Privacy Policy

This Privacy Policy explains how Ghostly Solutions L.L.C-FZ (“Ghostly Solutions”, “we”, “us”, “our”) processes information when you use GhostGuard (the “Service”), including the GhostGuard browser extension and our related websites and support channels.

GhostGuard is built with a privacy-first approach. By default, it focuses on security warnings based on link/domain risk and does not read or store email content.

Data Controller: Ghostly Solutions L.L.C-FZ

Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates

Contact: general@ghostlysolutions.ae
Support: ghostguard.support@ghostlysolutions.ae

This Privacy Policy applies to:

• the GhostGuard browser extension; and
• GhostGuard-related websites (including GhostGuard pages hosted under Ghostly Solutions domains).

• Security-only purpose: data is processed to detect phishing, impersonation, scams, and malicious destinations and to present warnings.
• No advertising profiling: we do not sell personal data or use it for advertising targeting.
• Data minimization: we aim to process only what is needed to provide security warnings.

A) Data processed for security warnings (extension)

GhostGuard may process the following security-relevant technical signals:

• Visited URLs and domains, including redirect chains (to detect cloaking and suspicious navigation patterns).
• Domain/infrastructure indicators (e.g., reputation signals derived from domain and infrastructure characteristics).
• Basic page/security indicators (e.g., SSL/TLS and other risk signals visible during browsing).
• Security verdicts / risk labels generated by GhostGuard (e.g., low/high risk).

B) Webmail signals (links + sender domain)

GhostGuard can analyze links displayed in supported webmail interfaces and evaluate sender domains as shown by the webmail UI to warn about phishing/impersonation attempts.

• Email content (default behavior): GhostGuard does not read or store email content or message bodies by default.
• Email text analysis (user-enabled feature): If you explicitly enable an email text analysis feature, GhostGuard may analyze limited email text (for example, subject line and/or message text visible in the webmail interface) solely to provide security warnings. This is optional and user-controlled.

C) Threat intelligence lookups

GhostGuard may check URLs/domains against known threat intelligence sources to detect known malicious destinations. Where used, the relevant URL/domain may be submitted to complete the lookup.

D) Support communications (when you contact us)

If you contact support, we may process:

• your email address and contact details;
• the content of your support request; and
• diagnostic details you choose to share (e.g., screenshots, URLs, timestamps).

E) Website data (GhostGuard / Ghostly Solutions sites)

Our websites may process typical web data such as:

• IP address, device/browser type, and basic logs;
• cookies/local storage for essential site functionality; and
• optional analytics (if enabled on the site).

GhostGuard is designed so we do not collect:

• email content/message bodies;
• passwords, login credentials, or authentication codes;
• payment card details (purchases are handled by browser stores/payment providers, where applicable);
• personal identifiers for advertising profiling.

(Note: if you enable optional features that require additional processing, the scope of processing can expand as described in this policy.)

We use processed information to:

• provide real-time security warnings and risk indicators before you proceed or enter sensitive information;
• maintain, troubleshoot, and improve GhostGuard’s security protections;
• prevent abuse, fraud, or misuse of our systems; and
• provide customer support.

We do not use GhostGuard-processed data for advertising targeting.

Depending on your location and how you use the Service, we may rely on:

• Performance of a contract (to provide the Service you request);
• Legitimate interests (security, fraud prevention, service reliability);
• Consent (for optional features such as email text analysis, and for optional cookies/analytics where required);
• Legal obligations (compliance, lawful requests).

We may share limited information only as needed to operate the Service:

• Infrastructure/service providers (hosting, security, operational tooling) under contract and confidentiality;
• Threat intelligence providers for URL/domain lookups (where used);
• Legal compliance if required by law, lawful requests, or to protect rights and safety.

We do not sell personal data and do not share it for advertising profiling.

We retain data only as long as necessary for the purposes described above. Support communications may be retained for a reasonable period to resolve issues and maintain support history.

If security logs exist, we aim to retain them for the minimum period necessary for security operations and troubleshooting.

We use reasonable technical and organizational measures to protect the Service and information processed, including access controls and security best practices. No method of transmission or storage is 100% secure.

Your information may be processed in the UAE and other jurisdictions where our providers operate. Where required, we use appropriate safeguards for international transfers.

Depending on your jurisdiction, you may have rights to:

• access, correct, delete, or port your personal data;
• object to or restrict certain processing; and
• withdraw consent (including disabling optional features such as email text analysis).

You can also:

• uninstall the extension at any time;
• manage extension permissions via your browser settings; and
• disable optional features within GhostGuard settings (where available).

We may update this Privacy Policy from time to time. We will update the “Last updated” date and may provide additional notice where required.