1. Core Philosophy: Zero-Trust Architecture
At Ghostit.online, we believe in privacy by design. We are an anonymization tool, not a data broker. We do not log, store, read, or analyze the text you paste into our platform. Once your browser tab is closed, the processed data is permanently destroyed from our local memory.
2. Processing Engines
We offer two distinct methods for anonymizing your data, putting you in full control of your compliance requirements:
- Local Engine (Default): 100% offline processing. Your text never leaves your browser. The data is matched against our proprietary math patterns and in-memory global databases entirely on your device.
- Cloud API AI: If selected, your text is securely transmitted via encrypted HTTPS to our trusted subprocessor (Google Cloud Platform) to run through advanced NLP models.
3. Subprocessors & Third Parties
To provide advanced AI capabilities, Ghostit utilizes Google LLC as an optional subprocessor for NLP tasks. Additionally, we utilize Namecheap Inc. to provide encrypted, secure cloud infrastructure and database hosting. When using the Cloud API AI mode, Google may temporarily retain the data payload for up to 30 days exclusively for automated abuse and safety monitoring, in accordance with their enterprise API terms. We strongly advise using the Local Engine for classified corporate secrets, strict NDAs, or highly sensitive PHI (Protected Health Information).
Google API Services & Single Sign-On (SSO) Data Usage
To comply with the Google API Services User Data Policy, we explicitly disclose how Ghostit interacts with Google user data when you choose to authenticate via Google SSO:
- Data Accessed: If you choose to log in using Google, Ghostit requests and accesses only your primary Google email address and basic profile information (such as your name) via standard OAuth 2.0 scopes. We do not request access to your Gmail, Google Drive, or any other private Google Workspace data.
- Data Usage & Purpose: The accessed data is used strictly for authentication and identity verification. It allows us to create your Ghostit account, associate it with your subscription tier, and save your custom anonymization dictionary. We do not use your Google data for marketing, profiling, or targeted advertising.
- Data Storage & Sharing: Your email address is stored securely in our encrypted database to maintain your account session. Ghostit does not share, transfer, or sell your Google user data to any third-party brokers or external marketing agencies.
Limited Use Disclosure: Ghostit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
4. User Accounts & Billing
If you create an account, we securely store only your email address, a hashed version of your password, and the custom dictionary words you choose to save. We do not store or process payment information. All billing and subscription management is handled securely by our Merchant of Record, Paddle.com.