GhostSweep
Google OAuth · Zero-storage scanning · You control all actions

Your security.
Our obsession.

We help you find money and clean up accounts. That means your security gets treated like a bank would — transient processing, zero-knowledge storage, and you control every action.

Start Secure ScanRead privacy policy

We do NOT scan bank logins

We analyze receipts and confirmation emails. Your bank credentials never touch our servers.

Permissioned access only

Email access via Google or Microsoft OAuth. Revoke anytime from your Google/Microsoft account.

Minimal storage

We store only what's needed for your dashboard: detected services, breach matches, and deletion tracking.

Core Principle: Minimize Access, Maximize Control

GhostSweep focuses on account signals (sender, subject, timestamps) to build your service list. When you take action, it only happens with your explicit confirmation.

No storing full email bodies.
Deletion emails sent only after you preview and approve.
Disconnect & wipe scan data anytime.

What GhostSweep can access

Permissions are granted via Google OAuth. We request only what's needed.

What we access

Scoped and permissioned. GhostSweep never sees your Google password.

For value scanning

  • Sender addresses
  • Subject lines
  • Body content (transiently scanned, never stored)

For deletion requests (optional)

  • Send deletion emails when you click Start Deletion
  • Track deletion request status

What we never do

  • Sell data or run ads

    You are the customer, not the product.

  • Automatic deletions

    You preview and approve every action.

  • Bulk mailbox export

    No copy of your full mailbox is ever made.

  • Password access

    OAuth means we never see your password.

What we store

Only what's needed to power your dashboard and deletion tracking.

Stored in GhostSweep

  • Account profile

    Email + basic settings.

  • Detected services

    Service/domain + activity indicators.

  • Breach matches

    Services appearing in public breach datasets.

  • Deletion tracking

    Status, timestamps, and progress.

Never stored

  • Email bodies

    Full message content is never kept.

  • Attachments and files

    No PDFs, images, or documents stored.

  • Passwords or credentials

    OAuth only — we never see your password.

Disconnect your email and delete your scan data anytime. We remove all associated records.

How we secure GhostSweep

Encryption

  • Tokens encrypted at rest
  • All traffic over HTTPS / TLS
  • Database encryption at rest

Infrastructure

  • Managed Postgres
  • Restricted admin access
  • Server-side sensitive operations

Access control

  • Least-privilege OAuth scopes
  • Scoped database policies per user
  • No ad trackers selling data

Trusted third parties

Google

Email APIs and OAuth permissions for scanning and optional deletion requests.

Stripe

Handles all payment data. GhostSweep never stores card numbers.

Hosting / Infra

Vercel (frontend) plus managed database infrastructure.

Providers are used only to operate GhostSweep and are not permitted to use your data for advertising or resale.

Your control

Disconnect, delete, and stay in control at all times.

Disconnect anytime

Revoke email access from GhostSweep or your Google/Microsoft account settings.

Delete your data

Remove scan summaries and tracking data from our systems.

Choose how you act

Open provider pages, send emails, or do nothing — your choice.

Email preferences

Control alerts and notifications.

Verify permissions yourself

See exactly what access GhostSweep has from your Google account.

Check OAuth permissions

Report a security issue

Found a vulnerability or privacy issue? Contact us directly.

support@ghostsweep.com

GhostSweep exists to give you visibility and control — not to become another data risk. Questions? support@ghostsweep.com