We, like you, expect our data to be secure and confidential at all times, and we go to great lengths to ensure that this is always the case. We conduct regular security reviews of our product and infrastructure, and as an open source codebase—of course—we have very public scrutiny of all our practices.
All Ghost(Pro) servers are located in Amsterdam, The Netherlands. We have a publicly available Data Processing Agreement.
The site is staffed 24/7/365 with onsite security to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the datacenter internally. There are biometric readers for access as well as at least two factor authentication to gain access to the building. Each facility is unmarked so as not to draw any additional attention from the outside and adheres to strict local government standards.
If you believe that you have a found a vulnerability in any of our services, please reach out to us directly on security@ghost.org.