GhostSweep

Privacy Policy

Your data. Your control.

GhostSweep is built with privacy-first principles. This policy explains what we collect, how we protect it, and how you stay in control.

Last updated: Dec 13, 2025

Zero-storage scanning

Email bodies are scanned transiently to find value. Never stored.

You control actions

Nothing happens without your explicit approval. Deletion emails only send when you trigger them.

No data selling

We never sell your data. Third parties used only for hosting, billing, and error monitoring.

1. Who we are

GhostSweep is a web application that helps you:

  • Find services linked to your email address via transient inbox analysis.
  • Identify potential breach exposure using breach sources you choose to query.
  • Generate and track account deletion requests across services.

Questions? Contact support@ghostsweep.com

2. Information we collect

2.1 Account information

When you create an account, we collect your email address and authentication details through Supabase Auth.

2.2 Email connection (Google & Microsoft OAuth)

When you connect Gmail or Outlook, we use official OAuth flows to access the data needed for GhostSweep features.

Inbox scanning

Scans transiently to identify gift cards, subscriptions, and receipts. Full email bodies are never stored.

Sending deletions

Deletion emails are sent only when you explicitly trigger them. We only send when you approve.

You can disconnect your email account at any time to revoke access.

2.3 Sweep summaries and service data

We store:

  • Detected services/domains from your inbox signals.
  • Activity indicators (first seen, last seen, message counts).
  • Risk indicators (breached flags and breach metadata).
  • Sweep history (status, progress, timestamps).

2.4 Deletion requests and tracking

We store deletion workflow records:

  • Services you selected for deletion.
  • Deletion method and destination address/link.
  • Status tracking (queued, sent, waiting, follow-up, completed, failed).
  • Timestamps and limited error logs.

GhostSweep helps you send requests and track progress — it doesn't automatically delete accounts.

2.5 Payment information

Payments are processed by Stripe. GhostSweep does not store full card details. We store subscription status, plan, and billing metadata.

2.6 Usage and diagnostic data

We may collect basic technical information (pages visited, device type, performance metrics) to operate and improve GhostSweep. We do not use this data for ads.

3. How we use your information

We use your data to:

  • Run inbox sweeps and display service/breach results.
  • Show account risk indicators and priority signals.
  • Power deletion workflows you initiate.
  • Send service-related emails when relevant.
  • Provide support and respond to issues.
  • Handle billing and subscriptions.
  • Improve accuracy, reliability, security, and user experience.

4. Use of Google and Microsoft user data

GhostSweep's use of information from Google and Microsoft APIs adheres to their respective user data policies: Google API Services User Data Policy and Microsoft Privacy Policy.

  • We use email data to provide features you request.
  • We don't use email data for ads or marketing profiling.
  • We don't sell email data. We only share with service providers as needed.
  • Access is restricted to automated systems and not available for human review except for security/debugging.

You can revoke access anytime

Disconnect your email to revoke tokens. You can also delete sweep and deletion-tracking data anytime.

5. Data retention and deletion

We retain your data while your account is active, unless you request deletion.

  • Delete sweep data from within the app anytime.
  • Delete deletion tracking records from within the app anytime.
  • Disconnect your email to revoke access.
  • Request full account deletion (removes profile, subscriptions, and history).

6. Sharing your information

We do not sell your data. We may share limited information with:

  • Infrastructure providers (database, hosting, serverless).
  • Payment processors (Stripe) for billing.
  • Analytics/logging tools for performance monitoring.
  • Authorities if required by law or valid legal process.

7. Your rights and choices

Depending on your location, you may have rights such as access, correction, deletion, limitation, or portability.

To exercise these rights, contact support@ghostsweep.com

Manage automations

Disable follow-up reminders for deletion requests anytime.

Security choices

Revoke Gmail access, change password, and delete stored data.

8. Security

We use reasonable measures to protect data, including encryption in transit, restricted access, and scoped database policies. No method is 100% secure.

If you believe your account has been compromised, disconnect Gmail, change your password, and contact us.

9. Children's privacy

GhostSweep is not intended for children under 16. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this policy to reflect changes. We will update the "Last updated" date and may notify you in-app or by email for material changes.

Questions?

Contact us

support@ghostsweep.com

Please avoid sending sensitive information (passwords, card numbers) by email.

Back to GhostSweep