1 Interpretation and Definitions

1.1 Interpretation

The words of which the initial letter is capitalized have meanings defined under the follow-ing conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

1.2 Definitions

Account A unique account created for You to access our Service or parts of our Service.Affiliate An entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other
securities entitled to vote for election of directors or other managing authorities.Application The software program provided by the Company downloaded by You on any electronic device, named Ghostreach Platform. Business For the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of the processing of Consumers’ personal information.Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) Ghostreach, 6427 Kiest Forest, Frisco, TX 75035. For the purpose of the GDPR, the
Company is the Data Controller.Consumer For the purpose of the CCPA, a natural person who is a California resident.Cookies Small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website.Country Texas, United States.Data Controller For the purposes of the GDPR, the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of
Personal Data. Device Any device that can access the Service such as a computer, a cellphone, or a digital device. Do Not Track (DNT) A concept promoted by US regulatory authorities to allow internet users to control the tracking of their online activities across websites. Personal Data Any information that relates to an identified or identifiable individual. For GDPR: any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to Your identity. For CCPA: any information that identifies, relates to, describes or could reasonably be linked, directly or indirectly, with You.Sale (CCPA) Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a Consumer’s personal information to another business or third party for valuable consideration.Service The Application or the Website or both.Service Provider Any natural or legal person who processes the data on behalf of the Company Usage Data Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself. Website Ghostreach, accessible from https://www.ghostreach.ai. You The individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

2 Collecting and Using Your Personal Data

2.1 Types of Data Collected

2.1.1 Personal Data

While using Our Service, We may ask You to provide certain personally identifiable information that can be used to contact or identify You. This may include, but is not limited

to:

• Email address
• First name and last name
• Phone number
• Address, State, Province, ZIP/Postal code, City
• Bank account information (for payment within the Service)

Please do not submit sensitive personal data (e.g., SSNs, driver’s license numbers, passport numbers, health records, unencrypted payment card details). Ghostreach does not collect or store complete credit card numbers; all payment processing is handled securely by third-party vendors.

2.1.2 Payment Data

We may provide paid products and/or services. In that case, we may use third-party services for payment processing (e.g., payment processors). We will not store or collect Your payment card details; that information goes directly to our processors (PCI-DSS compliant).

When You pay via bank transfer, We may ask You for:

• Date of birth
• Passport or National ID card
• Bank card statement
• Other information linking You to an address

2.1.3 Usage Data

Automatically collected when using the Service. May include:

• IP address, browser type and version
• Pages visited, time and date of visit, time spent
• Unique device identifiers, diagnostic data

On mobile devices, we may also collect:

• Device type and unique ID
• Mobile operating system
• Mobile browser type
• Other diagnostic data

2.2 Tracking Technologies and Cookies

We use Cookies and similar technologies to track activity and store information. These may include:

• Browser Cookies: Small files placed on Your device. You can refuse them via browser settings.
• Flash Cookies: Local shared objects not managed by browser settings. See https://helpx.adobe.com/flash-player/kb/disable-local-shared-objectsflash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting-local-shared_objects_.
• Web Beacons: Small electronic files (clear gifs, pixel tags) that count users or verify system integrity.

Cookies can be “Persistent” or “Session” Cookies (deleted on browser close). We use both.Necessary / Essential Cookies Session; Administered by Us; enable core features and authentication. Cookies Policy / Notice Acceptance Cookies Persistent; Administered by Us; identify if You’ve accepted cookie use. Functionality Cookies Persistent; Administered by Us; remember Your preferences (login,language).Tracking and Performance Cookies Persistent; Administered by Third-Parties; track traffic and test features.For more on cookies and Your choices, see our Cookies Policy or the Cookies section of this Privacy Policy.

3 Use of Your Personal Data

The Company may use Personal Data to:

• Provide and maintain our Service, including usage monitoring.
• Manage Your Account and registration.
• Perform contracts for products or services You purchase.
• Contact You (email, phone, SMS, push notifications) for updates and communications.
• Send news, special offers, and general information (consent-based; includes unsubscribe link).
• Manage Your requests to Us.
• Evaluate or conduct business transfers (merger, acquisition, bankruptcy).
• Other purposes: data analysis, trends, marketing effectiveness, service improvement.

We may share Your data with:

• Service Providers (payment processors, analytics).
• Affiliates (parent, subsidiaries, joint ventures).
• Business partners.
• Other users when You interact in public areas.
• With Your consent for other purposes.

4 Retention of Your Personal Data

We retain Personal Data only as long as necessary for the purposes outlined, legal compliance, dispute resolution, and enforcement of agreements. Usage Data is retained for internal analysis, typically shorter unless needed for security or legal requirements.

5 Transfer of Your Personal Data

Your data may be processed at Company offices or elsewhere where our partners operate. Transfers outside Your jurisdiction are protected by adequate controls to ensure security and compliance.

6 Disclosure of Your Personal Data

Your data may be processed at Company offices or elsewhere where our partners operate. Transfers outside Your jurisdiction are protected by adequate controls to ensure security and compliance.

6.1 Business Transactions

If the Company is involved in merger, acquisition, or sale of assets, Your data may be transferred. We will notify You before any such transfer.

6.2 Law Enforcement

We may disclose Your data if required by law or valid government requests.

