Privacy Policy
Last updated: June 29, 2026 · Effective: June 29, 2026
This Privacy Policy explains how HornostAI (“HornostAI”, “we”, “us”) collects, uses, shares, and protects personal data when you visit hornostai.com or interact with our AI assistant on the messaging channels of the businesses that use our service. We are committed to processing personal data lawfully, fairly, and transparently.
1. Who we are & our role
HornostAI provides an AI agent that helps online businesses communicate with their customers on Instagram and Telegram, take orders, arrange shipping, and accept payments.
- For visitors to this website, HornostAI acts as the data controller.
- For end-customer conversations handled on behalf of a business that uses our platform, that business is the controller and HornostAI acts as a data processor, processing data under that business’s instructions.
2. Information we collect
2.1 Conversation data
Messages you send and receive in Instagram Direct or Telegram so that the AI agent can respond and assist you.
2.2 Order & contact data
Name, phone number, delivery city and post office/branch, and order contents needed to fulfil a purchase.
2.3 Payment data
We do not store card details. Payments are processed by third-party payment providers; we receive only the payment status.
2.4 Technical & usage data
Basic server logs (e.g. IP address, browser type, timestamps) used for security, diagnostics, and abuse prevention. This website does not use advertising or analytics trackers.
3. How we use personal data
- to respond to enquiries and hold conversations across messaging channels;
- to create, process, and fulfil orders (shipping and payment);
- to send service messages related to your order;
- to operate, secure, maintain, and improve our service;
- to comply with legal obligations and enforce our terms.
4. Legal bases for processing (GDPR)
Where the GDPR applies, we rely on the following legal bases under Article 6:
- Performance of a contract — to handle your enquiry and complete your order;
- Legitimate interests — to secure and improve the service, prevent abuse (balanced against your rights);
- Legal obligation — to meet accounting, tax, and other statutory requirements;
- Consent — where specifically requested; you may withdraw consent at any time.
5. Sharing & sub-processors
We share personal data only with service providers necessary to operate the service, and only to the extent required:
- Meta Platforms, Inc. (Instagram) and Telegram — messaging delivery;
- Nova Poshta — creating and tracking shipments;
- Payment providers (e.g. Monobank, LiqPay) — processing online payments;
- Hosting & infrastructure (e.g. Railway, Supabase) — running the service and storing data;
- AI model providers (e.g. Anthropic) — generating the agent’s responses.
We may also disclose data where required by law. We do not sell your personal data.
6. International data transfers
Some providers are located outside your country (including the United States). Where personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision, as applicable.
7. Data retention
We retain personal data only for as long as necessary for the purposes described above and to comply with legal obligations, after which it is deleted or anonymised. Retention periods depend on the type of data and the applicable legal requirements.
8. Security
We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS), restricted access, and secure storage of secrets. No method of transmission or storage is completely secure, but we work to protect your data on an ongoing basis.
9. Your rights
Subject to applicable law, you may have the right to:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data (“right to be forgotten”);
- restrict or object to processing;
- data portability — receive your data in a portable format;
- withdraw consent at any time, without affecting prior processing;
- lodge a complaint with your local data protection authority.
If you are a California resident, you may also have rights under the CCPA/CPRA, including the right to know, delete, and opt out of the “sale” or “sharing” of personal information (we do not sell personal information), and the right not to be discriminated against for exercising your rights.
10. Children’s privacy
Our service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Cookies
This website does not use advertising or tracking cookies. Only strictly necessary technical storage required for the page to function may be used.
12. Changes to this Policy
We may update this Policy from time to time. The current version is always available on this page with the “Last updated” date above. Material changes will be highlighted where appropriate.
13. Contact
For any privacy questions or requests, contact us at privacy@hornostai.com or on Instagram @hornost.ai.