Privacy Policy details when using Ghost


I am looking into transferring my blog to Ghost. I’m confused about what to include in my Privacy Policy. Do I use Ghost’s info for the data controller/processor? If so, I’m not sure where to find the contact details required. Additionally, do I use my own address for where the data is collected and processed or do I use Ghosts? Thanks in advance for any help.

First off, this is my opinion and not a legal consultation. On that note, for any bulletproof legal definitions, you should contact a lawyer in your jurisdiction.

But generally, your question is quite broad. A privacy policy is pretty simple, in the end. I always try to include:

  • Who is responsible for data processing (that’s you – not the Ghost Foundation or any other managed hosting provider)
  • What data am I processing?
  • Why am I processing it?
  • Where am I processing it?
  • Who helps me to process it?
  • How can my users find out what data I have saved about them?
  • How can they request to delete that information?
  • What other rights do they have?

A good starting point is this Automattic’s legal documents collection:

1 Like

Thanks so much for the info.