Privacy policy
At Horizons, we take your privacy seriously. This document explains exactly which data we collect, why, and how you stay in control.
Preamble
Horizons commits to comply with the General Data Protection Regulation (GDPR) and Belgian data-protection law. This document explains our data-processing practices in plain language.
1. Data collected
We collect only the following:
- Search-form data: travel style, month, duration, budget, number of travellers, departure airport, destination (in direct mode), weather preference.
- Email address: only if you choose to save your search or join the waitlist.
- Anonymised IP: we truncate your IP to its first 3 octets (e.g. 192.168.1.x). This deters abuse without enabling re-identification.
- Truncated User-Agent: browser and OS, capped at 200 characters, for compatibility metrics.
We never collect: banking data, passwords, precise geolocation, detailed fingerprinting.
2. Processing purposes
- Recommend 3 destinations matching your request
- Email you a recap if you ask for one (magic link)
- Notify you of the official launch if you join the waitlist
- Improve the service via anonymised statistics (search volume, conversions)
- Prevent abuse (rate limiting)
3. Legal basis
Consent: for sending emails (recap, waitlist).
Legitimate interest: for service security and product improvement on anonymised data.
4. Retention period
- Saved searches (magic links): 30 days.
- Anonymised statistics: 12 months.
- Waitlist: indefinitely, until you unsubscribe.
- Server logs: 30 days maximum.
5. Your rights
You have the following rights at any time:
- Right of access: obtain a copy of the data concerning you.
- Right to rectification: correct inaccurate data.
- Right to erasure ("right to be forgotten"): delete all your data.
- Right to portability: receive your data in a readable format.
- Right to object: refuse certain processing.
- Right to withdraw consent: at any time.
6. How to exercise your rights
Email us at [email protected]. We will respond within 30 days at most (often much faster).
In case of disagreement, you may file a complaint with the Belgian Data Protection Authority (APD): autoriteprotectiondonnees.be.
7. Cookies
We use exclusively functional cookies and anonymous audience-measurement cookies. No advertising tracking, no social pixels. You may refuse them at any time without affecting site functionality.
8. Transfers outside the EU
Some of our providers are located outside the EU (Cloudflare, Fly.io, Anthropic in the USA). These transfers are governed by the European Commission's Standard Contractual Clauses, providing protection equivalent to the GDPR.
9. Data security
- All traffic uses HTTPS (TLS 1.3).
- Our databases are encrypted at rest.
- Access to data is strictly limited to the technical team.
- No banking data is stored with us: payments happen directly with our partners.
10. Policy changes
This policy may evolve. The last-update date is shown at the bottom of the page. Any substantial change will be notified by email if you are on the waitlist.
11. DPO contact
Our privacy contact is reachable at: [email protected].
