1. Our Commitment
GhostRate is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
2. Lawful Basis for Processing
- Contract performance (Article 6(1)(b)): Processing account data is necessary to deliver the service.
- Legitimate interest (Article 6(1)(f)): Security logging and fraud prevention.
- Consent (Article 6(1)(a)): Analytics cookies require explicit consent.
- Legal obligation (Article 6(1)(c)): Financial records retention.
3. Data Subject Rights
Right of Access (Article 15)
Email [email protected] with "Data Access Request". We respond within 30 days.
Right to Rectification (Article 16)
Update your info in dashboard settings or contact [email protected].
Right to Erasure (Article 17)
Email [email protected] with "Erasure Request". Deletion within 30 days.
Right to Data Portability (Article 20)
Contact [email protected] to request a data export.
Right to Object (Article 21)
Email [email protected] to object to processing based on legitimate interest.
Right to Restrict Processing (Article 18)
Contact [email protected] to submit a restriction request.
4. Data Protection Officer
Contact: [email protected]. Response within 5 business days.
5. International Data Transfers
Data processed on AWS EU (eu-west-1). Transfers outside EEA use Standard Contractual Clauses.
6. Breach Notification
We notify the supervisory authority within 72 hours per GDPR Article 33.
7. Anonymous Feedback and GDPR
Anonymous response data falls outside GDPR scope — it is technically impossible to link it to an identifiable individual. The Identity Firewall enforces this architecturally.