Ghostery Plans and Products Privacy Policy

Effective Date: May 26, 2021

I.  Introduction

The Ghostery Plans and Products (“GPP”) are owned by Ghostery GmbH (“Ghostery” or “Company”), which is headquartered at Arabellastrasse 23, 81925 Munich, Germany. The Company, as the responsible body under the German Data Protection Law, takes the protection of your personal data very seriously and will always offer you the GPP and its functionality with your privacy in mind. Ghostery Plans and Products (GPP) are Ghostery’s browser add-ons or extensions, downloadable software applications and tools, and any additional tools or services we provide in connection with our GPP. This Ghostery Plans and Products Privacy Policy (Privacy Policy) tells you which data Ghostery collects, uses or has access to.

We also recognize that the GPP are popular because people want to be informed and empowered. We share the belief that privacy, when done right, is empowering, and that is why privacy is central to the GPP and new functionality that we may add. Therefore, we only collect data to build our products for the benefit of our users and we believe that we as a company should never have any personal data (“Personal Data) about our users unless they affirmatively provide it to us.

The core functionality of the GPP is to inform users what third-party tracking technologies (“Trackers”) are tracking them on any given website or device application so individuals can exercise personal control over that activity by blocking them for a cleaner, faster, safer browsing experience and use of their own devices.

II. Basis to Collect and Use Personal Data

There is no obligation on your part to provide your Personal Data. However, if you do, we have a legitimate interest to collect and use it, namely so we can provide products or services, or complete a transaction with you acc. to Article 6 subsection 1 lit. b), f) GDPR.

III. Notion of Personal Data

Personal Data means any information concerning the personal or material circumstances of an identified or identifiable individual such as name and age. Non-personal data are all data that cannot be used to identify an individual, such as statistics about usage of a website.

IV. What Personal Data are collected

User Account: When you create a user account, we will collect the following Personal Data: name, email address, acc. to Article 6 subsection 1 lit. b), f) GDPR.

Many GPP users had previously requested the ability to open accounts so they can receive product information and also take advantage of new functionality, certain Ghostery products, and higher tiers of service. You are not required to open a user account in order to use GPP with the Basic plan service tier. If you choose to open a user account in this case, you can do so either when you download any of our GPP, or any other time through relevant settings. At any time, you can deactivate your user account, at which time you will no longer have access to the services that a user account offers.

IP-Address: We do not differentiate between static or dynamic IP addresses – that is driven at the user level – but please see the Security section below to learn more about the security measures we take to protect data – including your IP-address – that the GPP collect.

V. How Personal Data are used

The use of the GPP Personal Data that we collect when you open an account is used for: (i) syncing your GPP settings across browsers and devices acc. to Article 6 subsection 1 lit. f) GDPR, (ii) serving as your login credentials acc. to Article 6 subsection 1 lit. b) GDPR, and (iii) communicating directly to you through your email address in order to give you information about our products, services, updates and upgrades (in certain cases for a fee) acc. to Article 6 subsection 1 lit. b), f) GDPR. Our legitimate interest for the data collection acc. to Article 6 subsection 1 lit. f) GDPR are security measures (e.g. keeping the GPP on an updated level) and communication with our users.

IP-addresses are solely collected for geolocation purposes but only on Zip Code level or above (for example city, county, continent) to improve the GPP and our products. We never store IP addresses.

VI. Collection of Non-Personal Data

When you download the Ghostery Browser Extension, Ghostery Insights, or Ghostery Dawn, or other GPP or Ghostery products, we collect on an ongoing basis the following data: web browser; operating systems; language; GPP being used; opt-in settings to share Tracker information with the Company; when an installation, upgrade, or uninstallation occurs; whether the extension or application is active, engaged, or logged-in by you (and associated frequency), and other product-specific telemetry for basic actions or settings. We also collect pings regarding attribution of our own internal marketing efforts and basic Ghostery subscription information, such as what interval subscription is detected.

The use of the aforementioned non-personal data is limited to: (i) communicating through the CMP (see VII.) – since we don’t have your name or email address – in order to share product information or updates and Company news, (ii) for internal analytical purposes such as accurately counting the number of browser extension downloads, (iii) providing the services of the Ghostery Start Tab, which may include sharing of the non-personal data with other Ghostery products you have installed, locally on your device, or (iv) surveying our users from time to time.

Ghostery Dawn also collects pings regarding browser settings, such as whether Dawn is set as the default browser, which search provider is set as the default search option, number of add-ons, and other non-personal data.

VII. The Consumer Messaging Platform (“CMP”)

The CMP is used from time to time as a way for us to effectively and generically communicate to our users acc. to Article 6 subsection 1 lit. b), f) GDPR, while still honoring their privacy. The CMP is automatically turned on, but you can easily turn it off by going to the Ghostery Browser Extension options page and following the instructions provided. If you turn off the CMP, you can still use the GPP, but you won’t receive any generic communications from us.

VIII. Human Web

We developed a technology called Human Web, which is turned on by default in most browsers (but is turned off by default in the Firefox browser), and creates anonymous group models that power the private quick-search, anti-tracking and anti-phishing technologies featured in the Ghostery products and will be soon be featured in the GPP.

Data Collection: In order for Human Web to function we automatically collect non-private URLs, search queries along with search engine results pages, suspicious URLs that could potentially be phishing websites, information related to safe and unsafe trackers, and information related to the prevalence and performance of Trackers.

