Privacy Policy
GhostCard is built on a simple idea: your spending is your business, not ours. We believe you should be able to make payments without trading away your privacy. Our overriding policy is to collect as little personal data as possible to ensure you have a private user experience.
This page lays out our privacy philosophy in plain language, followed by our core commitments and the formal details of how we protect your data and your rights.
Privacy in Plain Language – Minimal Data by Design
Data We Collect (and Why)
We only ask for the information that’s absolutely necessary to run GhostCard safely and legally. This includes basic account details (like your name and email), verification info required by law (for example, identity documents to satisfy KYC/AML regulations), and payment information needed to issue and use your GhostCard. We might also collect some technical data (like device type or error logs) to ensure the app runs smoothly. Every piece of data we collect has a clear purpose – if we don’t truly need it, we don’t collect it.
What We Don’t Collect or Do
Anything not essential to providing the GhostCard service is not collected. We do not track the details of what you purchase or where you shop beyond the basics needed for the transaction. We do not monitor your behavior to build a marketing profile, and we do not gather extraneous personal details (like your browsing history or unrelated demographics). In short, GhostCard has no interest in spying on your shopping habits – we just make your payments work.
How We Handle & Protect Data
When you do entrust us with data, we handle it with the same care as a bank or security-focused company. All sensitive information is transmitted and stored using strong encryption and modern security practices. We protect your personal data from loss, theft, or misuse by using firewalls, secure servers, and access controls. Even within our small team, access to personal data is tightly limited to only those who need it to support you or maintain the service. Privacy and security are at the core of everything we do.
Third-Party Partners
We will rely on some trusted partners, but each is held to our strict privacy standards. For example, we work with a regulated payment card issuer/bank to actually issue the “ghost” cards and process transactions, and with an identity verification provider to help confirm who you are when you sign up (as required by law). These partners only receive the information necessary for their part of the process – nothing more. The card issuer gets the data needed to authorise and process your card transactions (and to meet financial regulations), and the KYC provider only gets info needed to verify your ID. All such partners are GDPR-compliant and contractually bound to use your data only for the services we require from them, under strict confidentiality. They cannot use your information for their own purposes – and if they ever fail to meet our privacy requirements, we won’t work with them.
Our Core Privacy Commitments
No Tracking
GhostCard does not track your purchases or monitor your activity to target ads or offers. We don’t follow you around the internet with cookies, and we don’t embed third-party trackers in our app. The only “tracking” we do is keeping basic transaction records for your own account history and receipts, as required to run the service. Outside of that, we leave no trail – use GhostCard with the peace of mind that we aren’t watching what you buy or where you go online.
No Profiling
We do not create profiles of you based on your spending behaviour. GhostCard doesn’t analyse your transactions to categorise you or predict your interests. We don’t leverage your data to personalise marketing, and we certainly don’t do things like credit scoring or behavioral modeling of our users. Every user is simply a GhostCard user, not an advertising target. Your financial habits remain your private matter.
No Selling Data
We will never sell your personal information to anyone, and we don’t share it with advertisers or data brokers. Unlike some companies that treat user data as an asset, GhostCard’s stance is firm: your data is not for sale. The only time your data is ever shared is to provide our service (as described above) or if we are legally compelled to (for instance, a court order), and in those cases it’s only with the appropriate parties and under strict circumstances
Transparent Use & Control
We are completely transparent about what data we have and how we use it. This Privacy page (and our full policy below) details exactly what we collect and why. There’s no hidden agenda – if we use or keep data, you’ll know about it. Moreover, you remain in control of your information. You can request access to your data at any time, and you can ask us to delete or correct it as well. We give you easy ways to exercise your rights (see Your Data Rights below), and we never keep your data longer than necessary.
