Privacy Policy

HorizonFlow Platform

Last updated: 20 January 2026

1. Introduction

This Privacy Policy explains how Konnekt-able Technologies Ltd (“Company”, “we”, “us”, “our”) collects, uses, discloses, and otherwise processes personal data in connection with the HorizonFlow platform (the “Platform”) and related services (the “Services”).

This Privacy Policy is drafted in accordance with Regulation (EU) 2016/679 (GDPR) and applies to Users acting in a professional or institutional capacity.

2. Identity of the Data Controller

Legal Name:: Konnekt-able Technologies Ltd
Registered Seat:: FDW House Blackthorn Business Park, Coes Road, Dundalk, Louth, Ireland
Contact Email:: [email protected]

For personal data processed on behalf of Users, the Company acts as processor in accordance with the Data Processing Agreement (Annex 1 to the Terms of Service).

3. Scope of This Privacy Policy

This Privacy Policy applies to:

visitors to the Platform;
registered Users;
representatives and collaborators of User organizations.

It does not cover personal data processed exclusively within User-uploaded content, where the User acts as controller and the Company as processor (see Section 10 below).

4. Categories of Personal Data We Process

4.1 Account and Contact Data

name
professional email address
organization name
role/title
login credentials

4.2 Usage and Technical Data

IP address
device and browser information
access logs
timestamps
platform usage metrics

4.3 Communications

support requests
system notifications
correspondence with the Company

4.4 Payment and Billing Data

billing contact details
transaction metadata (payment details are processed by independent payment providers)

5. Purposes and Legal Bases of Processing

Purpose	Legal Basis (GDPR Art. 6)
Account creation & access	Contract performance (6(1)(b))
Platform operation & security	Legitimate interests (6(1)(f))
Communications & support	Contract performance / legitimate interests
Legal compliance	Legal obligation (6(1)(c))
Analytics & performance	Legitimate interests
Billing & payments	Contract performance

Purpose

Account creation & access

Legal Basis (GDPR Art. 6)

Contract performance (6(1)(b))

Purpose

Platform operation & security

Legal Basis (GDPR Art. 6)

Legitimate interests (6(1)(f))

Purpose

Communications & support

Legal Basis (GDPR Art. 6)

Contract performance / legitimate interests

Purpose

Legal compliance

Legal Basis (GDPR Art. 6)

Legal obligation (6(1)(c))

Purpose

Analytics & performance

Legal Basis (GDPR Art. 6)

Legitimate interests

Purpose

Billing & payments

Legal Basis (GDPR Art. 6)

Contract performance

6. Use of Artificial Intelligence

Certain features of the Platform use AI-assisted processing to support drafting, structuring, or optimization of content.

AI outputs are assistive and non-autonomous.
No automated decision-making with legal or similarly significant effects takes place.
Users remain fully responsible for all outputs.

AI processing is conducted in accordance with:

GDPR transparency requirements;
the AI Act;
the Terms of Service.

7. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes described above, unless a longer retention period is required by law, as follows:

Category of Personal Data	Purpose of Processing	Retention Period
Account and Registration Data (name, email, organization, role)	User account creation, authentication, platform access	Retained for the duration of the User account. Deleted or anonymized within a reasonable period following account termination, unless retention is required by law.
Authentication Data (hashed passwords, security tokens)	Account security and access control	Retained for the duration of the account. Security credentials are invalidated immediately upon account termination.
Usage and Technical Data (IP address, logs, timestamps, device data)	Platform security, performance monitoring, troubleshooting	Retained for a limited period, typically up to 12 months, unless required for security investigations or legal compliance.
Support and Communications Data (support tickets, correspondence)	User support, issue resolution, service improvement	Retained for up to 24 months after resolution of the request, unless a longer retention is required for legal claims or compliance.
Billing and Transaction Data (invoices, payment metadata)	Billing, accounting, tax compliance	Retained for the period required under applicable tax and accounting laws (typically 6–10 years, depending statutory provisions).
User Content containing Personal Data (e.g. names, CVs, proposal-related content uploaded by Users)	Provision of the Services on behalf of the User	Retained for the duration of the User’s use of the Platform. Deleted or returned in accordance with the Data Processing Agreement upon termination, unless retention is required by law.
Legal and Compliance Data (audit logs, legal correspondence)	Compliance with legal obligations, dispute resolution	Retained for as long as necessary to comply with legal obligations or to establish, exercise, or defend legal claims.
Aggregated or Anonymized Data	Analytics, service improvement	May be retained indefinitely, as it no longer constitutes personal data.

