Legal
Privacy Policy
Last updated: May 19, 2026.
Summary
We collect and process your data to deliver your license and support your account, and we work only with vetted sub-processors bound by equivalent data-protection obligations. You have the right to access, correct, or delete your data — contact us via Section 11.
1. What this policy covers
This Privacy Policy describes how GhostAssist ("we", "us") collects, uses, and protects information when you visit our website (aighostassistant.pro) and use the GhostAssist Windows application.
2. Information we collect
When you purchase: We collect your email address, name, and payment information. Payment processing is handled by a licensed third-party payment processor — we do not store card numbers or mobile money credentials.
When you use the website: Standard server logs (IP address, browser type, pages visited) for security and uptime monitoring. No analytics cookies are set.
When you use the GhostAssist app: We do not receive your session data, meeting transcripts, or AI conversation history. This data is stored entirely on your local machine.
3. How we use your information
- To deliver your license file and send transactional emails (purchase confirmation, re-download, activation reset).
- To provide customer support when you contact us.
- To maintain the security of our systems and prevent fraud.
- We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. AI model API calls
When you use GhostAssist, your queries are sent to Anthropic's Claude API (and potentially other AI model providers as fallbacks). These calls are made from your machine directly, using our API credentials. Your queries are subject to the respective provider's privacy policies. We do not log or store the content of your AI queries on our servers.
5. Third-party services
We rely on a small number of vetted third-party providers to operate the website and license system. These include providers for hosting, payment processing, transactional email, and support intake. Each provider processes only the data necessary for its function and is bound by its own privacy terms.
6. Data retention
We retain your account and purchase records for as long as your account is active, and for a reasonable period afterward for legal and support purposes. You may request deletion through our support form (see Section 7).
7. Your rights
You have the right to access, correct, or delete the personal data we hold about you. To exercise these rights, please submit a request through our support form.
8. Security
License files are cryptographically signed. Website authentication requires email verification, and sign-in forms are protected against automated abuse. Administrative areas are gated by additional access controls. We apply HTTPS, HSTS, and a strict Content Security Policy across all website properties. We do not publish the specifics of our security stack.
9. Cookies
The GhostAssist website uses only session cookies required for authentication. No advertising, tracking, or analytics cookies are set. No cookie consent banner is shown because none is required under the cookies we use.
10. Compliance with the Kenya Data Protection Act, 2019
This section applies if you are resident in Kenya or your personal data is processed in connection with our services. It supplements the rest of this Policy.
Data Controller. GhostAssist (operated from Kenya) is the Data Controller. Contact us at [email protected] for data-protection matters; a postal address is available on request.
Lawful basis (DPA s. 30). We process personal data on the bases of contract performance (issuing your license and supporting your account), legitimate interest (fraud prevention, security, and audit), legal obligation (tax and statutory records), and consent where explicitly requested.
Sub-processors. Personal data is processed on our behalf by a small number of vetted third-party providers, including: a cloud database, authentication, and storage provider (US); a website hosting provider (US); an edge network and security provider for CAPTCHA, DDoS protection, and installer delivery (global); a licensed payment processor for M-Pesa and card payments (Kenya); and a transactional email provider (US/EU). Each is contractually bound to process personal data only on our instructions and in accordance with applicable data-protection law. A current list of named sub-processors is available on request via Section 11.
Cross-border transfers (DPA s. 48). Where personal data is transferred outside Kenya to the sub-processors described above, we rely on safeguards equivalent to the DPA, including the recipient's data-protection commitments and standard contractual terms. By creating an account or completing a purchase, you consent to this transfer.
Your rights (DPA s. 26). You have the right to be informed of how your data is used, to access it, to have inaccurate data corrected or deleted, to object to processing, and to withdraw consent where consent is the basis. To exercise any of these, contact us via Section 11; we respond within the period prescribed by the DPA.
ODPC. If you believe your DPA rights have been violated, you may lodge a complaint with the Office of the Data Protection Commissioner of Kenya at www.odpc.go.ke.
11. Contact
Privacy questions: please reach out through our support form.