Sauter au contenu principal
| Mon–Fri 8:30am–4:30pm
1 877 966-4225 | assistance@horizon-cumulus.ca | Live chat | FR
PROTECTING YOUR DATA

Privacy Policy

Horizon-Cumulus (9322-8310 Québec inc.) — Last updated: April 2025

Preamble

Horizon-Cumulus places fundamental importance on the protection of the personal information of its clients, visitors, and partners. This policy explains what data we collect, why we collect it, how we protect it, and what your rights are in relation to it.

This policy complies with the Act to modernize legislative provisions as regards the protection of personal information (Quebec Law 25), the Personal Information Protection and Electronic Documents Act (PIPEDA), and is guided by the principles of the European Union's General Data Protection Regulation (GDPR).

Personal Information Protection Officer

In accordance with Quebec Law 25, Horizon-Cumulus has designated a personal information protection officer. For any questions regarding your personal data, you may contact:

  • Title : The designated personal information protection officer
  • Email : vie-prive@horizon-cumulus.com
  • Address : CP 254 succ. Joliette, Joliette (QC) J6E 3Z6

Data Collected

The personal information we collect varies depending on the context of your interaction with our services.

Website (horizon-cumulus.com)

  • Contact form : name, email, phone, company, message
  • Brief generator : project description, email — processed via the Anthropic API (Claude) for AI analysis
  • Hosting calculator : email, project details
  • Analytics : Google Analytics — anonymized usage data (pages visited, duration, device, approximate location)
  • Crisp live chat : exchanged messages, email if voluntarily provided

Client portal (WHMCS)

  • Name, address, email, phone
  • Payment information (cards are processed by payment gateways — no card data is stored locally)
  • Service history and billing
  • Technical support tickets

Hosting services

  • Server logs and IP addresses
  • Domain registration data (in accordance with ICANN requirements)

Purpose of Processing

Your personal information is used for the following purposes:

  • Delivery and management of contracted services (hosting, development, DNS, email, etc.)
  • Billing and payment processing
  • Technical support and troubleshooting
  • Improvement of our services and user experience
  • Security monitoring and abuse prevention
  • Compliance with legal obligations (tax, regulatory, ICANN)
  • Communications regarding your services (maintenance notices, updates, renewals)

Legal Basis for Processing

The processing of your personal information is based on the following grounds:

  • Performance of the contract : primary basis — processing is necessary for the delivery of the services you have contracted
  • Legitimate interest : security of our infrastructure, service improvement, fraud prevention
  • Consent : promotional communications, web analytics, use of live chat
  • Legal obligation : retention of tax records, compliance with ICANN requirements for domain registration

Artificial Intelligence and Data

Our brief generator uses the Anthropic API (Claude) to analyze project descriptions submitted by visitors. Here are the details of how data is processed:

  • Data sent to the AI : project description, target audience, success criteria
  • Data NOT sent to the AI : email, phone, personal identity
  • Result : the AI response (structured brief) along with the visitor's contact details are forwarded to the Horizon-Cumulus team for follow-up
  • Retention : project descriptions are not retained by Horizon-Cumulus beyond the session. Anthropic's own retention policy applies to data transmitted to their API.

The artificial intelligence tools (Claude, Copilot) used in our internal development processes do not process any personal information of our clients.

Subcontractors and Data Transfers

In the course of delivering our services, certain data may be processed by the following subcontractors:

Subcontractor Service Data Location
OVH Canada Server hosting Beauharnois, QC, Canada
GT HOST Data center Montreal, QC, Canada
Wasabi Technologies S3 object storage Toronto, ON, Canada
PolarisMail Professional email Montreal, QC, Canada
Microsoft 365 Internal tools Canada
BunnyCDN / BunnyDNS CDN and DNS Montreal/Toronto nodes (routing), Slovenia (headquarters)
SMTP2Go Transactional email International (New Zealand)
Crisp Live chat France (EU)
Google (Analytics) Web analytics United States
Cloudflare Anti-spam protection (Turnstile) United States
Anthropic AI brief generator United States

For providers located outside of Canada, appropriate safeguards are in place (contractual clauses, security certifications). Your data is primarily hosted in Canada.