Compliance and Data Protection (Legal Details)
GhostCard and its partners adhere to all applicable UK data protection laws, including the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We operate on the principles of legality, fairness, and transparency in all data practices. In plain terms, that means we only process your personal data when we have a valid reason, such as: to fulfill our service to you (e.g. processing your card transactions), to comply with our legal obligations (e.g. anti-fraud and anti-money laundering rules), or with your consent when applicable. We are fully GDPR compliant, using appropriate safeguards to ensure your data is protected to European standards.
Secure Storage & Transfers: All personal data is stored securely, often in encrypted form, on servers located in the UK or other jurisdictions with strong data protection laws. We use industry-leading security measures (encryption, multi-factor authentication, etc.) to guard your information. Our systems are regularly tested and adhere to financial industry security standards (for example, we meet or exceed PCI DSS requirements for handling payment data). If we ever need to transfer data outside the UK/EEA (for example, to a service provider in another country), we ensure lawful transfer mechanisms are in place (such as Standard Contractual Clauses) so that your data receives the same level of protection as it would at home.
Data Retention: We keep your personal data only for as long as necessary to fulfill the purposes we collected it for, including any legal, accounting, or reporting requirements. In practice, this means we retain your data while you have an active GhostCard account and for a period after that if required by law. For instance, financial regulations might mandate that we retain transaction records or identity verification data for a certain minimum period. We do not keep your information indefinitely “just because.” When data is no longer needed for the stated purposes, we delete it or anonymize it. In short, we don’t store personal data we don’t need.
Third-Party Compliance: Any third-party service providers that assist us (such as our card issuer or cloud hosting providers) are held to the same legal standards. We only partner with regulated institutions and reputable service providers who meet strict security requirements and comply with GDPR or equivalent laws. They are only permitted to use your data to perform the services we’ve requested (for example, processing a payment or sending an email on our behalf), and for no other purpose. We have contracts in place to ensure they protect your data and maintain confidentiality.
Your Data Rights
Under GDPR and UK law, you have robust rights regarding your personal data, and GhostCard is committed to upholding them. In particular, you have the right to:
Access Your Data: You can request a copy of the personal information we hold about you. We will provide this in a common format, free of charge, within the legally required time frame.
Rectification: If any of your information is inaccurate or out-of-date, you have the right to have it corrected or updated. You can update basic info directly in your account settings, or contact us for assistance.
Erasure: Commonly known as the “right to be forgotten,” you can ask us to delete your personal data. If you close your GhostCard account, you can request full deletion of your data. We will erase what we can, provided we’re not required to keep it for legal reasons (for example, we may need to retain certain transaction records to comply with financial regulations, but we’ll inform you of such requirements if applicable).
Restriction & Objection: You can ask us to stop using your data in certain ways. For instance, you have the right to object to any processing for direct marketing (note: GhostCard does not currently do any marketing profiling or outreach based on your data). If you request, we will cease any use of your data that isn’t required for the service or legal compliance. You can also request that we temporarily restrict processing your data if you contest its accuracy or have other concerns, until we address your questions.
Data Portability: You have the right to obtain your data in a portable format. If you need your GhostCard data exported (for example, a CSV of your transactions or account details), let us know and we will provide it in a structured, commonly used format that you can take elsewhere.
Complaints: If you have concerns about how we handle your data, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). Of course, we’d appreciate the chance to address your concerns first – and we’re confident we can resolve most issues – but the law guarantees you this avenue. We will fully cooperate with any inquiries by data protection authorities.
To exercise any of these rights, you can contact us at any time (hello@ghostcard.co.uk). We will respond promptly and work to address your request in accordance with the law. There’s no fee for making a request regarding your rights, and we’re here to help ensure you feel in control of your information.
Changes to this policy
If we ever make significant changes to our privacy practices, we will update this page and notify you in a clear and timely manner. We aim to earn and maintain your trust through honesty and transparency. Thank you for choosing GhostCard – privacy-first payment controls that put you first, every time.
Ghost your advertisers through private payments.
Be one of the first 1,000 to join and get a £5 preloaded GhostCard after launch. Subject to Terms and Conditions.