Privacy Policy (Ghost Revenue)
This Privacy Policy explains how Ghost Revenue collects and uses personal information through ghostrev.io (the "Site") and related service delivery.
Ghost Revenue is a trading brand of SPATARI DANIEL CONSULTANCY - FZCO, a free zone company licensed by IFZA in Dubai Silicon Oasis (DSO), Dubai, United Arab Emirates (Licence no. 89192, Registration no. 82431). Registered office: IFZA Business Park, DDP, PO Box 342001, Dubai, UAE.
This Privacy Policy should be read alongside the Ghost Revenue Terms of Service and End User License Agreement, available at ghostrev.io.
Contact for privacy requests: support@ghostrev.io
1) What we collect
We collect only what we need to operate and deliver the Services. This may include:
Information you provide:
Your name, email address, phone number, and social handles (for example: Instagram handle) when booking calls or onboarding. Messages and communication content exchanged via email, DMs, or calls. Client-provided business information relevant to delivery (for example: operational metrics, revenue figures, team or process details), shared voluntarily.
Payment information:
Where payments are processed by Whop as Merchant of Record, we do not collect or store your full payment card details, and Whop may provide us limited transaction metadata required for service delivery and access management. Where you pay us directly (for example, by invoice or bank transfer), we receive only the billing details needed to issue and reconcile the invoice, and we do not store full payment card details.
Booking data:
When you book a call through our scheduling system, we receive your name, email address, and booking details (event type, date, and time). This is stored internally and linked to your visit session so we can understand which traffic sources lead to bookings.
Site analytics data (ghostrev.io only):
The following analytics data is collected only through the ghostrev.io website. It does not apply to the Services we deliver, to client systems, or to any platforms we build or manage on your behalf, unless explicitly agreed in writing under separate Project Terms.
We run our own first-party website analytics. No third-party tracking services are used. When you visit the Site, we record page views, scroll depth, button clicks, outbound link clicks, referral source, UTM campaign parameters, device type, and country.
If you arrive from a paid advertisement, we may also capture the ad click ID from your URL (for example: from Google, Meta, TikTok, or Microsoft campaigns) to measure campaign performance. This applies to any current or future advertising platforms we may use.
A random visitor ID is stored in your browser's local storage, and a session ID in session storage. We also store first-touch and last-touch attribution (the source and campaign of your first and most recent visit) in local storage. None of this is linked to your name, email, or any personal account. We do not use it for ad targeting or personal profiling.
We may reconstruct a full timeline of a visitor's activity on the Site, including pages viewed, buttons clicked, scroll depth, calendar interactions, and any bookings made, tied to that visitor's random ID. If a booking occurred, the timeline will include the name and email submitted at booking. This is used internally only to understand how people move through the Site before deciding to book.
We may also process basic technical logs through hosting and security providers to keep the Site secure and functional.
2) Cookies
We do not use advertising cookies.
For functionality and analytics, we use browser local storage and session storage. These store a random visitor ID, session ID, and attribution data (referral source, campaign, and ad click IDs from your first and most recent visit). They are used for site measurement only, not behavioral advertising.
Analytics is off by default and runs only with your consent. On your first visit, a consent banner asks whether you accept analytics. We collect and store analytics data only after you click Accept. If you decline, no analytics data is collected or stored.
We also respect your browser's Do Not Track (DNT) signal. If DNT is enabled, no analytics data is collected, regardless of your consent choice.
You may withdraw consent or opt out at any time by clearing your browser storage for this Site or by contacting us at support@ghostrev.io.
3) How we use information
We use information to:
- Provide and deliver the Services
- Onboard clients and manage access
- Communicate with you (support and project updates)
- Maintain records for operations, accounting, and invoices where applicable
- Improve internal processes and service quality
- Protect against abuse, fraud, and security threats
- Send marketing communications only if you opt in (not currently active, but may be enabled in the future)
4) Legal bases (EEA/UK users)
If you are located in the European Economic Area or the United Kingdom and GDPR applies to your data, we rely on one or more of the following bases:
- Contract performance (to deliver the Services)
- Legitimate interests (operating, securing, and improving the Site and Services)
- Consent (when you opt in to marketing, if enabled)
- Legal obligations (recordkeeping where required)
Our website analytics is designed to be anonymous and generally treated as non-personal data. Where any law treats specific technical elements as personal data, we apply the relevant legal basis and protections.
Ghost Revenue is not established in the EEA or UK. This section is provided as a good-faith disclosure for users in those regions.
5) Sharing and disclosures
We do not sell personal data.
We may share information with service providers ("processors") that help us operate, in the following categories:
- Payment processing and merchant of record services
- Hosting, infrastructure, and database providers
- Communication and collaboration tools (email, messaging, project management)
- Scheduling and booking platforms
- Automation and integration tools
We may also disclose information if required by law, to enforce our Terms, or to protect rights, safety, and security.
Contractors: We may work with contractors. By default, they do not access client personal data beyond minimal public identifiers (for example: name and social handle) unless strictly required for delivery and authorized by us.
6) Third-party links
The Site and Services may contain links to third-party websites and platforms (for example: Whop, Discord, and our booking and scheduling provider). We are not responsible for the privacy practices, content, or security of any third-party sites. We encourage you to review their privacy policies independently.
7) International data transfers
Data may be processed in countries outside the United Arab Emirates depending on where our providers operate (often EU or US). When required, we rely on appropriate safeguards provided by those vendors (for example: standard contractual clauses).
8) Data retention
This Section covers personal data that Ghost Revenue holds about you (such as your name, email, and booking details). Our operational access to your live systems is covered by Terms of Service Section 17, and data stored inside hosted or managed components is covered by EULA Section 12.
We retain personal data for the duration of the engagement plus 2 years, after which it is deleted or anonymized unless we are required to keep certain records for legal, security, or legitimate business purposes.
If you request deletion before that period ends, we will delete or anonymize what we reasonably can. Some records (such as invoices, communications related to disputes, or data needed for legal compliance) may be retained beyond your request.
Anonymous site analytics tied only to a random visitor ID (with no name or email attached) may be retained indefinitely, because it is not personal data. If a booking links a visitor's activity to a real name and email, that visitor's analytics record, including activity from before the booking, becomes personal data and is retained under the same engagement-plus-2-years period above, then deleted or anonymized.
9) Security
We use reasonable security measures to protect personal information, including:
- Two-factor authentication on accounts where available
- Access control and role-based permission hierarchies
- Credentials stored in password managers, not in plaintext
- Encryption in transit (HTTPS) across all systems
- Limiting team and contractor access based on what is needed for delivery
No method of transmission or storage is perfectly secure, but we take protection seriously and review our practices regularly.
10) Data breach notification
In the event of a data breach that affects your personal information, we will notify affected users within a reasonable timeframe and provide information about what data was involved, what steps we are taking, and what you can do to protect yourself. Where required by law, we will also notify the relevant authorities.
11) Your rights
Depending on your location, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Request deletion
- Object to or restrict processing
- Receive a copy of your data (portability)
To request any of the above, email support@ghostrev.io. We may ask you to verify your identity.
12) Children
We do not knowingly collect personal data from children under 13. We also do not offer Services to individuals under 18.
13) Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on the Site and update the "Last updated" date. If changes are material, we will take reasonable steps to notify you.
14) Contact
Support: support@ghostrev.io