PRIVACY

Your data,yours alone.

No tracker. No ads. No resale. Data hosted in France, subject to GDPR.

1. Hosting

France / European Union. No core data (profile, bikes, hours, service records) ever leaves the EU. No cross-Atlantic replication, no CDN that sees your data.

2. Data collected

Email, profile (nickname, optional club), declared bikes, service records entered, riding sessions (hours, BLE RSSI, device battery level). No continuous location, no ad tracking, no browser fingerprinting.

3. Third parties

Stripe receives strictly what it needs for payment (amount, email, billing address). Our billing provider receives billing data (name, address, VAT number if a business, amounts) to issue the official invoices. Transactional email via our own SMTP. No other resale, no commercial sharing.

4. Cookies

Strictly necessary: session, preferences (theme, language). No analytics or advertising cookies. No burdensome consent solution is required — we set nothing that would call for one.

5. Your GDPR rights

Access, rectification, portability, erasure. “Export my data” and “Delete my account” buttons in the app, under Settings → Privacy. Effective deletion happens 30 days after the request (cancelable grace period), then a full cascade purge.

6. Retention period

Active account: as long as you use it. Deleted account: 30-day grace period then deletion. Invoices: 10 years (legal accounting obligation, hosted at our billing provider, encrypted).

7. DPO contact

dpo@horotag.com. Reply within 30 days maximum (GDPR art. 12). If a complaint remains unresolved, you may refer the matter to the CNIL.