Ghost
ResourcesPricingSecurity
Log inGet started
Privacy-first · Encrypted processing · EU data centres

Redact DSARs in minutes, not afternoons.

Ghost is the AI-native DPO console for EU and UK companies. Upload a subject access request and we detect and redact the PII for you. Article 15 deadlines, the Article 30 register, and DPIAs are built in.

Built to the same data-protection standards as regulated financial software.

Start Free TrialTry the redaction demo

No credit card required · Free for 30 days

Ghost — Privacy workspace
Ghost dashboard: open cases, urgent DSARs, compliance modules, and a programme snapshot of assessments, processing activities, and redactions
AI
PII auto-detection
Client-side
PDF rendering and export
30-day
Article 15 deadline tracked
EU
hosted infrastructure

AI-assisted redaction

The bulk of DSAR work, automated

Upload PDFs, images, or screenshots. Ghost detects PII automatically — names, addresses, IDs, contact details — and proposes redactions you can accept, reject, or refine. Export a clean redacted file in minutes instead of an afternoon. The kind of work that costs paralegal hours; Ghost cancels them.

  • PDFs, images, and screenshots
  • AI-powered PII detection on Pro and Team
  • Batch processing and resumable sessions
Try the redaction demo
Ghost document redaction: PDF workspace with AI-detected PII boxes ready for review

Privacy requests (DSAR/SAR)

Subject access requests from intake to closure

A branded public intake form, identity verification, and the Article 15 / 30-day deadline clock running on every case. Assign tasks, redact attached documents with the built-in tool, assemble response packs, and deliver via secure time-limited links. Every action recorded in an append-only audit log.

  • Public intake forms with identity verification
  • Article 15 deadline tracking with reminders
  • Response pack assembly with redacted attachments
Explore privacy requests
Ghost privacy request manager: case detail with identity verification, tasks, and redacted documents

DPIAs (Article 35)

DPIAs with risk scoring and DPO sign-off

Run Article 35 DPIAs with guided questionnaires, risk registers, mitigation tracking, and structured review flows. Connected to your RoPA so high-risk activities are flagged before they generate a DSAR you didn't budget redaction time for.

  • Article 35 screening and assessment templates
  • Risk registers with mitigation tracking
  • DPO review and sign-off workflow
Explore DPIAs
Ghost DPIA workspace: Risk tab with risk register, likelihood and impact scoring, and mitigations

Records of Processing Activities (RoPA)

Article 30 records that stay audit-ready

Stop managing your Article 30 register in spreadsheets. Guided templates, built-in validation, gap analysis to catch what's missing, and regulator-ready PDF or Excel exports. Annual review reminders keep your register current.

  • Guided templates for common processing activities
  • Gap analysis and completeness scoring
  • PDF and Excel export
Explore the Article 30 register
Ghost RoPA workspace: activities, templates, and audit-ready Article 30 records

See the workspace end to end

A short walkthrough of redaction, DSARs, DPIAs, and the Article 30 register.

Ghost — Product tour

More walkthroughs and guides

For every role on the privacy team

Privacy isn’t one person’s job. Ghost gives every role on the programme the surface they need — on the same record, with the same audit trail.

Data Protection Officers

Move your Article 30 register, DSARs, DPIAs, and breach logs out of email threads and shared drives. One workspace, one audit trail, one source of truth.

Read the DPO brief

Privacy Counsel

Stop reconstructing the record after the fact. Ghost captures the trail of decisions, identity checks, and disclosures as they happen — so when counsel is asked to defend a position, the evidence is already there.

Read the counsel brief

Compliance Leads

Quarterly review is now a deployment gate. Ghost gives compliance leads exportable, regulator-grade evidence pre-mapped to the frameworks supervisors and procurement teams already work with.

Read the compliance brief

Security & Engineering

EU data residency, encryption in transit and at rest, time-limited disclosure links, and an append-only audit trail. Privacy plumbing that doesn’t become the weakest link in your control framework.

Read the security brief

For the sectors with the highest privacy load

Ghost is designed for the teams handling the highest-volume, highest-risk subject access workflows under GDPR and equivalent regimes.

Dental practices (Ireland)

Patient record and subject access requests without the scramble — log, redact, respond within one month, and keep proof of what you sent.

Read the Irish dental brief

Healthcare

Subject access against clinical records, with redaction of third-party identifiers and special-category data. Every disclosure logged against the patient record.

Read the healthcare brief

HR & Employment

Employee DSARs across HRIS, payroll, performance, and grievance files. Redact third parties, track deadlines, and keep the chain of custody clean.

Read the HR brief

Legal & Professional Services

Subject access against matter files with privilege redactions, plus an Article 30 register that survives a regulator inspection.

Read the legal brief

Financial Services

DSARs across KYC, transactions, and complaints files. Built for teams handling subject access alongside AML obligations and supervisory scrutiny.

Read the financial services brief

SaaS & Platforms

Public intake forms, multi-tenant request handling, and webhook export. Built for companies whose customers expect a self-serve privacy experience.

Read the SaaS brief

Public Sector

Subject access workflows for teams handling high request volumes against the public, with mandatory disclosure timelines and audit trails.

Read the public sector brief

Compliance Hub

The privacy ops that go with the redaction

Redaction is the wedge. Everything else — breach response, vendor management, DPIAs, consent, training, retention — is the legal scaffolding that decides what gets redacted in the first place and defends the work when it's challenged.

Breach Register

Log and track personal data breaches with authority notification timelines

DPIAs (Article 35)

Screening criteria, risk registers, and DPO sign-off

Legitimate Interest Assessments

Three-part balancing tests for legitimate interests

Third-Party Register

Track processors, DPA status, and transfer mechanisms

Lawful Basis

Processing activities grouped by lawful basis under GDPR Art. 6

Consent Records

Record consent, track withdrawals, link to your Article 30 register

Staff Training

Track privacy training completions and renewal dates

Policies & Notices

Privacy policies with versioning and review dates

Data Retention

Retention schedules and deletion review tracking

Explore Compliance Hub

Design Partner Program

Co-build Ghost with us

Free access for a small cohort of privacy teams shaping the workspace around real-world workflows. We’re reviewing applications weekly.

Apply to the programRead more

Start your 30-day free trial

Try the full platform free for 30 days — AI-assisted redaction, Article 30 register, DSAR workflows, DPIAs, and the Compliance Hub. No credit card required.

Start Free Trial

FAQ

Frequently asked questions

Privacy compliance for regulated teams.

Built to the same data-protection standards as regulated financial software.

Product
RedactionPricingDemoResources
Guides
How to redact PDFs (GDPR)Privacy request (DSAR/SAR) response guideWhat is PII under GDPRGDPR redaction requirementsFree redaction tool
Tools & sectors
GDPR document redactionRemove PII from PDFEmployee data PDFsProcessing inventory (ROPA) templatePrivacy request (DSAR/SAR) redaction toolIrish dental practicesDental GDPR checklistHealthcare redactionHR document redactionLegal / privacy request redactionAcrobat alternative
Legal
Privacy PolicyTerms of ServiceSecurityCookie Policy
Company
AboutBook a demoHome
© 2026 Ghost. Your GDPR compliance platform.