Privacy Policy

Last updated: 17 April 2026

Welcome to paceghost.io! This Privacy Policy explains how Branco Digital UG (haftungsbeschränkt) (“Branco Digital,” “we,” “us,” or “our”), the operator of the website paceghost.io (the “Service”), collects, uses, shares, and protects your personal data.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). By using our Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for the processing of your personal data is:

Branco Digital UG (haftungsbeschränkt)
Hochstraße 94
52525 Heinsberg
Germany
Email: info@paceghost.io

For our full legal details, please refer to our Imprint.

3. What Personal Data We Collect and Why

We collect personal data in the following ways:

A. Data You Provide Directly to Us:

  • Account Creation Data: When you create an account on paceghost.io, we collect your email address and a hashed version of your password. Purpose: To create and manage your user account, enable you to log in, and communicate with you about your account. Legal Basis (GDPR): Performance of a contract (Art. 6(1)(b) GDPR).
  • URLs for Scanning: When you submit a URL to be scanned and analyzed by our Service. Purpose: To perform the requested website scan and generate an AI compatibility report. Legal Basis (GDPR): Performance of a contract/service (Art. 6(1)(b) GDPR).
  • Communications: If you contact us via email or other channels, we will collect any information you choose to provide. Purpose: To respond to your inquiries and provide customer support. Legal Basis (GDPR): Legitimate interest (Art. 6(1)(f) GDPR); Performance of a contract (Art. 6(1)(b) GDPR) if your inquiry relates to your use of the Service.

B. Data Collected Automatically When You Use the Service:

Usage and log data collected when you access or use our Service may include your IP address, browser type and version, operating system, referring URLs, pages visited, features used, time spent on pages, and timestamps. This data is collected through our servers and third-party services including Supabase and SimpleAnalytics.

Purpose: To operate, maintain, and improve our Service; to monitor usage trends; for security purposes. Legal Basis (GDPR): Legitimate interest (Art. 6(1)(f) GDPR); Performance of a contract (Art. 6(1)(b) GDPR).

C. Data Collected from the Websites We Scan:

When a URL is submitted for analysis, our Playwright microservice extracts publicly accessible content from that website, including text, DOM structure, and screenshots. This data forms the basis of the AI compatibility analysis and the reports generated by paceghost.io. While we do not intend to collect personal data from scanned sites, some may be incidentally included if publicly visible.

Legal Basis (GDPR): Legitimate interest (Art. 6(1)(f) GDPR); Performance of a contract/service (Art. 6(1)(b) GDPR).

4. How We Use Your Personal Data

We use the personal data we collect to:

  • Provide, operate, maintain, and improve the paceghost.io Service.
  • Create and manage your user account and authenticate your access.
  • Process URLs submitted for scanning and generate AI compatibility reports.
  • Display publicly accessible summary reports and full reports accessible to signed-in users.
  • Communicate with you, including service-related notifications and support responses.
  • Monitor and analyze usage trends to enhance functionality and user experience.
  • Prevent fraud, unauthorized access, and enforce our Terms of Service.
  • Comply with applicable legal obligations, court orders, or governmental requests.

5. Cookies and Similar Technologies

Our Service uses cookies and similar technologies to enhance your experience and gather analytics.

  • Strictly Necessary Cookies: Essential for browsing the website and accessing secure areas (e.g., your user account via Supabase authentication). Used based on legitimate interest (Art. 6(1)(f) GDPR) or performance of a contract (Art. 6(1)(b) GDPR).
  • Analytics Cookies/Identifiers: We use SimpleAnalytics to gather aggregated and anonymized statistics. For any analytics identifiers that are not strictly necessary, we rely on your consent (Art. 6(1)(a) GDPR), obtained via our cookie consent banner.

Most web browsers allow you to control cookies through their settings preferences. You can set your browser to block or alert you about cookies, but some parts of the site may then not work.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your personal data with:

  • Service Providers: Trusted third-party companies performing services on our behalf including Supabase (authentication and database), Fly.io (Playwright microservice hosting), and SimpleAnalytics (analytics). These providers only access personal data necessary to perform their tasks and are obligated not to disclose or use it for any other purpose.
  • LLM API Providers: We send publicly accessible website content (text, DOM structure from scanned URLs) to providers such as OpenAI, Anthropic, and Google for AI-driven analysis. We do not send your paceghost.io account personal data to these providers. We encourage you to review their policies for how API-submitted data is handled.
  • Legal Obligations: We may disclose your personal data if required by law or to protect and defend our rights or property.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

7. Data Retention

  • User Account Data: Retained as long as your account is active. Upon account deletion, personal account data is deleted within a reasonable timeframe (e.g., 90 days), unless legally required to retain it longer.
  • Website Scan Data: URLs, extracted content, and generated reports are stored indefinitely to provide the core functionality of paceghost.io. We may review this policy in the future.
  • Usage/Log Data: Retained for a period necessary for security and analysis (typically 12–24 months, or as determined by our analytics providers).

8. Data Security

We implement reasonable technical and organizational security measures to protect your personal data, including encryption (e.g., for passwords via Supabase), access controls, and secure hosting environments. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), primarily the United States, by third-party service providers such as Supabase, Fly.io, LLM API providers, and SimpleAnalytics. We take steps to ensure data is treated securely and in accordance with this Privacy Policy, typically by relying on Standard Contractual Clauses (SCCs).

10. Your Data Protection Rights (GDPR)

If you are a resident of the EEA, you have the following rights:

  • Right of Access: Request copies of your personal data.
  • Right to Rectification: Request correction of inaccurate or incomplete information.
  • Right to Erasure: Request erasure of your personal data, under certain conditions.
  • Right to Restrict Processing: Request restriction of processing, under certain conditions.
  • Right to Object: Object to processing based on our legitimate interests.
  • Right to Data Portability: Request transfer of your data to another organization or directly to you.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at info@paceghost.io. You also have the right to lodge a complaint with a supervisory authority. For users in Germany, the competent authority may be the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

11. Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personally identifiable information from children. If you are a parent or guardian and aware that your child has provided us with personal data, please contact us.

12. Publicly Available Information

Summary reports generated from website scans are made publicly accessible on our website. Full reports are accessible to all signed-in users during the MVP phase. Do not submit URLs for scanning if you do not want information derived from that website to be part of a publicly available report.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. For material changes, we may also provide notice through email or a prominent notice on our Service.

14. Contact Information

If you have any questions about this Privacy Policy, please contact us:

Email: info@paceghost.io

For our full legal details, please refer to our Imprint.