Product Who it’s for How it works FAQGuidesContact

Privacy Policy

This Privacy Policy explains how ghstops / Cado Holdings OÜ ("ghstops", "we", "us") collects, uses, and protects personal data when you use our services and visit ghstops.com.

Data controller

The data controller responsible for the processing of your personal data under this Privacy Policy is:

ghstops / Cado Holdings OÜ

Pärnamäe tee 28-5, 11914 Tallinn, Estonia. Register code: 11147798, VAT: EE101175669.

If you have any questions about privacy or data protection, you can contact us at privacy@ghstops.com.

Personal data we collect

We process personal data that you provide to us, that is generated when you use ghstops, or that we derive from your connected channels and website snapshots, for example:

  • Account and identification data: email address, name, organisation, authentication data and settings for your ghstops account.
  • Business profile data: information about your company, services, target markets, communication tone and goals that you provide when setting up and using ghstops.
  • Website and content snapshots: copies and structured summaries of publicly available content from your website that we use to understand your business and to generate marketing ideas and drafts.
  • Channel and social data: high-level metrics and content metadata from platforms you choose to connect (such as follower counts, post performance and publishing history), never more than required for the agreed features.
  • Communication data: messages and contact details that you send to us, for example via email or contact forms.
  • Technical and usage data: log files, device and browser information, IP address, timestamps, feature usage and error logs necessary to operate, secure and improve the service.

Purposes of processing

We process personal data only for specified, explicit and legitimate purposes, including:

  • Providing and operating ghstops, including creating and managing user accounts, delivering the agreed functionality and customer support.
  • Communicating with you regarding the service, such as important notices, security alerts, onboarding guidance and changes to our terms and policies.
  • Improving and developing ghstops, including analysing aggregated usage data and feedback to make the product more useful and reliable.
  • Ensuring the security and stability of the service, including preventing abuse, fraud and unauthorised access.
  • Complying with legal obligations and responding to lawful requests from authorities.

Legal bases for processing

Under the EU General Data Protection Regulation (GDPR) we rely on the following legal bases:

  • Performance of a contract: we process data that is necessary to create and maintain your account and to deliver the ghstops service you have requested.
  • Legitimate interest: we process data to operate, secure and improve ghstops in a way that we believe is balanced and does not override your rights and freedoms.
  • Consent: where required, for example for optional marketing communications or certain analytics and channel connections, we rely on your consent, which you can withdraw at any time.

Service providers and data processors

We use carefully selected service providers (data processors) to run ghstops. They process personal data only on our instructions and under data processing agreements, for example:

  • Hosting and infrastructure providers that store the application, databases and backups in the EU or EEA, or under appropriate safeguards.
  • AI providers such as OpenAI, which process text and other content to generate marketing ideas and drafts without using your data to train their public models.
  • AI providers such as Google Gemini, which we may use for selected features (for example creative assistance) under contractual and technical safeguards.
  • Storage and file services that host media or other assets used within ghstops.
  • Email delivery services that send transactional messages such as confirmations, alerts and support replies.
  • Privacy-friendly analytics provider Simple Analytics, which gives us aggregated insights into how ghstops.com is used without tracking individual visitors or using tracking cookies.

International data transfers

Some of our service providers may be located outside the European Union or European Economic Area. In such cases we ensure that appropriate safeguards are in place, such as the use of standard contractual clauses approved by the European Commission or adequacy decisions, and we take additional technical and organisational measures where appropriate.

Data retention

We keep personal data only for as long as it is necessary for the purposes described above or as required by law. In particular:

  • Account and core customer data are retained while you have an active account and for a reasonable period thereafter to handle queries, invoices and legal requirements.
  • Marketing content, drafts and related activity logs are typically retained for up to 24 months unless you request deletion earlier or we are required to keep them longer.
  • Website snapshots and structured summaries are retained as long as they are relevant for your active use of ghstops and may be deleted when no longer needed or upon your request.
  • System backups that may incidentally contain personal data are kept for a limited period (typically 30–90 days) and are automatically overwritten.

Cookies and similar technologies

We use cookies and similar technologies only to the extent necessary to operate and improve ghstops and our website.

  • Essential and functional cookies: these are required for basic functions such as keeping you logged in, maintaining your session, providing security (for example CSRF protection) and remembering your language or interface preferences. You cannot opt out of these cookies without affecting the operation of the service.
  • Analytics: we use Simple Analytics to understand overall usage of ghstops.com. Simple Analytics does not use tracking cookies or collect personally identifiable information, and focuses on privacy-friendly aggregated statistics.

Your rights

As a data subject in the EU/EEA you have several rights in relation to your personal data. Subject to certain conditions and limitations, you may:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion of your personal data, for example when it is no longer necessary for the purposes for which it was collected.
  • Request restriction of processing in certain situations, for example while a complaint is being investigated.
  • Request to receive certain personal data in a structured, commonly used and machine-readable format and to have it transmitted to another controller where technically feasible.
  • Object to processing based on our legitimate interests, including profiling, where we rely on that legal basis.
  • Withdraw your consent at any time where processing is based on consent. This does not affect the lawfulness of processing before the withdrawal.
  • Lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement. In Estonia the supervisory authority is the Estonian Data Protection Inspectorate.

Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. No system can be 100% secure, but we continuously work to keep ghstops reasonably secure and up to date.

How to contact us

If you wish to exercise your rights or have questions about this Privacy Policy or our processing of personal data, you can contact us at privacy@ghstops.com.

Last updated: 10 December 2025