PRIVACY POLICY
This Privacy Policy explains how Horizon.Pics ("Horizon," "we," "us") handles user data.
Scope
This policy describes the collection and use of user information by Horizon.Pics. Other
services have their own privacy policies that do not apply to Horizon.Pics.
Data Collection
Horizon collects user information to operate the service effectively. Below is a summary of
the types of data collected and the purposes for which they are used.
Login & Registration
- Username: Used to identify you across the service.
- Email Address: If entered, Horizon will collect your email address for password
recovery.
- Argon2id Hashed Password: Used for authentication; stored in an irreversible
format.
- SHA-512 Hashed IP Address: Logged in an irreversibly hashed format to prevent
abuse while maintaining privacy.
- Timestamp: Used for anonymous aggregated statistics on login and registration.
- WebAuthn Key Metadata: If opted-in, stored for secure authentication (e.g.,
identification strings and public keys).
- Two-Factor Authentication (2FA) Secrets: May be stored to enhance login security.
- Discord Metadata: If the user connects their Discord account, metadata such
as identifiers may be stored for login purposes.
User Content
- Timestamp: Used for anonymous aggregated statistics of file uploads, short
link creations, and paste creations.
- Uploaded Files, Links, Pastes & Associated Metadata: Stored until deletion
to host and serve your content. Files are stored with AES-256 encryption. Encrypted files have
an additional layer of encryption not stored by Horizon, using keys known only to the user.
- Settings: Stored to apply your customization preferences.
Email Communications
Emails sent to Horizon for billing or technical inquiries are encrypted and stored in a
GDPR-compliant jurisdiction.
First-Party Metrics
To get information about the behavior of our visitors, we use
Ackee. This analytics software gives us insight about our visitors only in general, but not
about individuals per se, as it does not track visitors and does not store any personal
identifiable information.
Go to their documentation to find out what Ackee collects.
Data Sharing
- No Sale, Rent, or Sublease: We do not sell, rent, or sublease your personal
information to third parties.
- Explicit Consent: Personal information may be shared with your explicit consent.
- Legal Requirement: If required by law, Horizon may share personal information.
We will publicly announce such disclosures if legally permissible.
Data Retention
- User Content: Retained indefinitely until deleted by the user. Deletion is
permanent and irrecoverable.
- Personal Information: Retained indefinitely until a deletion request is received.
Users can delete their accounts via the Settings.
Data Security
User data is securely stored on servers with limited access. We use encryption and hashing
(e.g., passwords and IP addresses are hashed and salted) to protect sensitive information.
Communication between clients and servers, and between servers, is encrypted. User-uploaded
content is stored with AES-256 encryption at least once.
Third-Party Services
Horizon integrates with third-party services for various functionalities, including Single
Sign-On (SSO) and infrastructure protection. These services have their own privacy policies.
- Discord: Allows login via Discord account. Provided by Discord Inc., USA.
- HCaptcha: Used to prevent spam and abuse. Provided by Intuition Machines,
Inc., USA.
- Cloudflare: Protects against denial-of-service attacks. Provided by Cloudflare,
Inc., USA.
- Stripe: Processes payments and subscriptions. Provided by Stripe, Inc., USA
and Ireland.
- Hetzner: Server hosting. Provided by Hetzner Online GmbH, Germany.
- Backblaze: Stores user-uploaded content in encrypted form. Provided by Backblaze,
Inc., USA.
- DuckDuckGo: Hosts privacy-friendly favicons. Provided by Duck Duck Go, Inc.,
USA.
- Loops: Provides transactional email services. Provided by Astrodon Inc.
Disclosure
In case of a data breach, Horizon will notify users via a public announcement on our website
and social media platforms within 7 days of discovering the incident.
Data Processing
- Location: User information is stored on servers in Germany, subject to GDPR
guidelines.
- Backups: Regular backups are made to prevent data loss, with backups permanently
deleted after a maximum of 7 days.
Children's Data
Horizon does not knowingly collect personal information from users under 13. If you are
aware of any users under 13, please contact us at contact@horizon.pics for immediate
deletion of their information.
Policy Changes
Horizon may update this Privacy Policy from time to time. Changes will be announced on our
website and social media platforms within 7 days of the change. The "Last Updated" date will
be updated accordingly.
Questions?
If you have any questions, please contact us at contact@horizon.pics.
Policy updated on July 11, 2024.