Cookies

Our website uses the following cookies:

  • Session cookies : required for the website to function (authentication, language preferences). Essential, cannot be disabled.
  • Google Analytics : analytics cookies that help us understand website usage in an aggregated and anonymized manner.
  • Crisp : cookies related to the live chat service, enabling conversation continuity across pages.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect how the website functions.

For our clients using the Moelleux module (consent banner), a granular consent mechanism is available for the visitors of their own websites.

Data Retention

We retain your data for the following periods:

  • Client account data : duration of service + 30-day grace period after the end of the contract
  • Invoices and tax records : 7 years (legal obligation)
  • Technical support tickets : 3 years
  • Contact form submissions : 1 year
  • Analytics data : 14 months (Google Analytics default setting)

Deletion requests are processed within a maximum of 30 days.

Data Security

Horizon-Cumulus implements technical and organizational security measures to protect your personal information:

  • SSL/TLS encryption across all our services and websites
  • Firewalls and intrusion detection systems
  • Anti-DDoS protection (BunnyShield)
  • Strict access controls and multi-factor authentication for internal systems
  • Regular security audits
  • Canadian data centers with physical security (OVH Beauharnois, GT HOST Montreal)
  • Daily courtesy backups (no contractual guarantee)

Individual Rights

Under Quebec Law 25 and PIPEDA, you have the following rights:

  • Right of access : obtain confirmation that your data is being processed and receive a copy
  • Right of rectification : have any inaccurate or incomplete data corrected
  • Right of deletion : request the erasure of your personal data, subject to our legal retention obligations
  • Right to portability : receive your data in a structured and commonly used format
  • Withdrawal of consent : withdraw your consent at any time for processing based on consent

To exercise your rights, contact us at vie-prive@horizon-cumulus.com. We respond within 30 days.

Individuals Residing in the European Union (GDPR)

If you reside in the EU, you also have the right to object to processing and the right to lodge a complaint with a competent supervisory authority (for example, the CNIL in France).

Privacy Incident

In accordance with Quebec Law 25, Horizon-Cumulus maintains a register of privacy incidents. In the event of an incident presenting a serious risk of harm:

  • We notify the affected individuals as soon as possible
  • We notify the Commission d'accès à l'information (CAI) of Quebec
  • We take the necessary corrective measures to mitigate the consequences of the incident

For incidents detected on a client's infrastructure, Horizon-Cumulus notifies the client as soon as possible. The client remains responsible for notifying their own users and reporting to the CAI as applicable.

Client Responsibility

Clients who collect personal information through services hosted by Horizon-Cumulus are responsible for their own compliance with personal information protection laws. This includes:

  • Publishing their own privacy policy
  • Implementing appropriate consent mechanisms
  • Managing privacy incidents involving their own users
  • Maintaining their own incident register

In this context, Horizon-Cumulus acts as a subcontractor (data processor) and not as the data controller for the personal information of its clients' end users.

Changes to This Policy

Horizon-Cumulus reserves the right to amend this privacy policy. In the event of a material change, a notice will be sent by email to affected clients at least 30 days before the changes take effect.

The current version of this policy is always available on our website.

Contact

For any questions regarding this policy or your personal information:

Questions about your data?

Our team is available to answer all your questions regarding the protection of your personal information.

Contact Us

Brief Generator AI

3 questions. Our AI generates a preliminary scope document sent to your email within minutes.

Step of 3

Describe in a few sentences the problem or need you are looking to address.

Who are the primary users? What is their context?

Describe the concrete result you hope for.

To receive the generated scope document.

Generating...

Our AI is analyzing your answers and preparing your preliminary scope document.

This usually takes less than 30 seconds.

Your brief is ready!

A preliminary scope document has been sent to .

Schedule a Discovery Call

This document is a preliminary AI-generated analysis. It does not constitute a quote or a commitment.

An Error Occurred

Prefer to speak directly with our team? Contact us