Privacy Policy

1. Who we are

Ghosted B.V. operates the ghosted.cool platform from Amsterdam, the Netherlands. We are the data controller for the personal data described in this policy. For any privacy request, write at contact@ghosted.cool.

2. Data we collect

Account data: your email address, name and an encrypted password (or a Google account identifier if you sign in with Google).

Consent records: whether and when you granted GDPR consent at signup.

Ghosting reports: the company, application duration and description you choose to submit.

CV analysis: when you upload a CV, its text is processed in-memory to generate matches and feedback. We do not store the file or its contents after the response is returned.

Technical data: essential cookies needed to keep you signed in and remember your theme and cookie preferences.

3. How we use your data

To provide the service: authentication, displaying your dashboard, and publishing approved reports.

To improve transparency: aggregated, anonymised ghosting metrics shown on company profiles.

We do not sell your personal data, and we do not use it for third-party advertising.

4. Legal bases (GDPR Art. 6)

Consent — collected explicitly at signup and recorded with a timestamp.

Contract — processing necessary to provide the account and features you request.

Legitimate interests — keeping the platform secure and improving aggregate insights, balanced against your rights.

5. Your rights

You have the right to access, rectify, erase, restrict and port your data, and to object to processing. You can withdraw consent at any time.

You can delete your account, profile and all your reports yourself from your dashboard ("Danger zone") — this is immediate and irreversible.

6. Data retention & processors

Account and report data is retained until you delete your account. Authentication and database services are provided by Supabase. CV analysis is performed via the Anthropic API; CV text is sent for analysis only and is not retained by us.