Site-wide Documents
Privacy Policy
Last updated: December 1, 2025
This Privacy Policy covers the public website, account portal, and marketing pages operated by Visiting Objects (collectively, the "Site"). Each product you subscribe to (e.g., Smart Search for Ghost) has its own Service‑Specific Privacy Notice that supplements this document.
1. Who we are
- Controller: Visiting Objects
- Contact: privacy@visitingobjects.com
2. What information we collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email address, password hash, billing name | Create and secure your portal account |
| Usage data | Page views, IP addresses (truncated to /24), browser metadata | Detect abuse, improve the Site |
| Communication data | Support requests, newsletter opt‑in | Respond to you and send product news |
We do not store full payment‑card numbers; Paddle processes all payments.
3. Cookies
We use essential cookies only:
- Paddle checkout cookies – Fraud prevention and secure checkout (Paddle).
Plausible Analytics is cookie‑less; it stores no personal identifiers.
Cookie Consent: Essential cookies required for site functionality (authentication, security, payment processing) are set automatically. We do not use non-essential cookies for advertising, tracking, or analytics purposes that would require prior consent under EU ePrivacy Directive or UK PECR.
4. Data location
Data is stored in the United States.
Third-party services:
- Payment processing: Paddle
- Analytics: Plausible
5. International transfers
For data transfers outside the EEA or UK, we rely on Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum where applicable.
6. Security measures
- Encryption in transit and at rest.
- Backups retained for 14 days then deleted automatically.
- Regular security reviews and updates.
7. Retention & deletion
- Active account data is kept while the account remains open.
- If you close your account or request erasure, primary‑storage records are deleted within 30 days; related backups fall out of rotation on the next cycle.
8. Your rights
EU/UK Data Subjects (GDPR)
You have the right to:
- Access or rectify personal data (response within 30 days);
- Request deletion;
- Object to processing or request restriction;
- Data portability;
- Lodge a complaint with a supervisory authority.
California Residents (CCPA/CPRA)
California residents have the right to:
- Know what personal information we collect, use, disclose, and sell;
- Access your personal information (up to twice per 12-month period);
- Delete your personal information, subject to certain exceptions;
- Opt-out of the sale or sharing of personal information (we do not sell or share personal information);
- Correct inaccurate personal information;
- Limit use of sensitive personal information (we do not use sensitive personal information for purposes requiring limitation);
- Non-discrimination for exercising your privacy rights.
We do not sell or share personal information as defined by the CCPA. We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA Section 7027(m).
To exercise any right, contact privacy@visitingobjects.com. We will respond within the timeframes required by applicable law.
9. Breach notification
If a personal‑data breach is likely to result in risk to individuals we will notify affected users and regulators within 72 hours of becoming aware, describing scope, impact, mitigation, and contact details.
10. Changes to this Policy
We may revise this Policy. We will post the updated version at least 30 days before it takes effect.