Privacy Policy

GhostView is operated by the GhostView team; the registering legal entity and address will be confirmed before general availability. For privacy questions, contact rob@cartooli.com. An EU/UK representative and Data Protection Officer are not currently appointed; none is required at our present scale.

For data captured on our own site, GhostView is the data controller. For session data captured through the embed on a customer’s website, the customer is the controller and GhostView acts as a data processoron their behalf (see “Data processing & DPA” below).

The GhostView embed script records visitor activity on sites where it is installed. Depending on the customer’s configuration this can include:

• Session recordings and replays of page interactions (clicks, scrolls, navigation, timing).
• Page flow: which pages were visited, in what order, and time spent on each.
• Technical metadata: IP address, approximate location derived from it, browser, operating system, device type, and referrer.
• An auto-generated tester/visitor identifier used to group a single session’s events.

GhostView is designed not to collect directly identifying personal data such as names or email addresses by default. Customers are responsible for masking sensitive form fields and for not deploying the embed on pages where capture would be inappropriate.

We process this data to provide the analytics and session-replay service: to record, store, replay, and synthesize user behavior for the customer who installed the embed, and to operate, secure, and improve the service.

Under the GDPR, the lawful basis is the customer controller’s legitimate interest in understanding product usage, or consent where the customer collects it. The customer is responsible for establishing the correct basis and for obtaining any required end-user consent before the embed runs. For our own website we rely on legitimate interest and, where applicable, consent.

Session data is retained for 12 months or until the customer deletes it or closes their account, whichever is sooner. Customers can export and delete their session data at any time from the dashboard. Backups are purged within 30 days.

We do not sell personal data. We share it only with sub-processors that help us run the service, under contract and on a need-to-know basis:

• Vercel — application hosting and infrastructure.
• Our managed PostgreSQL provider — session and event storage.
• Anthropic — processing session data to generate insights, when AI synthesis is enabled.

A current list of sub-processors is available on request at rob@cartooli.com.

Where data is transferred outside the UK/EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum. Details of transfer mechanisms are available on request.

If you are in the UK or EEA you have the right to access, correct, erase, port, or restrict processing of your personal data, and to object to processing. To exercise these rights, contact rob@cartooli.com. Because GhostView usually acts as a processor for embed data, we may direct your request to the customer who controls that data. You also have the right to complain to your local supervisory authority.

If you are a California resident you have the right to know what personal information is collected, to request its deletion, and to opt out of its sale or sharing. GhostView does not sell or share personal information as those terms are defined under the CCPA/CPRA. To exercise these rights, contact rob@cartooli.com. We will not discriminate against you for exercising them.

When GhostView processes session data on a customer’s behalf, that processing is governed by a Data Processing Agreement (DPA) covering the matters required by Article 28 of the GDPR. A DPA is available to customers on request at rob@cartooli.com.

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated to customers.