Privacy Policy
Effective date: 2026-05-14 Last updated: 2026-05-14
Disclaimer. This privacy policy is a structural draft authored 2026-05-14. Before public launch, have a lawyer review against the final feature set and the jurisdictions where Horosmith ships.
Who we are
Horosmith ("the app") is operated by Alejandro Carbajo, an individual developer based in Spain (legal_country ES). Contact: [email protected].
Once Spanish autónomo registration is complete, this section will be updated with the registered business name + tax ID. Until then, the data controller is the individual named above.
What this policy covers
This policy describes how Horosmith handles your personal data when you use the app on iOS, Android, macOS, or the web (horosmith.app).
It does NOT cover data that you keep entirely on your own device or sync through your own Apple iCloud or Google Drive account — Horosmith never has access to that data. See "Data we never see" below.
Data we collect
From you, directly
- Authentication metadata — when you sign in with Google or Apple: your email address, display name, and a unique account identifier. Sign-in is optional; the app's core vault works without an account.
- Purchase receipts — when you buy the $79 lifetime tier or the $29 Valuation DLC or the $19/yr Annual Content Refresh through the App Store, Google Play, or direct purchase on horosmith.app, the relevant payment processor (Apple, Google, or Paddle) sends a purchase receipt to our backend so we can grant access. We store the receipt's transaction ID, product ID, and timestamp — never your payment card details.
- Push-notification tokens — if you enable notifications (for service-interval reminders, accuracy-drift alerts, etc.), the operating system gives us an opaque token to deliver pushes through Apple's APNs or Google's FCM. The token does not identify you personally.
Automatically, while using the app
- Crash reports — via Firebase Crashlytics. Includes anonymized stack traces, device model, OS version, app version, and timing data. No personal identifiers attached.
- Basic analytics — anonymized counts of which screens are visited and which features are used, to inform product decisions. No watch data or photo content is included in analytics.
Data we never see
The watch data you create in Horosmith stays on your device:
- Watch records (brand, model, reference, serial, purchase data, etc.)
- Watch photographs (vault photos, service photos, condition photos)
- Service log entries
- Accuracy log entries
- Personal notes
If you sync your vault across your devices, the sync uses your own Apple iCloud Private CloudKit (on Apple devices) or your own Google Drive Private (on Android). These are private clouds operated by Apple and Google for your account; Horosmith never receives, stores, or processes the synced data.
If you generate an insurance-ready PDF or use the manual JSON export, the document is created on your device and sent only where you choose (your email, your insurance agent's email, your printer, your local files). Horosmith never has a copy.
Third-party services we use
| Service | Purpose | Data shared |
|---|---|---|
| Firebase Authentication (Google) | User sign-in | Email, display name, sign-in provider |
| Firebase Crashlytics (Google) | Crash reporting | Anonymized stack traces + device metadata |
| RevenueCat | In-app purchase reconciliation | Purchase receipts, anonymized user ID |
| Stripe | Direct-web payment processing (when used) | Payment card details (handled directly by Stripe; never touches our servers) |
| Paddle | Direct-web payment processing as Merchant of Record (EU + global) | Payment + billing info (handled directly by Paddle) |
| Apple App Store | iOS / macOS in-app purchase processing | Purchase data per Apple's terms |
| Google Play | Android in-app purchase processing | Purchase data per Google's terms |
| Cloudflare | CDN, DNS, DDoS protection for horosmith.app | Standard server logs (IP address, request path, timestamp) |
Each of these is bound by its own privacy policy and contractual data-protection terms with us.
If you purchase the Valuation DLC, the app may query a market-data provider (Chrono24, WatchCharts, or similar) to retrieve current market values. The query includes the watch reference number you're checking; it does NOT include your account identity, your collection's total value, or any photos. The exact provider may change over time and will be disclosed in-app at the moment of the query.
How we use your data
- To provide and improve the app
- To process and reconcile purchases
- To deliver push notifications you've opted into
- To diagnose crashes and bugs
- To comply with legal obligations and respond to legitimate requests
We do not sell your personal data. We do not use your data for advertising. We do not profile you for targeting.
How long we keep it
- Authentication metadata — kept while your account exists; deleted within 30 days of account deletion request
- Purchase receipts — kept for the duration of your entitlement (lifetime tier = indefinitely) for IAP validation; receipts are also an obligation to retain under tax law in many jurisdictions
- Crash reports — Firebase Crashlytics auto-deletes after 90 days
- Push tokens — kept while you have notifications enabled; deleted when you disable
Your rights
Depending on your jurisdiction, you have rights including:
- Access — request a copy of the personal data we hold about you
- Correction — fix inaccurate data
- Deletion — close your account and have associated data deleted
- Portability — receive your data in machine-readable form
- Restriction / objection — limit how we use your data
- Withdraw consent — for any processing based on your consent
To exercise any of these rights, email [email protected]. We aim to respond within 30 days.
European Economic Area / United Kingdom residents have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR. Our lawful basis for processing is typically your consent (sign-in, push opt-in) or contract performance (purchase fulfilment).
California residents have rights under the CCPA / CPRA — same email applies. We do not sell or share personal information in the sense those laws define.
Children
Horosmith is not directed at children under 13 (or under 16 in jurisdictions where that's the minimum digital-consent age). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we'll remove it.
Data transfers
If you're located outside Spain, your data may be transferred to and processed in countries where our service providers operate (primarily the EU, United States, and Ireland for Google / Firebase services). We rely on standard contractual clauses and adequacy decisions where applicable.
Security
We use industry-standard practices: encryption in transit (HTTPS / TLS 1.2+), encryption at rest for stored data, scoped API tokens, principle of least privilege, and regular security review. No system is perfectly secure; if a breach affects your data we'll notify you within 72 hours where legally required.
Changes to this policy
If we materially change this policy we'll update the "Last updated" date above and, where required, notify you in-app or by email at least 30 days before the change takes effect. Continued use of the app after a change indicates acceptance.
Contact
Questions, concerns, requests:
Alejandro Carbajo Email: [email protected] Country: Spain
For GDPR-specific complaints, you also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos) at https://www.aepd.es.