Privacy Policy

Last updated: March 3, 2026

1Introduction

GhostChat ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our live chat widget service.

2Information We Collect

2.1 Information You Provide

When you sign up for GhostChat, we collect:

•Email address
•Password (encrypted)
•Website domain(s)

2.2 Chat Messages

We store chat messages exchanged between website visitors and site owners. Messages are stored securely and are only accessible to the site owner who created the account.

2.3 Technical Information

We automatically collect certain technical information, including:

•IP addresses (for security and abuse prevention)
•Browser type and version
•Session identifiers (stored in localStorage, not cookies)

3Zero Tracking, Zero Cookies

Does not use cookies

We use localStorage for session management only

Does not track users

No analytics, no fingerprinting, no cross-site tracking

4How We Use Your Information

•To provide and maintain the Service
•To send email notifications when visitors message your site (via Resend)
•To process payments (via Stripe — we do not store credit card details)
•To respond to support requests
•To detect and prevent abuse or fraud

5Third-Party Services

We use the following third-party services to operate GhostChat:

•Supabase — database hosting (PostgreSQL). Stores account data and chat messages.
•Cloudflare — edge network. Hosts the widget and WebSocket connections.
•Stripe — payment processing. Handles all billing; we never see or store card numbers.
•Resend — transactional email. Sends chat notification emails.
•Vercel — website hosting. Serves the marketing site and dashboard.
•Google Cloud Translation — auto-translate (Business plan only). Translates chat messages between visitor and agent languages. Message text is sent to Google's API for translation; no other data is shared.

We do NOT use Google Analytics, Facebook Pixel, or any advertising trackers.

6Data Storage and Security

•Data is stored in Supabase (PostgreSQL) hosted in the US
•Chat sessions use Cloudflare Durable Objects (edge-distributed)
•Passwords are hashed with bcrypt
•All connections use HTTPS/WSS encryption
•We implement reasonable security measures but cannot guarantee absolute security

7Data Retention

•Free plan: conversation history retained for 30 days
•Pro plan: conversation history retained for 1 year
•Business plan: conversation history retained indefinitely
•Account data is retained until you delete your account
•You can request deletion of all your data by contacting us

8Visitor Data (Widget Users)

•The widget does NOT set cookies
•Session IDs are stored in localStorage (browser-local, not sent to third parties)
•Visitor email addresses are only collected if the visitor voluntarily provides them
•Visitor IP addresses are visible to site owners via Cloudflare headers for abuse prevention
•We do NOT build profiles, fingerprint browsers, or track visitors across sites

9Your Rights

•Access: Request a copy of your data
•Correction: Request correction of inaccurate data
•Deletion: Request deletion of your account and all associated data
•Portability: Export your contacts and conversations (CSV export available in dashboard)

To exercise these rights, please contact us via our contact page.

10Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us through our contact page.