Privacy Policy

Effective date: {{ set when you go live }}

This is a high-level summary of how GhostLogic Forensics ("GhostLogic", "we", "us") handles data. It is not legal advice, and you should review it with your counsel before relying on it in a regulated environment.

1. What GhostLogic does

GhostLogic is a forensic evidence collection and analysis platform. By design, it captures and stores potentially sensitive technical data from systems you control. You are responsible for where you deploy it and what you ask it to capture.

2. Data we process

Depending on how you configure GhostLogic, we may process:

• System and endpoint identifiers (hostnames, IPs, user accounts).
• File metadata and contents related to forensic capture.
• Process, network, and authentication events.
• Configuration data required to operate the platform.
• Basic account and billing data for your team.

GhostLogic does not sell your data. We don't train generic models on your evidence, and we don't share your incident details with third parties without your explicit consent, unless required by law.

3. Customer responsibility

You control:

• Which systems are monitored.
• What data is captured and retained.
• Who in your organization can access GhostLogic.
• How long you keep data, and when you delete it.

You are responsible for configuring GhostLogic in line with your own legal, regulatory, and contractual obligations, including data residency and privacy requirements.

4. Security measures

At a high level, GhostLogic uses:

• Encryption in transit and at rest for all hosted deployments.
• Cryptographic hashing of evidence to detect tampering.
• Access controls and logging on operator actions.
• Segregation between tenants in multi-tenant environments.

Self-hosted deployments are your responsibility. We provide guidance, but you own the security posture of your own infrastructure.

5. Data retention & deletion

Retention policies are configurable at the deployment level. For hosted plans, we will delete or anonymize data in accordance with your contract and applicable law when:

• You request deletion of certain datasets.
• Your contract ends and you do not request continued retention.
• Retention windows expire under your configuration.

6. Third-party services

We use trusted infrastructure and service providers (for example, cloud platforms and payment processors) to operate GhostLogic. Where those providers have access to limited metadata, we select them with security and privacy in mind and use appropriate agreements.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you as an account contact or user. For requests, contact [email protected].

8. Changes

We may update this policy as GhostLogic evolves. When we do, we'll change the effective date above and, where appropriate, notify customers directly.

9. Contact

For questions about this policy, email [email protected] or reach out via the contact form on this site.