At Horizon.Pics (Horizon), we take user-privacy extremely seriously. Whenever developing features and handling user information, we always take privacy into consideration. As privacy enthusiasts and activists, we strongly believe that privacy is needed more than ever in today's digital age. The pronouns "we" and "us" represent Horizon.Pics as a whole, including its operators and developers, while the pronoun "you" represents you, the end-user.
Horizon collects user information to operate the service. The following is a list of types of data we collect, as well as the justification.
Horizon uses your username to identify you across the service.
Argon2id Hashed Password
Your password is used for authentication. It is never stored in plaintext, but instead in an irreversible format (hashed).
SHA-512 Hashed IP Address
Your IP address is logged in an irreversibly hashed format to combat against abuse while maintaining privacy.
The timestamp of login and registration is used for anonymous aggregated statistics.
WebAuthn Key Metadata
If opted-in, WebAuthn key metadata will be stored to securely authenticate you, such as identification strings and public keys.
The timestamps of file uploads, short link creations and paste creations are used for anonymous aggregated statistics.
Uploaded Files, Links, Pastes & Associated Metadata
Your uploaded files and associated metadata are persistently stored until deletion so that we can host your files and serve them. All files are stored at rest with HIPAA compliant AES-256 bit encryption.
Server-side encrypted files are encrypted twice, once by the at-rest encryption and another with a key that Horizon does not store. Horizon holds the irreversible Argon2id hashed version of the original encryption key and AES initialization vector. None of this information can be used to reverse engineer or decrypt files without the plaintext encryption password, which is not stored in plaintext on Horizon.
Links are stored so we can redirect users who access them.
Unencrypted paste content is stored so we can host it. Encrypted pastes are stored but cannot be read by anybody, including developers of Horizon, without their encryption/decryption keys. These keys are never stored by Horizon and are solely generated, stored and shown locally.
Your settings are stored so the service can adhere to your customization preferences.
Users may send emails to Horizon for reasons, including, but not limited to, billing and technical inquiries. These emails are encrypted and stored in a GDPR-compliant jurisdiction.
To get information about the behavior of our visitors, we use Ackee. This analytics software gives us insight about our visitors only in general, but not about individuals per se, as it does not track visitors and does not store any personal identifiable information. Go to their documentation to find out what Ackee collects.
We have never and will never sell, rent or sublease our users' personal information to any third party.
With your explicit consent, we may transfer your personal information.
If prompted by a legal entity with a valid warrant and/or subpoena, Horizon may share personal user information with them. If it is legal to do so, we will put out a public announcement on our website and/or social media platforms.
User-uploaded content is retained indefinitely until they are deleted. Users may delete their content at anytime instantly by going into their dashboards. After a file is deleted, it cannot be recovered. We do not keep logs of deleted content.
Personal user information is retained indefinitely until we receive a deletion request. Users may delete their accounts at any time in Settings.
Horizon stores user data securely on servers that have limited access. We take precautions to prevent unauthorized access to user information. For example, sensitive information, such as passwords and IP addresses, are hashed and salted before being stored in our database. Communications between clients and servers, and between servers, are encrypted.
User-uploaded content is securely stored with HIPAA compliant at-rest AES-256 encryption.
Horizon integrates with third party services to allow single sign on (SSO), protect its infrastructure, among other non-exclusive reasons. These services are not directly affiliated with Horizon and posess their own privacy policies.
Horizon allows users to enable Discord integration. Discord integration allows users to log in to Horizon with their Discord account. Discord integration is optional, and users may disable it at any time.
Discord is provided by Discord Inc., a company based in the United States.
Some aspects of Horizon are protected by HCaptcha to prevent spam and abuse. Whenever in use, it is clearly labeled to the user. We do not use "invisible" captchas.
HCaptcha is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI").
Horizon uses Cloudflare to protect its infrastructure against denial of service attacks. Some endpoints may use Cloudflare Turnstile captcha to prevent unauthorized automated requests.
Cloudflare is provided by Cloudflare, Inc., a company based in San Francisco, California in the United States.
Horizon uses Stripe to process payments and subscriptions.
Stripe is provided by Stripe, Inc., a company based in South San Francisco, California in the United States and Dublin, Ireland.
Horizon uses Hetzner for server hosting. Data protection agreements have been signed by both parties.
Hetzner is provided by Hetzner Online GmbH, a company based in Gunzenhausen, Germany.
Horizon uses Backblaze to store user-uploaded content in an encrypted form.
Backblaze is provided by Backblaze, Inc., a company based in San Mateo, California in the United States.
If Horizon knows of any breach or compromise of user information, we will notify users by placing a public announcement on our website and social media platforms within 7 days of discovering the incident.
User information is stored on servers located in Germany and is subject to GDPR guidelines.
Horizon Pics user-uploaded content, including, but not limited to, file uploads, are stored in the Netherlands with server-side encryption and is subject to GDPR guidelines.
Horizon Bio user-content is stored in the United States with server-side encryption.
We regularly back up data to prevent total data loss in the event that a malfunction occurs. These backups are permanently deleted after a maximum of 7 days to protect user privacy.
Horizon does not knowingly collect the personal information of users under the age of 13 years old. If you know of users under the age of 13 using Horizon, please report them to [email protected] immediately. We will then permanently delete their personal information from our systems.
Send an email to con[email protected] and we will be happy to answer your questions.
Policy updated on January 31, 2023.