Ghost Inspector, Inc.

United States

For active customers, we will store data at their direction in accordance with their configuration of the Services and for as long as they receive the Services. For inactive customers, our default retention period for Information on our Systems shall be [seven (7) years], measured from the service completion date. This default retention period was chosen to align with common governmental record retention requirements for accounting, fiscal and legal purposes. To help our Customers meet the data protection obligations of the countries in which they use the Services (including the General Data Protection Regulation), Ghost Inspector provides a mechanism for our Customers to set their own retention periods for Personal Data processed on our Services. Customer account administrators may initiate within the application, or request the initiation, of deletion of Test Results and Account data. At such time, Ghost Inspector shall remove data from all active databases. A processing period of up to 48 hours may apply when removing Confidential Information from Amazon S3. User accounts can be closed completely and will be removed from the database. Notwithstanding the foregoing, certain Account Data will be Customer accounts will be retained for seven (7) years for business and accounting purposes. This includes business name, address, contact information, invoices, and billing history. This includes an associated account at our payment provider (Stripe).

Prior to destruction of Information, it must be confirmed that there are no litigation or regulatory holds or legal obligations in place that legally prohibit Ghost Inspector from destroying the Information. Our objective with destruction of the Information is to render the Information permanently irretrievable. To maintain the integrity of our Systems and avoid possible negative and unintended consequences of deleting data from relational databases, our technical approach is to overwrite the Information with sanitized data that contains no Personal Data or Confidential Information.

Ghost Inspector is hosted on Amazon Web Services which provides comprehensive security practices for our underlying infrastructure. We follow AWS recommended best practices for architecting in the cloud. See AWS Cloud Security Documentation for more information. Ghost Inspector runs services and stores data in the us-east-1 region located in Northern Virginia, USA. We do offer various global geolocations for test running. These geolocations are not used by default, only when explicitly enabled for your tests. Each geolocation corresponds with a specific AWS region and operates as a network proxy only; it does not run tests or host databases directly.

yes

We handle deletion requests via support and our dedicated DSR request form. Requests are always carried out with a 30 days period (but generally within 24 hours). Data is completely removed, with the exception of data integrated into previously taken database snapshots, which are purged on a rolling period.

no

Auth0

yes

yes

security@ghostinspector.com

no

yes

no

no