GhostWhirl

GhostWhirl
Legal

Privacy Policy

Last updated

GhostWhirl is built around a simple promise: your meetings belong to you. This page explains what we actually collect, why, and what we never do with it. If you read one section, read How meeting data is handled.

Who we are

GhostWhirl (“we”, “us”) is operated by GhostWhirl Inc. The desktop app is distributed for macOS and Windows; the marketing site lives at ghostwhirl.com. For privacy or data-protection questions, email privacy@ghostwhirl.com.

What we collect

Account data

When you sign up we store your email address, a hashed password (or the OAuth identifier you signed in with), and the plan you’re on.

Usage telemetry

The desktop app reports anonymous error traces, version numbers and feature counters (e.g. “meeting started”, “update installed”). We use these to fix bugs and decide what to build next. You can opt out from Settings → Privacy.

Billing data

Payments are processed by Stripe and Razorpay. We never see your card number — Stripe and Razorpay return a customer ID and a token that we store against your account so we can manage your subscription.

How meeting data is handled

This is the part most people care about, so here it is plainly:

  • Audio is processed in short windows on your machine. Raw audio is never written to our servers and never reused for model training.
  • Transcripts are sent to the LLM that answers your question (OpenAI, Anthropic, xAI, Deepgram for transcription). These providers process the request under their own enterprise privacy terms — we never use the request for training and we forward your zero-retention flags where the provider supports them.
  • Saved meetings stay on your device by default. If you sync them to the cloud (optional), we encrypt them at rest with AES-256 and tag them with your account so only you can read them.
  • You can wipe everything in one click. Delete your account from inside the GhostWhirl app (Settings → Account → Delete account) or email privacy@ghostwhirl.com and all account data is purged within 30 days.

Cookies & analytics

The marketing site uses a single first-party cookie to remember your login state and a privacy-friendly analytics provider (no IP storage, no cross-site tracking). The desktop app does not set tracking cookies.

Sharing & subprocessors

We share data only with the third-party services that make the product work — payment processors, LLM providers, transcription providers and infrastructure hosts. The full list lives on our Subprocessors page and is updated whenever it changes. We never sell your data.

Your rights

Depending on where you live (EU/EEA/UK under the GDPR, California under the CCPA, and similar regimes elsewhere), you have the right to:

  • Access the personal data we hold about you.
  • Correct anything that’s wrong.
  • Delete your account and the data attached to it.
  • Export your data in a portable format.
  • Object to or restrict certain processing.

Email privacy@ghostwhirl.com and we’ll action requests within 30 days.

Data retention

We keep account data for as long as your account is active. Telemetry is aggregated after 90 days. Backups are rotated out within 60 days of deletion.

Security

Data in transit is protected with TLS 1.2+. Data at rest is encrypted with AES-256. Production secrets live in an HSM-backed key vault and access is gated by hardware MFA. We follow OWASP top-ten guidance and run quarterly penetration tests.

Children

GhostWhirl is not directed at children under 16. We do not knowingly collect data from anyone under that age.

International transfers

Our infrastructure is hosted in the United States and the European Union. Where data leaves the EU/EEA we rely on the EU Standard Contractual Clauses with our subprocessors.

Changes to this policy

Material changes are announced by email at least 30 days before they take effect, and the “Last updated” date at the top of this page is always the source of truth.

Questions?

Privacy is a feature, not paperwork. If anything here is unclear, tell us.

Email privacyContact us