6.3 Other Legal Requirements

We may disclose data to:

• Comply with legal obligations.
• Protect and defend Company rights or property.
• Prevent or investigate wrongdoing.
• Protect personal safety of Users or the public.
• Protect against legal liability.

7 Security of Your Personal Data

We use commercially acceptable measures (access controls, encryption, vulnerability management) but cannot guarantee absolute security. Ghostreach does not transmit or publish illegal, deceptive, or threatening content.

8 Detailed Information on the Processing of Your Personal Data

Our Service Providers may access Your Personal Data under their own privacy policies.

8.1 Analytics

We use third-party providers to monitor and analyze Service usage.

8.2 Google Analytics

Google Analytics tracks and reports website traffic. Data may be used by Google to personalize ads. You can opt out via the Google Analytics opt-out add-on or your device settings.

See:

• https://policies.google.com/privacy
• https://policies.google.com/privacy

9 GDPR Privacy

9.1 Legal Basis for Processing Personal Data under GDPR

We may process under:

• Consent
• Performance of a contract
• Legal obligations
• Vital interests
• Public interests
• Legitimate interests

9.2 Your Rights under the GDPR

You have the right to:

• Request access to, update, or delete Your Personal Data.
• Request correction of inaccurate data.
• Object to processing based on legitimate interests or direct marketing.
• Request erasure when no longer needed.
• Request data transfer in machine-readable format.
• Withdraw consent at any time.

9.3 Exercising Your GDPR Data Protection Rights

Contact Us to exercise these rights. We may verify Your identity before responding.

10 CCPA Privacy

This section supplements the Privacy Policy for California residents.

10.1 Categories of Personal Information Collected

We may collect:

Category A: Identifiers Name, alias, postal address, IP, email, account name, driver’s li-

cense, passport, etc. (Collected: Yes)

Category B: Public Records Info Name, signature, SSN, physical description, address, phone, passport, etc. (Collected: Yes)

Category C: Protected Characteristics Age, race, color, ancestry, etc. (Collected: No)

Category D: Commercial Information Purchase history, considered products/services. (Collected: Yes)

Category E: Biometric Info Fingerprints, voiceprints, iris scans. (Collected: No)

Category F: Internet Activity Interaction with our Service or ads. (Collected: Yes)

Category G: Geolocation Approximate physical location. (Collected: No)

Category H: Sensory Data Audio, electronic, visual, thermal, olfactory info. (Collected: No)

Category I: Employment Info Job history, performance evaluations. (Collected: No)

Category J: Education Records Grades, transcripts, student schedules. (Collected: No)

Category K: Inferences Profile reflecting preferences, behavior, attitudes. (Collected: No)

10.2 Use of Personal Information for Business or Commercial Purposes

We may use/disclose info to operate our Service, provide support, fulfill purchases, respond

to law enforcement, internal auditing, detect security incidents, and more as described in

“Use of Your Personal Data.”

10.3 Disclosure of Personal Information for Business or Commercial Purposes

We may have disclosed in the last 12 months:

• Category A: Identifiers
• Category B: Public Records Info
• Category D: Commercial Information
• Category F: Internet Activity

10.4 Sale of Personal Information

We do not sell personal information.

10.5 Share of Personal Information

We may share info with Service Providers, payment processors, affiliates, business partners,

and third parties You authorize.

10.6 Your Rights under the CCPA

California residents have the right to:

• Notice of data collection and purposes.
• Request disclosure of categories and specific pieces of personal information.
• Opt-out of sale of personal information.
• Request deletion of personal information (subject to exceptions).
• Not be discriminated against for exercising rights.

10.7 Exercising Your CCPA Data Protection Rights

To exercise rights, contact Us:

• By email: hello@ghostreach.ai
• By mail: 6427 Kiest Forest, Frisco, TX 75035

Only You or an authorized agent may make requests. Requests must: reasonably verify Your identity and describe Your request in detail. We will respond within 45 days (extendable once by 45 days).

10.8 Your California Privacy Rights (Shine the Light)

California residents can request once per year information about how we share data for direct marketing.

10.9 California Privacy Rights for Minor Users

Under 18 registered users may request removal of publicly posted content. We will comply as required by law.

10.10 Do Not Sell My Personal Information

You have the right to opt-out of sale; we do not sell personal information. Opt-out is browser-specific.

10.11 Website Opt-Out Links

• NAI’s opt-out: http://www.networkadvertising.org/choices/
• EDAA’s opt-out: http://www.youronlinechoices.com/
• DAA’s opt-out: http://optout.aboutads.info/?c=2&lang=EN

10.12 Mobile Devices

• “Opt out of Interest-Based Ads”/“Ads Personalization” on Android.
• “Limit Ad Tracking” on iOS.

You can also stop location collection via device settings.

10.13 Do Not Track (CalOPPA)

Our Service does not respond to DNT signals. Some third parties may track You; configure Your browser settings as needed.

10.14 Children’s Privacy

Services are not for children under 13; we do not knowingly collect their data. Under CCPA, we do not sell data of consumers under 16 without opt-in consent.

10.15 Links to Other Websites

Our Service may link to third-party sites. We have no control over their content or policies. We strongly advise You to review their Privacy Policies.

10.16 Changes to this Privacy Policy

We may update this policy. We will notify You by posting the new Privacy Policy on this page, email, or prominent notice. Changes are effective when posted.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By email: hello@ghostreach.ai

We include a link to this Privacy Policy in all commercial email campaigns.