Privacy Policy

GhostSign (“GhostSign,” “we,” “us,” or “our”) operates a mobile application that helps users design, run, and reflect on structured self-experiments. This Privacy Policy explains what information we collect, how we use it, how we share it, how long we keep it, and the choices available to you.

By using GhostSign, you agree to the practices described in this Privacy Policy.

We may collect the following categories of information:

Account information

• Email address
• Name or profile details you choose to provide
• Authentication provider information, such as whether you signed in with email, Google, or Sign in with Apple
• If you use Sign in with Apple, Apple may provide a private relay email address instead of your personal email address if you choose to hide it

User-provided content

• Goals, experiment ideas, protocol preferences, notes, and profile context you enter
• Daily check-ins, self-reported metrics, observations, and experiment notes
• Messages and prompts you submit while using GhostSign's AI-powered planning and reporting features

Generated content

• AI-generated experiment briefs, protocol suggestions, summaries, and reports
• Derived app state needed to support planning, cycles, reports, and account features

Usage and diagnostics information

• App events and feature usage
• Session timestamps
• Device type, operating system, and app version
• Error, crash, and performance diagnostics

Subscription and billing information

• Subscription status, trial status, entitlement status, and purchase restoration data
• We do not receive your full payment card details from Apple

Notifications and preferences

• Notification permission status
• Reminder settings and preferred reminder time

We do not currently collect passive biometric, HealthKit, wearable, or sensor-based health data.

We use your information to:

• Create and manage your account
• Authenticate you and maintain your session
• Provide GhostSign's planning, experiment, check-in, and reporting features
• Generate AI-assisted suggestions, summaries, and reports
• Save your progress and synchronize your data across sessions
• Provide subscription and entitlement access
• Improve app quality, reliability, safety, and performance
• Respond to support requests and account-related inquiries
• Comply with legal obligations and enforce our terms

We do not sell your personal information.

We do not use your personal information for third-party advertising targeting.

We share information only as reasonably necessary to operate GhostSign and provide its features.

Service providers and infrastructure

We use third-party service providers to host infrastructure, authenticate users, store data, support subscriptions, and operate the app.

AI and source-retrieval providers

If you use GhostSign's AI-powered or health-cited features, information you submit to those features, including prompts, notes, goals, experiment context, protocol text, and related content, may be sent to third-party providers that help us retrieve relevant sources and generate responses, suggestions, summaries, and reports on our behalf.

Analytics and diagnostics providers

We may share limited usage, event, and diagnostic data with service providers that help us understand product performance, reliability, and feature usage.

Legal and safety disclosures

We may disclose information if required by law, legal process, or to protect the rights, safety, security, and integrity of GhostSign, our users, or others.

GhostSign uses third-party providers to operate core functionality. These may include providers for:

• Authentication
• Cloud hosting and database infrastructure
• Subscription and purchase management
• Source retrieval
• AI processing
• Analytics and diagnostics

At the time of this policy update, GhostSign uses Supabase for backend infrastructure and authentication, RevenueCat for subscription infrastructure, Exa for trusted source retrieval, and third-party AI providers including OpenAI and Google to power certain AI-generated features.

Third-party providers process data under their own terms and privacy commitments as our service providers.

GhostSign uses artificial intelligence and source-retrieval services to help generate experiment ideas, plans, summaries, reports, and health-cited recommendations.

You understand and agree that:

• AI-generated content may be inaccurate, incomplete, or not appropriate for your circumstances
• AI-generated content is provided for informational purposes only
• GhostSign does not guarantee the accuracy, completeness, or suitability of AI-generated content
• Retrieved sources may not be exhaustive or universally applicable to your situation
• You are responsible for how you interpret and use AI-generated content

If you use AI-powered or health-cited features, the content you submit to those features may be processed by third-party providers to retrieve relevant sources and generate results.

GhostSign is not a medical device and does not provide medical advice, diagnosis, or treatment.

GhostSign may present wellness, habit, behavior, or self-experimentation content, but it should not be relied on as a substitute for professional medical judgment or care. If you have questions about your health, symptoms, or treatment, consult a qualified healthcare professional before making medical decisions.

We use analytics and diagnostic tools to understand app usage, improve product quality, monitor reliability, and troubleshoot issues.

This may include:

• App opens
• Feature usage
• Navigation and workflow events
• Subscription state changes
• Error and performance information

We do not use your app activity for cross-app tracking or targeted advertising without consent.

We retain personal information for as long as reasonably necessary to:

• Provide the app and maintain your account
• Support core product features
• Meet legal, security, accounting, and operational obligations
• Resolve disputes and enforce our agreements

If you delete your account, we will delete or de-identify your personal information unless we are required to retain certain data by law or for legitimate security, fraud-prevention, or compliance reasons.

Depending on your location, you may have rights to:

• Access your personal information
• Correct or update your information
• Request deletion of your account and data
• Request export of certain data
• Withdraw consent where processing is based on consent

GhostSign provides in-app account deletion. You may also contact us at support@ghostsign.io for verified privacy requests.

You can request deletion of your GhostSign account and associated data from within the app or by contacting support@ghostsign.io.

Deleting your account will remove access to your GhostSign account and delete associated user data, subject to limited retention required for legal, security, fraud-prevention, accounting, or compliance purposes.

We use reasonable technical and organizational safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and loss. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

GhostSign is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided personal information to GhostSign, contact us at support@ghostsign.io and we will investigate and take appropriate action.

Your information may be processed and stored in countries other than your own, including where our service providers operate. We take reasonable steps to ensure appropriate protections are in place where required by law.

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by updating the effective date above, posting the revised policy, or providing additional notice within the app where appropriate.

Your continued use of GhostSign after an update becomes effective means you accept the revised Privacy Policy, to the extent permitted by law.

If you have questions, requests, or concerns about this Privacy Policy or your data, contact us at: