Legal

Privacy Policy

Last updated: May 7, 2026

1. Introduction

Houd ("Houd", "we", "us", "our") operates the website platform available at houd.ai. This Privacy Policy describes how we collect, use, store, and disclose personal data when you access or use our services, and explains your rights in relation to that data.

By using Houd, you acknowledge that you have read and understood this policy. If you do not agree with our practices, please discontinue use of the service. For questions, contact us at legal@houd.ai.

2. Data we collect

We collect the following categories of personal data:

  • Identity and contact data. Name, email address, and any other information you provide when creating or updating your account.
  • Account and usage data. Login activity, feature usage, dashboard interactions, session data, and device/browser information collected for security, support, and product improvement purposes.
  • Website content. Content, images, configuration, and files you upload or create as part of building and publishing your site on our platform.
  • Payment data. Payment processing is handled exclusively by Stripe, Inc. We do not store card numbers or full payment credentials. We may receive non-sensitive billing metadata (e.g. last four digits, billing country, invoice status) from Stripe for account management purposes.
  • Communications. Records of correspondence when you contact us for support, billing, or other inquiries.
  • Technical data. IP addresses, log data, and error reports collected for the purpose of maintaining platform security and stability.

3. Legal basis for processing

We process your personal data on the following legal bases under the GDPR:

  • Contract performance. Processing necessary to provide the service you have signed up for, including account management, hosting, and billing.
  • Legitimate interests. Processing for fraud prevention, security monitoring, product analytics, and service improvement, where these interests are not overridden by your rights.
  • Legal obligation. Processing required to comply with applicable law, including financial record-keeping obligations.
  • Consent. Where we send optional marketing communications, we rely on your consent, which you may withdraw at any time.

4. How we use your data

We use personal data strictly for the following purposes:

  • To create, manage, and maintain your account and publish your website.
  • To process payments and issue invoices.
  • To detect and prevent fraud, abuse, and security incidents.
  • To diagnose and fix technical issues and improve platform performance.
  • To communicate with you about your account, service changes, and — where you have opted in — product updates.
  • To comply with our legal and regulatory obligations.

We do not use your content to train machine learning or AI models. We do not sell, rent, or broker your personal data to third parties for any purpose.

5. Data sharing and sub-processors

We share personal data only with the following categories of third parties, and only to the extent necessary to operate the service:

  • Cloudflare, Inc. Your published site is served through Cloudflare's global edge network. Cloudflare processes connection data (including IP addresses) to deliver content and protect against abuse. See cloudflare.com/privacypolicy.
  • Stripe, Inc. All payment and billing processing is handled by Stripe, a PCI-DSS Level 1 certified provider. See stripe.com/privacy.

We do not transfer your personal data to any third party for advertising, profiling, or data brokerage purposes. Any future addition of sub-processors will be reflected in an updated version of this policy.

6. International data transfers

Some of our sub-processors operate in the United States. Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

7. Data retention

We retain personal data for as long as your account is active or as necessary to provide the service. Upon account deletion, we remove personal data within 90 days, except where retention is required by law (for example, financial records, which we retain for a minimum of 7 years in accordance with applicable accounting obligations). Anonymised or aggregated data may be retained indefinitely.

8. Your rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access. You may request a copy of the personal data we hold about you.
  • Right to rectification. You may request correction of inaccurate or incomplete data.
  • Right to erasure. You may request deletion of your personal data, subject to any overriding legal obligations.
  • Right to restriction. You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability. You may request your data in a structured, machine-readable format.
  • Right to object. You may object to processing based on legitimate interests.
  • Right to withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, submit a written request to legal@houd.ai. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.

9. Cookies

Houd uses strictly necessary cookies to maintain authenticated sessions and preserve user preferences (such as display settings). These cookies are essential to the functioning of the service and cannot be disabled without disrupting your experience. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies on the dashboard. Your published website's cookie behaviour is entirely within your control as the site operator.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted data transmission (TLS), access controls, and periodic security reviews. No system is completely secure; in the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority in accordance with applicable law.

11. Contact

For any privacy-related questions, requests, or complaints, contact us at legal@houd.ai. We will acknowledge your request within 72 hours and respond substantively within 30 days.