Last Updated: April 19, 2026
At Ghost AI, Inc. ("we," "us," or "Ghost") we take your privacy very seriously. Please read this privacy notice carefully, as it contains important information on how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information.
We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked—directly or indirectly—with a particular consumer or household:
We collect personal information:
We collect personal information to:
Without this data, we may be unable to provide certain services.
Ghost connects to business systems you authorize in order to deliver its services. Depending on which integrations you enable, Ghost may access and process:
Ghost requests only the access needed to provide its services and honors the permission scopes you grant at the time of connection. You may disconnect any integration at any time. Upon disconnection, Ghost will stop ingesting new data from that source. Previously ingested data is handled in accordance with the retention section below and may be deleted on request.
As part of our sales-enablement services, Ghost makes prospect data available to its customers for use in their own sales, marketing, and relationship-development activities. This data may include personal information about business professionals, such as names, business email addresses, phone numbers, job titles, employer information, and professional background.
Ghost sources this data from third-party enrichment and research providers that collect it from publicly available sources — for example, company websites, professional networking sites, and public directories — and that follow industry-standard practices for collecting and maintaining such data. Ghost relies on these providers' representations that the data has been lawfully obtained and is appropriate for business-to-business sales and marketing use, and makes it available to its customers for the convenience of standard B2B sales practices.
Because this data is derived from lawfully and publicly available sources, Ghost treats these disclosures as exempt from the definition of "sale" of personal information under the CCPA/CPRA and comparable U.S. state privacy laws. Ghost's customers are contractually required to use this data in compliance with applicable privacy, marketing, and anti-spam laws.
Ghost's services rely on large language models ("LLMs") to function — tasks such as meeting summarization, message generation, prospect research, and workflow automation cannot be performed without them. By using Ghost, you agree that Ghost may select, change, and route your data to the LLM providers and models it determines are appropriate for delivering the service, which, as of the date of this policy, include OpenAI, Anthropic, Google, and xAI. These providers act as sub-processors and are bound by confidentiality and data protection obligations consistent with this policy. We do not authorize any LLM provider to train foundation models on your data.
We may use your data to evaluate and improve the Ghost platform — for example, measuring the quality of the outputs our skills and workflows produce so we can refine our prompts, heuristics, and agent behavior over time. This is self-optimization of the Ghost product, not model training: we do not use your data to train foundation models, and we do not authorize our sub-processors to do so. Access to customer data for improvement work is limited to personnel with a business need and subject to confidentiality obligations.
When you interact with Ghost — for example, through sales conversations, product demos, customer success calls, support inquiries, or email correspondence — we may record, transcribe, and store those interactions using call-transcription and meeting-intelligence tools, and store them in our customer relationship management (CRM) system. We use commercially reasonable efforts to notify participants when a meeting is being recorded and to obtain any consents required by applicable law.
We use this information to:
We do not use this information to train foundation models, and we do not share it outside Ghost except with the sub-processors described elsewhere in this policy.
We may use your information to send product and service updates, promotions, and offers.
Ghost does not sell your personal information, and does not use it for cross-context behavioral advertising. For information about the prospect data Ghost makes available to its customers as part of our sales-enablement services, see "Prospect Data Provided to Customers" above.
We may share your personal information with:
We require all service providers to use your personal information only for contracted purposes and to implement appropriate security measures.
We do not sell your personal information collected through Ghost services.
Ghost primarily stores personal information with cloud hosting providers located in the United States, including Supabase (database and storage) and Vercel (web hosting). Certain sub-processors (for example, LLM providers) may process data in other regions, including the European Union.
If you access Ghost from outside the United States, your personal information will be transferred to, stored in, and processed in the United States and other jurisdictions where our sub-processors operate. Where required by law, transfers from the European Economic Area, United Kingdom, or Switzerland are carried out under the European Commission's Standard Contractual Clauses or another valid transfer mechanism.
We retain personal information for as long as your account is active and for as long as necessary to:
When you disconnect an integration, Ghost stops ingesting new data from that source. Data previously ingested from that integration is retained within Ghost until you request deletion or your account is terminated, unless a shorter retention period applies under the relevant integration's terms.
When your account is terminated, we will delete or anonymize your personal information within a reasonable period (typically within 90 days), except where continued retention is required to comply with legal obligations, resolve disputes, enforce our agreements, or for legitimate business record-keeping.
If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another U.S. state with a comparable privacy law, you may have some or all of the following rights with respect to your personal information:
Ghost honors Global Privacy Control (GPC) signals from supported browsers as a valid opt-out of sale and sharing.
To exercise these rights, please contact info@ghostgtm.ai. We may require verification of your identity before fulfilling a request and will respond within the timeframes required by applicable law. Under the CCPA, data access or portability requests may only be made twice in a 12-month period.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the EU General Data Protection Regulation, the UK GDPR, and comparable laws:
We rely on the following legal bases to process personal information: (i) performance of a contract with you or the organization you represent; (ii) our legitimate interests in operating, improving, and marketing our services (balanced against your interests and rights); (iii) compliance with legal obligations; and (iv) your consent, where required.
To exercise these rights, please contact info@ghostgtm.ai.
Ghost has not sold personal information in the preceding 12 months (as "sale" is defined under the CCPA/CPRA or comparable U.S. state privacy laws) and does not sell personal information today.
For transparency, the categories of personal information Ghost may disclose to service providers and sub-processors for business purposes include:
Recipients of these disclosures include hosting and infrastructure providers, LLM providers (see "AI Model Providers" above), enrichment and prospect-research providers, analytics providers, and business visitor-identification providers. Each recipient is contractually required to process the information solely to provide services to Ghost and to implement appropriate security measures.
These disclosures are made to deliver our services, authenticate users, maintain and improve our products, and comply with our legal obligations.
We maintain administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, loss, alteration, or misuse. Access is limited to personnel with a business need and who are bound by confidentiality obligations.
In the event of a security incident that affects your personal information, Ghost will notify affected users and applicable regulators in accordance with applicable law.
Ghost is a business-to-business service intended for use by adults in a professional capacity. We do not direct our services to individuals under the age of 18, and we do not knowingly collect personal information from children under the age of 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. Contact info@ghostgtm.ai if you believe we may have inadvertently collected such information.
You may exercise any of the rights described in this policy, including requests related to integrated data (for example, deletion of data ingested from your CRM, email, calendar, or call-transcript integrations) and requests to limit the use of your data in AI-driven processing, by emailing info@ghostgtm.ai.
We may require verification of your identity before fulfilling a request, and we will respond within the timeframes required by applicable law. CCPA data access or portability requests may only be made twice in a 12-month period.
If you have questions about this Privacy Policy or our data practices, please contact:
Last Updated: April 19, 2026
We may update this policy by posting changes on our website or notifying you via the service or email. You should periodically review this Privacy Policy to stay informed.
