Ghost
ResourcesPricingSecurity
Get started
HomeTerms of Service

On this page

  • Agreement
  • Service description
  • Document redaction
  • Privacy Request Manager
  • Article 30 Register
  • Compliance Hub
  • AI-powered detection
  • Integrations
  • Acceptable use
  • Data retention
  • Limitation of liability
  • Billing, cancellation, and refunds
  • Contact

Terms of Service

The terms governing your use of Ghost.

Last updated April 2026

1. Agreement

By using Ghost, you agree to these Terms of Service. If you do not agree, do not use the service.

2. Service description

Ghost is a privacy compliance platform providing document redaction with AI-powered PII detection, a Article 30 Register (ROPA) for records of processing, a Privacy Request Manager (DSAR/SAR) for privacy request workflows, and a Compliance Hub covering incident management, impact assessments (DPIA/PIA), third-party oversight, legitimate interest assessments, retention schedules, consent records, training records, and policy management. The platform supports individual and multi-user organisation accounts across Free, Pro, and Team tiers, with optional client/matter scoping for organisations managing multiple entities.

3. Document redaction

On all tiers, manual redaction lets you draw redaction boxes in the browser — no document content is sent to our servers. On Pro and Team tiers, when your organisation enables cloud-assisted detection, documents are encrypted before upload and processed in isolated workers for AI-powered PII detection. Encrypted uploads may be stored to support processing, save/resume, and linked workflows. Final redacted exports render and download in your browser.

Redaction session metadata (file name, detection counts, masked previews, and box coordinates) may be stored to support save and resume functionality. We do not retain unmasked PII text or OCR output from the detection pipeline.

4. Privacy Request Manager

The Privacy Request Manager provides case lifecycle tools including public intake forms, identity verification, deadline tracking, task assignment, response templates, multi-file response pack assembly (including packs linked to redaction sessions), secure delivery via time-limited signed URLs, correspondence tracking, and append-only audit logs. Case metadata, tasks, and audit logs are stored in our EU database. Redacted response packs and identity verification documents are stored in encrypted storage (S3) and subject to configurable retention periods.

You are responsible for the accuracy of case data you enter and for complying with applicable data protection law when handling privacy requests, including verifying requester identity and redacting third-party personal data before disclosure.

5. Article 30 Register

The Article 30 Register stores processing activity records in our encrypted EU database. You are responsible for the accuracy and completeness of the records you create. Ghost provides templates and gap analysis to assist you, but these do not constitute legal advice.

6. Compliance Hub

The Compliance Hub provides additional privacy compliance modules, with availability varying by plan tier:

  • Incident register (Team): Log and manage personal data incidents with severity classification, authority notification drafts, deadline tracking with automated reminders, and optional linkage to privacy request cases.
  • Impact assessments (all tiers, limited on Free): Create and manage DPIAs with risk registers, mitigations, processing inventory links, and approval workflows.
  • Third-party register (all tiers, limited on Free): Track third parties and service providers with agreement status.
  • Legitimate Interest Assessments (all tiers, limited on Free): Document and export balancing test outcomes.
  • Retention schedules (Pro and Team): Define and review data category retention periods.
  • Consent records (Team): Track consent and withdrawal events.
  • Training records (Team): Record staff privacy training completion.
  • Policy management (Pro and Team): Manage and export privacy policies and notices.
  • Compliance pack exports (Team): Generate an org-wide compliance ZIP combining incident register, DPIA, and other compliance records for audit or regulatory purposes.

You are responsible for the accuracy of compliance records you create. Templates, gap analysis, and workflow tools are provided to assist you but do not constitute legal advice.

7. AI-powered detection

AI-powered PII detection (available on Pro and Team tiers) uses automated methods including regex pattern matching, validation, and large language model classification. Detection is a suggestion — we do not guarantee accuracy or completeness of PII detection. You are responsible for reviewing all AI suggestions and ensuring redaction results are correct before sharing or disclosing redacted documents.

8. Integrations

On the Team plan, you can configure outbound webhook integrations to Slack, Microsoft Teams, or custom HTTPS endpoints to receive notifications about events such as new privacy requests or incident alerts. You are responsible for the security and data handling practices of any third-party endpoints you configure. We store integration configuration and delivery logs for retry and debugging purposes.

9. Acceptable use

You agree to use Ghost lawfully. You are responsible for ensuring your use complies with applicable laws and that you have the right to process any documents you submit. You may not use the service to violate privacy rights or circumvent security measures. You must not share organisation credentials or allow unauthorised access to your workspace.

10. Data retention

Document content processed via AI detection is auto-deleted immediately after processing. Privacy request case data is retained per your organisation's configured retention period and purged automatically when it expires. Redaction session metadata, Article 30 register records, and Compliance Hub records are retained while your account is active. Compliance pack exports are purged after their download token expires. You can delete individual records at any time. Account data is deleted upon account deletion request. See our Privacy Policy for full retention details.

11. Limitation of liability

Ghost is provided "as is". We do not guarantee accuracy of PII detection, redaction, or any AI-powered suggestions. Templates, gap analysis, compliance modules, and workflow tools are provided to assist you but do not constitute legal advice. You are responsible for reviewing results before sharing redacted documents, responding to privacy requests, or relying on compliance records for regulatory purposes.

12. Billing, cancellation, and refunds

Paid plans (Solo DPO and DPO Team) are billed monthly or annually in advance. If you cancel, your subscription stays active until the end of the current billing period and will not renew automatically.

We do not provide automatic prorated refunds for unused time after cancellation. Refunds are reviewed manually on a case-by-case basis for clear billing mistakes, including duplicate charges, accidental multiple subscriptions, or confirmed payment processing errors.

If you upgrade during a trial, your paid subscription becomes the source of truth for Pro access. Canceling a paid subscription does not restore or extend any prior trial. Team plan seat changes are prorated for the remaining billing period.

13. Contact

For terms inquiries: legal@ghostredact.app

© 2026 Ghost. All rights reserved.
ResourcesPrivacyTermsSecurity