Privacy Policy

Last updated: March 2026

What we scan

Djoji Ghost Protocol runs passive, external-only security checks on domain names you provide. This means we only look at information that is publicly accessible on the internet — the same information anyone can see without special access. We do not access your servers, databases, or internal systems.

Information we collect

  • Email address (when you join the waitlist or create an account)
  • Domain names you submit for scanning
  • Scan results (stored to provide your report and score history)
  • Usage data (pages visited, scan frequency) — anonymized
  • IP address (for rate limiting only, not stored long-term)

How we use your data

  • To provide scan results and generate your Ghost Report
  • To send you security alerts and score change notifications (if opted in)
  • To improve our scanning accuracy and finding quality
  • To generate aggregated, anonymized industry benchmarks (no individual data shared)

Data storage

Your data is stored in Supabase (PostgreSQL) hosted in Frankfurt, EU (eu-central-1). Scan results are retained for 12 months from the date of scan. You may request deletion at any time by emailing privacy@djoji.com.

Third-party services

  • Clerk — authentication (email/OAuth)
  • Supabase — database storage
  • Vercel — frontend hosting
  • Resend — transactional email
  • Anthropic Claude — AI narrative generation on scan results

Domain names and scan findings are sent to Anthropic for narrative generation. No personally identifiable information beyond the domain name is included in these requests.

Scanning third-party domains

Free passive scans use only publicly available DNS, WHOIS, SSL, and HTTP header data. This information is already publicly accessible and its collection does not require domain ownership. Active scanning (deeper tests) requires domain ownership verification.

Your rights

You may request access to, correction of, or deletion of your personal data at any time. Contact us at privacy@djoji.com. We will respond within 30 days.

Contact

Djoji Ghost Protocol · hello@djoji.com