Terms of Service

Last updated: May 2026

1. Service Description & Disclaimer

Ghostit provides an AI-powered and rule-based text anonymization tool designed to assist users in redacting Personally Identifiable Information (PII) and sensitive corporate data.

  • No Guarantee of Perfection: While our hybrid engines are designed for high accuracy, natural language processing and pattern recognition are not infallible. We do not guarantee 100% detection of all sensitive data.
  • User Responsibility: Ghostit acts strictly as an assistive tool. You, the user, maintain full and final responsibility for reviewing and verifying the redacted output before sharing, publishing, or transmitting any document. Ghostit shall not be held liable for any data leaks, breaches, or damages.

2. Merchant of Record & Billing

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns regarding billing. By purchasing a Ghostit Pro subscription, you also agree to Paddle’s checkout terms and conditions.

3. Refund Policy & SLA

Strict Policy: Ghostit operates on a strict No Refund policy for all subscription charges due to the immediate consumption of server and processing resources upon account activation.

Downtime Exception: The only exception to this policy is a verified system outage. If the Ghostit processing engine experiences continuous downtime exceeding twenty-four (24) consecutive hours, affected Pro users are entitled to request a prorated refund.

4. Acceptable Use Policy

By using Ghostit, you agree not to:

  • Reverse engineer, decompile, or attempt to extract the source code of our local or cloud engines.
  • Use automated bots, scrapers, or scripts to bypass character limits.
  • Use the service to process, hide, or transmit illegal material.

Violation of these rules will result in immediate account termination without refund.

5. Security, Data Processing, and Subprocessors

At Ghostit, transparency and the security of your corporate data are our highest priorities. This section outlines our technical architecture and data handling practices.

5.1 Subprocessors & Infrastructure

Ghostit utilizes authorized third-party vendors (subprocessors) to provide essential infrastructure and AI capabilities.

  • Core Infrastructure: Our web application, user databases, and API endpoints are hosted securely on Namecheap Inc. and MongoDB Cloud.
  • Cloud API AI Engine: When a user explicitly selects the "Cloud API AI" processing mode, the text payload is securely transmitted to our AI subprocessor, Google LLC (Google Cloud Platform / Gemini API).
  • Payment Processing: All subscription and billing data is handled exclusively by Paddle.com acting as our Merchant of Record. Ghostit does not store or process your credit card information.

5.2 Local Engine vs. Cloud Mode Retention

  • Local Engine (Default): When processing text using the Local Engine, the anonymization occurs entirely within the user's local browser memory (RAM). No text payload is transmitted to our servers or any subprocessor. The only data transmitted is a numeric character count for quota enforcement.
  • Cloud Mode Retention: When using the Cloud API AI, text is transmitted via encrypted HTTPS through Ghostit’s paid API infrastructure. While your data is never used for AI model training, our subprocessor (Google LLC) temporarily retains payloads for a limited period solely for automated abuse and safety monitoring, as outlined in their Enterprise API Terms. Ghostit advises using the Local Engine for classified corporate secrets, strict NDAs, or Protected Health Information (PHI).

5.3 Logging Practices (What is Logged vs. What is Not Logged)

  • What we DO NOT log: Ghostit operates on a Zero-Trust architecture. We do not log, store, read, or analyze the original text, the redacted output, or the specific custom dictionary words used during anonymization sessions.
  • What we DO log: To maintain service integrity and enforce billing quotas, our backend solely logs metadata: your Account ID (or hashed IP address for anonymous users), the timestamp of the request, the selected processing mode (Local/Cloud), and the total number of characters processed.

5.4 Data Processing Addendum (DPA) Availability

For Enterprise and Pro subscribers requiring formal documentation for GDPR, CCPA, or internal compliance, a standard Data Processing Addendum (DPA) is available upon request. Please contact our security team at security@ghostit.online to execute the agreement.

6. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Republic of Colombia, without regard to its conflict of law provisions. Any legal action or proceeding arising under these Terms will be brought exclusively in the applicable courts located in Colombia.