Privacy Policy

Overview

GhostWall Security ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect your information when you use our services.

Information We Collect

We collect only what's necessary to provide and improve our service:

• Account Information: Email address, company name, and billing details when you sign up
• Network Data: Aggregated threat intelligence and detection patterns (never raw packet data)
• Usage Analytics: How you interact with the dashboard and API (via privacy-focused analytics)
• Technical Logs: System performance metrics and error logs for debugging

What We Don't Collect

We explicitly do NOT collect:

• Raw network packet payloads or sensitive data in transit
• Personally identifiable information from your network traffic
• Browsing history or personal communications
• Any data not essential to threat detection and service operation

How We Use Your Data

Your information is used to:

• Detect and block threats on your network
• Improve our AI models and detection algorithms (using anonymized data)
• Provide customer support and service updates
• Send security alerts and critical notifications
• Process billing and maintain your account

Data Security

We implement industry-standard security measures:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Least-privilege access controls and MFA for internal systems
• SOC 2 Type II compliance (in progress)

Third-Party Services

We use minimal, carefully vetted third-party services:

• Plausible Analytics: Privacy-focused, cookie-less analytics (GDPR compliant)
• Stripe: Payment processing (PCI DSS compliant)
• AWS: Cloud infrastructure with data residency controls

We never sell your data to third parties. Period.

Data Retention

We retain your data only as long as necessary:

• Threat logs: 90 days (configurable up to 1 year for compliance)
• Account data: Duration of your subscription + 30 days
• Billing records: 7 years (legal requirement)

Your Rights

You have the right to:

• Access your data at any time via dashboard export
• Delete your account and associated data (with 30-day grace period)
• Opt out of non-essential communications
• Request a copy of all data we hold about you
• Object to automated decision-making (where applicable)

International Data Transfers

Your data is stored in AWS data centers with residency options for US, EU, and UK regions. We comply with GDPR, CCPA, and relevant data protection regulations.

Changes to This Policy

We'll notify you of material changes via email and dashboard notification 30 days before they take effect. Continued use of the service constitutes acceptance of the updated policy.

Contact Us

Questions or concerns about privacy? Reach out:

• Email: privacy@ghostwall.org
• Security issues: security@ghostwall.org
• General inquiries: founder@ghostwall.org