Privacy Policy

Effective: June 5, 2026

1. Information We Collect

GhostHost collects information you provide directly: name, email address, property listing URLs, monthly revenue figures, and platform access credentials when you authorize API connections to Airbnb, Vrbo, Booking.com, or Turnkey.

We also collect usage data: how you interact with the GhostHost dashboard, email engagement (opens, clicks, replies), and revenue metrics for properties under management.

2. How We Use Your Information

• Provide and improve the GhostHost Service
• Calculate revenue lift and generate invoices
• Communicate with you about your account and properties
• Send outreach emails and track responses (on behalf of property owners)
• Detect and prevent fraud or abuse

We never sell your personal data or revenue information to third parties.

3. Property and Revenue Data

Your revenue figures, listing performance data, and financial metrics are stored securely and used solely for calculating GhostHost's service fee and generating your reports. This data is never shared with advertisers, data brokers, or any third party outside of the GhostHost platform.

4. Platform API Access

When you authorize GhostHost to connect to Airbnb, Vrbo, Booking.com, or Turnkey, we access only the data necessary to manage your listings: calendar, pricing, messaging, and reviews. We do not access or store your personal payment information from these platforms. You can revoke API access at any time through your platform dashboard.

5. Cookies and Tracking

GhostHost uses functional cookies to keep you logged in and remember your preferences. We also use anonymous analytics to understand how visitors use our site. You can decline non-essential cookies via the cookie consent banner. We do not use cross-site tracking or third-party advertising cookies.

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we delete your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes). Revenue data is retained for 7 years for billing and dispute resolution.

7. Data Security

We use encryption (TLS 1.2+) for all data in transit and AES-256 for data at rest. Access to customer data is restricted to GhostHost personnel who need it to operate the Service. We undergo regular security reviews and penetration testing.

8. Your Rights

You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) delete your account and data; (d) export your data in a portable format; (e) object to certain processing. To exercise these rights, contact us at privacy@ghosthost.one.

9. Children's Privacy

GhostHost does not knowingly collect information from individuals under 18 years of age. Our Service is intended for property owners and managers, not children.

10. International Data Transfers

GhostHost is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US, which may have different data protection laws than your jurisdiction.

11. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email at least 30 days before they take effect. The date of the last update is always shown at the top of this page.

12. Contact

Questions or concerns about your privacy? Email privacy@ghosthost.one. We respond to all privacy requests within 14 days.