Data Collection & Usage Disclosure

GhostGuard is designed to provide real-time phishing and impersonation warnings without scanning inbox content and without collecting sensitive user data (except if the user has explicitly enabled this feature). Risk decisions are based primarily on URL/domain signals and on-page security indicators.

To generate warnings, GhostGuard processes the following security-relevant technical signals:

• Visited URLs and domains, including redirect chains (to detect cloaking, phishing kits, and suspicious navigation patterns).
• Domain reputation and infrastructure signals, including domain age and RDAP/WHOIS-derived indicators.
• SSL/TLS and basic security indicators (e.g., unsafe HTTP pages, certificate anomalies).
• Security verdicts / risk labels (e.g., low/high risk) generated as part of the protection flow.

GhostGuard analyzes links shown in supported webmail interfaces and evaluates sender domains as displayed by the webmail UI for phishing/impersonation risk.

GhostGuard does not read or store email content or message bodies (except if the user has explicitly enabled a feature that allows email text analysis for security warnings).

GhostGuard may check URLs/domains against known threat intelligence sources to detect known malicious destinations. When such checks are used, the relevant URL/domain may be queried to complete the lookup.

GhostGuard is built to minimize data exposure. We do not collect:

• Email content or message bodies.
• Passwords, login credentials, authentication codes.
• Payment card data, bank data, checkout form inputs.
• Personal messages or private communications.
• Personal identifiers for advertising or profiling (no tracking).

Processed signals are used only to:

• Provide real-time security warnings and risk indicators before users proceed to a page or enter sensitive information.
• Improve detection logic and maintain security protections (security-only purpose; no advertising).

• No advertising / profiling: We do not sell user data or use it for advertising profiling.
• Infrastructure providers: If any backend services are used to deliver the Service, they are limited to infrastructure/hosting and operated under contract for service delivery only (not for advertising).
• Threat intelligence providers: When threat intelligence checks are used, the relevant URL/domain may be submitted to complete the lookup.

Store listings for GhostGuard indicate that the developer discloses no collection or use of user data and no tracking / no email content access (except if the user has explicitly enabled a feature that allows email text analysis for security warnings) as part of the privacy-first design.