Phantom Ledger Privacy Notice
Privacy contact: founder@hauntlifesystems.com
Business records
Uploaded records are processed to perform the requested audit, create evidence outputs, operate accounts, prevent abuse, secure the service, support billing, and meet legal obligations.
Tenant isolation
Uploads and reports use tenant and job identifiers. Source filenames are not used as storage paths. Production storage must use the configured private S3-compatible backend and HTTPS.
Evaluation anti-abuse data
The service may normalize an IPv4 address or IPv6 /64 network, then immediately HMAC-hash it with a server secret. Raw IP addresses are not stored in the evaluation-lock table. Similar one-way locks may be created for account, normalized company, business email domain, and uploaded source-document hashes.
Security and access
Files are size-limited, signature-validated, hashed, access-controlled, and optionally malware scanned. Administrative and report access is authenticated and audit logged.
Retention and deletion
Files follow the configured 30-day retention period unless deleted sooner through authenticated controls. Limited payment, security, fraud-prevention, and audit records may be retained where reasonably necessary.
Service providers
Configured providers may include Render, Cloudflare R2, Stripe, SMTP/email delivery, Google Cloud Vision, Cloudflare Turnstile, and ClamAV. See the Subprocessor page for roles.