PRIVACY POLICY

This Privacy Policy explains how Horizon.Pics ("Horizon," "we," "us") handles user data.

Scope

This policy describes the collection and use of user information by Horizon.Pics. Other services have their own privacy policies that do not apply to Horizon.Pics.

Data Collection

Horizon collects user information to operate the service effectively. Below is a summary of the types of data collected and the purposes for which they are used.

Login & Registration

  • Username: Used to identify you across the service.
  • Email Address: If entered, Horizon will collect your email address for password recovery.
  • Argon2id Hashed Password: Used for authentication; stored in an irreversible format.
  • SHA-512 Hashed IP Address: Logged in an irreversibly hashed format to prevent abuse while maintaining privacy.
  • Timestamp: Used for anonymous aggregated statistics on login and registration.
  • WebAuthn Key Metadata: If opted-in, stored for secure authentication (e.g., identification strings and public keys).
  • Two-Factor Authentication (2FA) Secrets: May be stored to enhance login security.
  • Discord Metadata: If the user connects their Discord account, metadata such as identifiers may be stored for login purposes.

User Content

  • Timestamp: Used for anonymous aggregated statistics of file uploads, short link creations, and paste creations.
  • Uploaded Files, Links, Pastes & Associated Metadata: Stored until deletion to host and serve your content. Files are stored with AES-256 encryption. Encrypted files have an additional layer of encryption not stored by Horizon, using keys known only to the user.
  • Settings: Stored to apply your customization preferences.

Email Communications

Emails sent to Horizon for billing or technical inquiries are encrypted and stored in a GDPR-compliant jurisdiction.

First-Party Metrics

To get information about the behavior of our visitors, we use Ackee. This analytics software gives us insight about our visitors only in general, but not about individuals per se, as it does not track visitors and does not store any personal identifiable information. Go to their documentation to find out what Ackee collects.

Data Sharing

  • No Sale, Rent, or Sublease: We do not sell, rent, or sublease your personal information to third parties.
  • Explicit Consent: Personal information may be shared with your explicit consent.
  • Legal Requirement: If required by law, Horizon may share personal information. We will publicly announce such disclosures if legally permissible.

Data Retention

  • User Content: Retained indefinitely until deleted by the user. Deletion is permanent and irrecoverable.
  • Personal Information: Retained indefinitely until a deletion request is received. Users can delete their accounts via the Settings.

Data Security

User data is securely stored on servers with limited access. We use encryption and hashing (e.g., passwords and IP addresses are hashed and salted) to protect sensitive information. Communication between clients and servers, and between servers, is encrypted. User-uploaded content is stored with AES-256 encryption at least once.

Third-Party Services

Horizon integrates with third-party services for various functionalities, including Single Sign-On (SSO) and infrastructure protection. These services have their own privacy policies.

  • Discord: Allows login via Discord account. Provided by Discord Inc., USA.
  • HCaptcha: Used to prevent spam and abuse. Provided by Intuition Machines, Inc., USA.
  • Cloudflare: Protects against denial-of-service attacks. Provided by Cloudflare, Inc., USA.
  • Stripe: Processes payments and subscriptions. Provided by Stripe, Inc., USA and Ireland.
  • Hetzner: Server hosting. Provided by Hetzner Online GmbH, Germany.
  • Backblaze: Stores user-uploaded content in encrypted form. Provided by Backblaze, Inc., USA.
  • DuckDuckGo: Hosts privacy-friendly favicons. Provided by Duck Duck Go, Inc., USA.
  • Loops: Provides transactional email services. Provided by Astrodon Inc.

Disclosure

In case of a data breach, Horizon will notify users via a public announcement on our website and social media platforms within 7 days of discovering the incident.

Data Processing

  • Location: User information is stored on servers in Germany, subject to GDPR guidelines.
  • Backups: Regular backups are made to prevent data loss, with backups permanently deleted after a maximum of 7 days.

Children's Data

Horizon does not knowingly collect personal information from users under 13. If you are aware of any users under 13, please contact us at contact@horizon.pics for immediate deletion of their information.

Policy Changes

Horizon may update this Privacy Policy from time to time. Changes will be announced on our website and social media platforms within 7 days of the change. The "Last Updated" date will be updated accordingly.

Questions?

If you have any questions, please contact us at contact@horizon.pics.

Policy updated on July 11, 2024.