Privacy Policy

Last updated: 2026-06-17

At Horus we process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

1. Data controller

  • Owner: Isaac Hernández Miranda
  • Tax ID (NIF): 54577035J
  • Address: Rambla Francesc Macià 31, Terrassa (Barcelona), Spain
  • Contact email: support@joinhorus.com
  • Website: https://joinhorus.com

To exercise your data protection rights or any privacy enquiry, write to the email above. We respond within 30 days.

2. Data we collect

2.1 Account data

  • Email, full name and, optionally, agency name
  • Password (stored hashed with bcrypt; never in plain text)
  • Sign-up date and last login

2.2 Usage data

  • IP address and browser user-agent
  • Audit logs: critical actions (login, plan changes, team management)
  • Basic technical metrics to detect errors and fraud

2.3 Content you upload

  • Files: raw video footage, thumbnails, invoices, attachments
  • Text: titles, descriptions, briefs, comments, tags
  • Data about your team and clients (names, emails, roles, payments)

2.4 Payment data

We do not store your card. Payments are processed by Stripe, who is PCI-DSS compliant. We only keep your Stripe customer identifier, the plan you bought and the invoice history.

3. Purposes

  • Provide the Service and grant you access to your account
  • Bill the plan you contracted
  • Send required transactional emails (alerts, receipts)
  • Maintain security and prevent abuse
  • Comply with legal obligations (tax, judicial requirements)

We do not use your data to train AI models, nor sell it, nor share it for third-party advertising.

4. Legal basis for processing

  • Performance of a contract (GDPR art. 6.1.b): account, service usage, billing.
  • Legal obligation (GDPR art. 6.1.c): tax invoicing, judicial requirements.
  • Legitimate interest (GDPR art. 6.1.f): security, fraud detection, technical logs.
  • Consent (GDPR art. 6.1.a): non-essential cookies (Crisp support chat).

5. Who we share your data with

We only share data with providers strictly required to deliver the Service. All of them sign data processing agreements:

  • Hetzner Cloud (server and database, Germany) — hosting.
  • Cloudflare R2 / Cloudflare Inc. (file storage, EU/USA with SCCs) — files you upload.
  • Cloudflare Turnstile (USA with SCCs) — anti-bot protection at signup.
  • Resend (USA with SCCs) — transactional email delivery.
  • Stripe Payments Europe Ltd. (Ireland) — card payment processing.
  • Crisp IM SAS (France, EU) — live support chat in the dashboard. Receives your email, name, role and the messages you send. Their policy: crisp.chat/privacy.

Some providers operate from the USA. International transfers rely on the Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Retention period

  • Active account: while you keep it active.
  • After cancellation: 30 days in case you reactivate; then personal data and files are deleted.
  • Invoices: 4 years per Spanish tax law obligation.
  • Security logs: up to 12 months, then anonymised.

7. Your rights

You have the right to access, rectify, erase, restrict processing, object and to portability of your data. You can also withdraw consent at any time.

You can exercise portability and erasure directly from your dashboard, at Profile → Security → Danger zone:

  • Download my data: exports a JSON with all the personal information tied to your account.
  • Delete my account: permanently removes your account and every piece of data tied to it. If you have an active Stripe subscription it is cancelled immediately.

For other rights, or if you prefer email, contact support@joinhorus.com stating which right you want to exercise and from which account email. We respond within 30 days.

If you believe we don't handle your data correctly, you may lodge a complaint with the Spanish Data Protection Agency (aepd.es) or the supervisory authority in your country of residence.

8. Security

We apply reasonable technical and organisational measures:

  • Passwords hashed with bcrypt
  • HTTPS connections with a valid certificate
  • Daily database backups, encrypted with AES-256
  • Infrastructure access restricted to SSH with key
  • Audit log of critical access

9. Minors

Horus is not aimed at children under 16. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us so we can delete it.

10. Changes to this policy

We may update this policy. We will notify you by email at least 30 days in advance for material changes. The update date is always listed at the top.

11. Cookies

See our Cookie Policy.