Legal

Privacy Policy

Effective date: 1 July 2026

1. Who We Are

Horsefly (“we”, “us”, “our”) operates the Horsefly marketing content sampling platform. This Privacy Policy explains how we collect, use, and protect personal data you provide when using the Service. We are the data controller for personal data processed under this policy.

2. Data We Collect

We collect the following categories of personal data:

  • Contact identifiers: email address and/or phone number you submit for ingestion.
  • Usage data: signup sweep results, site names visited, and outcome statuses (e.g. “submitted”, “no_email_field”).
  • Technical data: IP address, browser type, and access timestamps collected automatically via server logs.

We do not collect payment card data directly. This is handled by our third-party payment processor and subject to their privacy practices.

3. How We Use Your Data

We use your personal data to:

  • Perform the signup sweep service you requested (contractual necessity).
  • Store and display your sweep results so you can review and rank them (contractual necessity).
  • Send transactional notifications about sweep status (contractual necessity).
  • Maintain security, debug issues, and improve the Service (legitimate interests).
  • Comply with legal obligations (legal obligation).

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following lawful bases: (a) performance of a contract for processing necessary to deliver the Service; (b) legitimate interests for service improvement and security; and (c) legal obligation where required by law.

5. Data Sharing

We share your data only with:

  • Supabase, our database provider, for storing user records and sweep results (EU/US data processing agreement in place).
  • Resend, our transactional email provider, for sweep notification emails.
  • Third-party websites: your email is submitted to the marketing sign-up forms of sites you select as part of the core Service. Those sites' own privacy policies govern subsequent use.
  • Law enforcement / regulators where we are legally required to do so.

We do not sell your personal data to third parties.

6. Data Retention

We retain your contact identifiers and sweep results for as long as your account is active, plus a period of 90 days after account closure to allow for dispute resolution. Technical log data is retained for up to 30 days. You may request deletion at any time (see Section 8).

7. International Transfers

Our infrastructure is hosted in the EU and US. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses) in accordance with GDPR Chapter V.

8. Your Rights

Under GDPR and UK GDPR you have the right to: access your personal data; rectify inaccurate data; request erasure (“right to be forgotten”); restrict or object to processing; and data portability. To exercise any of these rights, email us at privacy@zanzara.app. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies & Tracking

The Horsefly web interface uses only essential session cookies required for authentication and security. We do not use third-party advertising cookies or tracking pixels. You can control cookies through your browser settings; disabling essential cookies may affect Service functionality.

10. Security

We implement industry-standard security measures including TLS encryption in transit, row-level security policies on our database, and access controls limiting service-role credentials to backend processes only. No method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

11. Children

The Service is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has submitted data, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting an updated version with a new effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact

For any privacy-related enquiries, contact our data team at privacy@zanzara.app.