Privacy Policy

---

Effective Date: September 1, 2024 Last Updated: November 1, 2025

Ghostpilot ("we," "us," or "our") operates an AI-powered GEO/AEO platform that helps businesses optimize their online presence. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website (ghostpilot.ai), use our services, or interact with us.

By accessing or using our services, you agree to this Privacy Policy. If you do not agree, please do not use our services.

We collect information in three main ways: (a) information you provide directly, (b) information collected automatically, and (c) information from third parties.

• Account Information: When you sign up, we collect your name, email address, company name, phone number, and payment details.
• GEO/AEO Project Data: Keywords, website URLs, content drafts, performance goals, and any files you upload for analysis.
• Communications: Messages, feedback, or support requests sent via email, chat, or forms.
• Billing Information: Credit card details or other payment method information (processed securely via third-party payment processors).

• Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
• Device & Browser Data: IP address, browser type, operating system, device identifiers, and referring URLs.
• Cookies & Tracking Technologies: We use cookies, pixels, and local storage to improve user experience, track sessions, and deliver personalized content. See Section 7 for details.

• Analytics Providers: Aggregated usage insights from tools like Google Analytics.
• Authentication Services: Data from Google, GitHub, or other OAuth providers if you log in via single sign-on.
• Business Partners: Referrer information or lead data from marketing partners.

We use your data to:

• Provide, maintain, and improve our AI GEO/AEO services.
• Generate GEO/AEO recommendations, content outlines, and performance reports.
• Process payments and manage subscriptions.
• Send transactional emails (e.g., receipts, password resets).
• Communicate marketing updates, product tips, and promotions (you can opt out).
• Detect and prevent fraud, abuse, or security risks.
• Comply with legal obligations and enforce our Terms of Service.

AI Training Note: We do not use your proprietary website content, keywords, or client data to train our public AI models. Your data is used solely to deliver personalized GEO/AEO services unless you explicitly opt in to anonymized research.

We do not sell your personal data. We may share information only in these limited cases:

RecipientPurposeSafeguardsCloud & Infrastructure Providers (e.g., AWS, Google Cloud)Hosting, storage, AI processingEncrypted, SOC 2 compliantPayment Processors (e.g., Stripe)BillingPCI-DSS compliant; we never store full card numbersAnalytics & Support ToolsPlatform improvement, customer supportAnonymized or aggregated dataLegal AuthoritiesCompliance with laws, subpoenas, or court ordersOnly when requiredBusiness TransfersMergers, acquisitions, or asset salesSuccessor bound by this policy  

We implement industry-standard security measures:

• Encryption: Data in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Role-based access, MFA for internal systems.
• Regular Audits: Penetration testing and vulnerability scanning.
• Incident Response: Breach notification within 72 hours if required by law.

Despite our efforts, no system is 100% secure. We cannot guarantee absolute security.

We keep your data only as long as necessary:

• Account Data: Until you delete your account + 90 days for backups.
• GEO/AEO Project Data: Retained for 12 months after project completion, then archived or deleted.
• Billing Records: 7 years for tax compliance.
• Logs: 90 days for security and debugging.

You can request deletion at any time (see Section 9).

Depending on your location, you may have the following rights:

• Access: Request a copy of your data.
• Correction: Update inaccurate information.
• Deletion: Remove your data (subject to legal retention).
• Portability: Receive your data in a machine-readable format.
• Objection/Restriction: Limit certain processing.
• Opt-Out: Unsubscribe from marketing or cookie tracking.

For EU/UK (GDPR) or California (CCPA/CPRA) residents, we provide enhanced rights. Email privacy@ghostpilot.ai with "Privacy Request" in the subject line.

We respond within 30 days (or 45 days for CCPA).

We use the following types of cookies:

Type Purpose Duration Opt-Out Essential Login, security, core functionality Session to 1 year Cannot disable Performance Analytics, load times Up to 2 years Via cookie banner Marketing Retargeting, ad personalization Up to 90 days Via cookie banner 

You can manage preferences via our cookie banner or browser settings. Disabling cookies may limit functionality.

We honor Global Privacy Control (GPC) signals for opt-out of data sales (though we don’t sell data).

Ghostpilot is based in the United States and the UNited Kingdom. If you’re in the EU, UK, or other regions, your data may be transferred to and processed in the U.S. and vice versa.

We use Standard Contractual Clauses (SCCs) and verify adequacy decisions to ensure compliant transfers.

Our services are not for children under 16. We do not knowingly collect data from minors. If discovered, we delete it immediately.

We may update this policy. Significant changes will be notified via:

• Email to account holders
• Banner on our website
• In-app notification

Continued use after changes constitutes acceptance.

For questions, requests, or complaints:

Email: privacy@ghostpilot.ai Mail: Ghostpilot Privacy Office 45

Albemarle Street, Mayfair

London

W1S 4JL

EU Data Protection Officer (DPO) & CCPA Oficer: privacy@ghostpilot.net

Thank you for trusting Ghostpilot with your GEO/AEO success.We’re committed to earning that trust every day.