Data Use: The data that we collect so Human Web can work is anonymized, aggregated and transmitted through the Human Web Proxy Network and used to improve the search, anti-tracking and anti-phishing features in Ghostery technology.

IX. Ghostery Glow and Other Search Options in Ghostery Dawn

You can perform searches, using Ghostery Glow, directly from several places in Ghostery Dawn, including the URL Bar or on a new tab. Ghostery does not receive your search queries. We do receive data about how you engage with search in the Ghostery Dawn and the number of searches you request from our search partners. Query data is sent to your search provider acc. to Article 6 subsection 1 lit. b) GDPR, which has its own privacy policy. Links to our default search providers are:

Search Suggestions: Ghostery Dawn by default sends search queries to your search provider to help you discover common phrases other people have searched for and improve your search experience. These data will not be sent if your selected search provider does not support search suggestions. (This feature can be disabled via the “Search Suggestions” section of the “Search” tab in the browser Preferences)

X. Data Processing Abroad

Although the Company is located in Germany, it partly operates out of the United States. The data we collect, personal or otherwise, are located on servers based in the United States. If you are accessing or using GPP from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you may be allowing the collection or transferring of your personal data in or to the U.S. However, we have a strong data privacy framework in place to ensure an adequate level of protection for your Personal Data.

XI. Data Retention

If you deactivate your user account, the Company retains the collected Personal Data if and for as long as it may be required by law (for example to fulfill retention periods prescribed by law) or judicial order. The Company will use this Personal Data only for those purposes and retains it only as long as prescribed by law. After that the Personal Data will be deleted.

XII. Data Portability & Erasure

In compliance with the GDPR, the Company provides features available in the product menu that allow users to easily download and delete the Personal Data associated with their user accounts.  If users choose to download their information, it will be downloaded as a machine-readable CSV file and will include their name, email address, and your account settings and preferences.  If users choose to delete their account, all Personal Data associated with the account will be completely and permanently deleted from the Company servers.

XIII. Security

The Company has reasonable and appropriate technical, physical and administrative safeguards in place for a company of our size and complexity to protect the data that is collected. Some of the specific security measures we take include instantly hashing the origination IP addresses using very strong encryption technology to protect your privacy, whereupon the collected IP addresses and user agent information is destroyed. In addition, to further preserve your security, the GPP do not collect any information on URLs beyond the path query string.

Technical data for Ghostery Dawn updates and functionality improvements:  Desktop versions of Ghostery Dawn check for browser updates and functionality improvements by persistently connecting to Ghostery servers, Mozilla servers, and Github servers. Mozilla’s privacy policy is linked here, and governs how Mozilla handles any personal data. Github’s privacy policy is linked here and governs how Github handles any personal data.  Your Ghostery Dawn version, language, device operating system, and IP address are transmitted as the servers communicate in order to apply the correct updates acc. to Article 6 subsection 1 lit. b), f) GDPR as we described earlier.  This data is not logged or stored by Ghostery.

Webpage and technical data to Certificate Authorities: When using Ghostery Dawn to visit a secure website (usually identified with a URL starting with “HTTPS”), Ghostery validates the website’s certificate. This may involve Ghostery sending certain information about the website to the Certificate Authority identified by that website. Opting out (via the “Certificates” section of the “Privacy and Security” tab in the browser Preferences) increases the risk of your private information being intercepted.

XIV. Contacting the Company

At any time the user has the right to object any use of his personal data and can do so by writing to the Company at the physical address provided in the beginning of the document or by emailing the Company at If you object will be necessary to prove that you are the owner of the account. The Company has the right to answer your inquiry electronically. Please contact for this and all other inquiries, comments or concerns about these practices by email at

XV. Changes to Privacy Policy

We may occasionally change this Privacy Policy and when we do, we will also revise the “Effective Date” at the top of the Privacy Policy. If we make any material changes to our Privacy Policy, we will inform you via the CMP and, if you opened an account and gave us your email address, then we will also try to contact you through the email address you provided about those material changes. Ultimately, however, it is your responsibility to periodically review this Privacy Policy to stay informed about our data practices and any changes to them. Your continued use of the GPP constitutes your agreement to this Privacy Policy and any changes to it.

XVI. Payments & Subscriptions

We are offering paid subscriptions to use the GPP with a variety of features. There are several subscriptions at different prices charged on a recurring monthly or yearly basis, depending your preference.

We use the payment services provider (PSP) Stripe. If you pay our subscription fees through this service, it is necessary that you enter some personal data (name, address, contact data, GPP login data, financial information). Stripe acts as a data controller and not on our behalf as a processor. We pull some of this information into our product so you can more easily review your subscription, but we do this using the Stripe API and we do not store any of this information ourselves. For further information see Stripes privacy policy:

To calculate the appropriate regional VAT/GST/sales tax for each payment, we use the service Avalara. To calculate the applying taxes Avalara needs some personal data (country, postal code). This is the only information Avalara receives. Based on the postal code, Avalara determines how much tax should be charged and recorded via Stripe.

Stripe will use the Avalara API to calculate a regional VAT/GST/sales tax based on the users’ postal code and then returns the amount of tax that needs to be accounted for on that transaction. Stripe will charge the appropriate amount, tax included, and Avalara will record the amount of tax collected and in which region so that we can report those taxes to the regional governing body. For further information see the privacy policy of Avalara:

XVII. California

For residents of California, please see our Privacy Policy Supplemental Notice – California