GhostSweep

Privacy Policy

GhostSweep Privacy Policy

This Privacy Policy explains how GhostSweep collects, uses, and protects your information when you use our services. We designed GhostSweep to be privacy-first and give you control over your data.

Last updated: Dec 01, 2025

Privacy-first

GhostSweep analyzes metadata to map where your data lives. We don't read or store full email bodies.

You're in control

You can disconnect Gmail, delete sweep data, or delete your account at any time from within the app.

No selling data

We do not sell your personal data. Limited third-party services are used only to operate GhostSweep (for example, hosting and billing).

1. Who we are

GhostSweep is a web application that helps you understand where your email address is used, which services hold your data, and which of those services may have been involved in known data breaches.

If you have questions about this policy, you can contact us at support@ghostsweep.com.

2. Information we collect

2.1 Account information

When you create an account, we collect your email address and basic authentication details through our authentication provider (Supabase Auth). We may also store basic profile information if you choose to provide it.

2.2 Gmail connection (Google OAuth)

When you connect your Gmail account, we use Google's OAuth permission system to request read-only access to your mailbox and basic profile details (such as your email address). GhostSweep does not request permission to send, delete, or modify emails.

During sweeps, we access mailbox metadata (for example, sender, subject line, and timestamp) to detect services and security-related messages. We do not need to permanently store raw email messages to provide GhostSweep's functionality.

2.3 Sweep summaries and service data

To show you your results, we store:

  • Detected services and domains associated with your email
  • Basic activity indicators (for example, first seen, last seen)
  • Counts of messages related to each service
  • Known breach information linked to your email address
  • High-level scan history (for example, last sweep date)

2.4 Payment information

When you purchase a Professional subscription, payments are processed by our third-party payment provider (Stripe). We do not store your full payment card details on our own servers. We may store subscription status, plan type, and billing-related metadata.

2.5 Usage data

We may collect basic technical information about how you use GhostSweep, such as browser type, approximate region, and pages visited. We use this to improve performance, reliability, and usability. We do not use this data to build marketing profiles or sell it to third parties.

3. How we use your information

We use the information we collect for the following purposes:

  • To operate and maintain GhostSweep
  • To perform inbox sweeps at your request
  • To identify services and accounts linked to your email address
  • To display breach information and risk indicators
  • To provide support and respond to issues you report
  • To handle billing, subscriptions, and account changes
  • To improve GhostSweep's accuracy, reliability, and UX

4. Use of Google user data

When you connect a Google account, GhostSweep's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • GhostSweep only uses Gmail data to provide features you explicitly request (for example, running a sweep to detect services).
  • We do not use Gmail data to serve ads or for marketing purposes.
  • We do not sell or transfer Gmail data to third parties, except where necessary to provide the service (for example, secure hosting) or where required by law.
  • Access to Google data is restricted to automated systems and is not available for human review except when necessary for security, legal compliance, or debugging a specific issue you request help with.

5. Data retention and deletion

We retain your account information, subscription status, and sweep summaries for as long as your account remains active, unless you request deletion.

  • You can delete sweep data from within the app. This removes stored service summaries and breach results linked to your account.
  • You can disconnect your Gmail account. This revokes future access via Google OAuth. We recommend deleting your sweep data as well if you no longer want GhostSweep to retain it.
  • You can request full account deletion. This may permanently remove your profile, subscriptions, and sweep history, subject to any legal requirements to retain minimal billing records.

6. Sharing your information

We do not sell your personal data. We may share limited information with:

  • Hosting and infrastructure providers that help us run GhostSweep (for example, database, storage, serverless functions)
  • Payment processors that handle subscriptions and billing on our behalf
  • Analytics or logging tools used to monitor performance and stability
  • Law enforcement or authorities, if required by applicable law or in response to valid legal process

We only share the minimum amount of information necessary for these providers to perform their services, and we expect them to protect your data appropriately.

7. Your rights and choices

Depending on your location and applicable laws, you may have rights over your personal data, such as:

  • Accessing the information we store about you
  • Correcting inaccurate or incomplete information
  • Requesting deletion of your data
  • Objecting to or limiting certain types of processing
  • Exporting your data in a portable format

To exercise these rights, you can contact us at support@ghostsweep.com. We may need to verify your identity before fulfilling certain requests.

8. Security

We use reasonable technical and organizational measures to protect your data, including encryption in transit, restricted access to production systems, and scoped database policies. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If you believe your GhostSweep account or Gmail connection has been compromised, please disconnect your Gmail account, change your password, and contact us immediately.

9. Children's privacy

GhostSweep is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected such information, we will take steps to delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in GhostSweep or applicable laws. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you inside the app or by email.

Questions about this policy?

If you have any questions or concerns about how GhostSweep handles your data, or if you want to exercise your privacy rights, you can reach us at:

support@ghostsweep.com

Please avoid sending sensitive information (such as passwords or full payment card numbers) in emails.

Back to GhostSweep