We take data privacy seriously. This policy explains how we collect, use, and protect your information.
Last updated: January 28, 2026
When you create a Ghost CRM account, we collect your name, email address, company name, and payment information. This information is necessary to provide you with access to our services.
We automatically collect information about how you use our services, including features accessed, time spent, and interactions. This helps us improve our product and provide better support.
You may choose to store customer information, leads, opportunities, and other business data in Ghost CRM. You retain all rights to this data, and we act as a data processor on your behalf.
We collect device information, IP addresses, browser types, and operating systems to ensure security and optimize performance across different platforms.
We use your information to provide, maintain, and improve Ghost CRM services, including AI features, analytics, and integrations.
We may send you service-related emails, product updates, security alerts, and marketing communications (which you can opt out of at any time).
We analyze usage patterns and feedback to enhance features, develop new functionality, and improve user experience.
We use your information to detect fraud, prevent abuse, ensure security, and comply with legal obligations.
We share data with trusted third-party service providers who help us operate our business, including hosting, payment processing, and analytics providers. These providers are contractually required to protect your data.
We may disclose information when required by law, such as in response to subpoenas, court orders, or other legal processes.
If Ghost CRM is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
We may share your information with third parties when you explicitly consent to such sharing, such as when using integrations.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We employ industry-standard security measures to protect your information.
We implement strict access controls and authentication mechanisms to ensure only authorized personnel can access systems and data.
Our security practices are regularly audited by independent third parties. We are SOC 2 Type II certified.
We maintain an incident response plan and will notify affected users in the event of a data breach within 72 hours of discovery.
You have the right to access your personal data and receive a copy in a structured, machine-readable format.
You can update or delete your personal information at any time through your account settings or by contacting support.
We retain your data for as long as your account is active or as needed to provide services. After account deletion, data is retained for 90 days before permanent deletion.
You can opt out of marketing communications at any time by clicking the unsubscribe link in emails or adjusting your account preferences.
We store data in secure facilities located in the United States and European Union. Data may be transferred between regions to provide our services.
For European users, we comply with GDPR requirements and have implemented appropriate safeguards for international data transfers.
We adhere to data protection principles and maintain certifications for cross-border data transfers.
We use cookies necessary for the operation of our services, including authentication and security.
We use analytics tools to understand how users interact with our platform. You can control cookie preferences in your browser settings.
Some integrations may use their own cookies. Please refer to their privacy policies for more information.
Ghost CRM is not intended for use by individuals under 16 years of age. We do not knowingly collect information from children.
If we become aware that we have collected information from a child under 16, we will take steps to delete that information promptly.
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@boocrm.com
Address: Ghost CRM Inc., 123 Market Street, Suite 400, San Francisco, CA 94103
Data Protection Officer: dpo@boocrm.com
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.