, you may have the right to access, rectify, erase, restrict, or object to processing, and to data portability. You may also lodge a complaint with your local data protection authority.

To exercise rights, email ghostagentsupport@gmail.com from the address linked to your account. We may need to verify your identity before acting on a request.

9. Cookies

We use essential cookies for sessions, language preference (NEXT_LOCALE), and referral tracking where applicable. Analytics may be provided by our hosting partner. You can control non-essential cookies through your browser settings.

10. Children

GhostAgent is not directed at children under 16. We do not knowingly collect data from children; if you believe a child has provided data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will change, and material changes will be communicated on the site or by email where appropriate. Continued use after changes means you accept the updated policy.

GhostAgent

GhostAgent rédige des documents — pas un conseil juridique.

Ressources

  • Fonctionnement
  • Tarifs

Entreprise

  • Confidentialité
  • CGU
  • Contact

© 2026 GhostAgent · Pas un conseil juridique.

Fait dans l’UE · Paiements sécurisés par Stripe