Skip to main content

Privacy Policy

Last updated: March 12, 2026

1. Introduction

Horatius ("we", "us", "our") is a knowledge management platform that helps users save, organize, and reuse context from AI conversations. This Privacy Policy explains how we collect, use, and protect your information when you use our service at horatius.app.

2. Information We Collect

Account Information

When you create an account, we collect your email address and, if you choose to provide it, your display name. If you sign in via GitHub OAuth, we receive your GitHub profile information (username, email, avatar URL, and GitHub numeric ID).

Content You Create

We store the Capsules, Types, and other content you create within the platform. This includes text content, metadata (titles, tags, references), and any file attachments you upload.

File Attachments

Uploaded files are stored in cloud object storage (Cloudflare R2 / S3-compatible storage). Attachments expire after 30 days by default and are automatically deleted.

Usage Data

We collect standard server logs including IP addresses, request timestamps, and user agent strings. We use this data for security, debugging, and service improvement.

API Keys

If you generate API keys for MCP or CLI access, we store a SHA-256 hash of each key. We never store or log raw API keys after initial generation.

3. How We Use Your Information

  • Providing and maintaining the Horatius service
  • Authenticating your identity and securing your account
  • Enabling full-text search across your Capsules using PostgreSQL search indexes
  • Sending transactional emails (password resets, invitations)
  • Diagnosing technical issues and improving service reliability

4. Team and Sharing Features

When you use team features, your Capsules may be visible to team members based on the visibility level you set (self, team_view, team_edit, or link). Share tokens allow anonymous access to individual Capsules; these tokens can be set to expire or have a maximum view count.

5. AI Context and MCP Integration

Horatius integrates with AI assistants via the Model Context Protocol (MCP). When you use MCP tools, your AI assistant sends and receives Capsule data through our API. We do not store your AI conversation history — only the Capsules you explicitly save. We do not use your Capsule content to train AI models.

6. Data Security

We use industry-standard security measures including: encrypted connections (HTTPS/TLS), hashed passwords (bcrypt with salt), hashed API keys (SHA-256), UUID-based identifiers, and multi-tenant data isolation. All database queries are parameterized to prevent SQL injection.

7. Data Retention and Deletion

Your Capsules use soft-deletion — when you delete a Capsule, it is marked as deleted and permanently removed after share tokens expire. File attachments expire and are deleted after 30 days. You can request a full data export or permanent deletion of all your data through the GDPR endpoint or by contacting us.

8. Your Rights

You have the right to:

  • Access all data associated with your account
  • Export your data in a machine-readable format
  • Request deletion of your account and all associated data
  • Correct any inaccurate personal information

9. Third-Party Services

We use the following third-party services:

  • GitHub — OAuth authentication provider
  • Cloudflare R2 — file attachment storage
  • Resend — transactional email delivery
  • Vercel — application hosting and deployment

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at support@horatius.app.