Category of Personal Data

Account and Registration Data (name, email, organization, role)

Purpose of Processing

User account creation, authentication, platform access

Retention Period

Retained for the duration of the User account. Deleted or anonymized within a reasonable period following account termination, unless retention is required by law.

Category of Personal Data

Authentication Data (hashed passwords, security tokens)

Purpose of Processing

Account security and access control

Retention Period

Retained for the duration of the account. Security credentials are invalidated immediately upon account termination.

Category of Personal Data

Usage and Technical Data (IP address, logs, timestamps, device data)

Purpose of Processing

Platform security, performance monitoring, troubleshooting

Retention Period

Retained for a limited period, typically up to 12 months, unless required for security investigations or legal compliance.

Category of Personal Data

Support and Communications Data (support tickets, correspondence)

Purpose of Processing

User support, issue resolution, service improvement

Retention Period

Retained for up to 24 months after resolution of the request, unless a longer retention is required for legal claims or compliance.

Category of Personal Data

Billing and Transaction Data (invoices, payment metadata)

Purpose of Processing

Billing, accounting, tax compliance

Retention Period

Retained for the period required under applicable tax and accounting laws (typically 6–10 years, depending statutory provisions).

Category of Personal Data

User Content containing Personal Data (e.g. names, CVs, proposal-related content uploaded by Users)

Purpose of Processing

Provision of the Services on behalf of the User

Retention Period

Retained for the duration of the User’s use of the Platform. Deleted or returned in accordance with the Data Processing Agreement upon termination, unless retention is required by law.

Category of Personal Data

Legal and Compliance Data (audit logs, legal correspondence)

Purpose of Processing

Compliance with legal obligations, dispute resolution

Retention Period

Retained for as long as necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

Category of Personal Data

Aggregated or Anonymized Data

Purpose of Processing

Analytics, service improvement

Retention Period

May be retained indefinitely, as it no longer constitutes personal data.

8. Data Sharing and Recipients

Personal data may be disclosed to:

authorized personnel of the Company;
IT, hosting, and infrastructure providers;
communication and support service providers;
competent public authorities where required by law.

A current list of subprocessors is available at: Subprocessors.

9. International Data Transfers

Personal data is primarily processed within the EEA.

Where data is transferred outside the EEA, the Company ensures appropriate safeguards in accordance with Chapter V GDPR, including Standard Contractual Clauses where applicable.

10. Processing on Behalf of Users

Where Users upload personal data relating to third parties (e.g. project partners, researchers, contact persons), the Company processes such data solely on behalf of the User as processor.

Such processing is governed by the Data Processing Agreement (Annex 1) to the Terms of Service.

11. Security Measures

The Company implements appropriate technical and organizational measures, including:

access controls and authentication;
encryption in transit;
logical data segregation;
backup and recovery mechanisms;
incident response procedures.

12. Data Subject Rights

Data subjects have the right to:

access their personal data;
rectification;
erasure;
restriction of processing;
data portability;
object to processing;
lodge a complaint with a supervisory authority.

Requests may be submitted to: [email protected]

13. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies as described in the Cookie Policy.

14. Changes to This Privacy Policy

The Company may update this Privacy Policy from time to time. Material changes will be communicated through the Platform.

15. Contact and Complaints

For privacy-related inquiries: [email protected]

Supervisory authority: The Irish Data Protection Commission (or the authority of the User’s habitual residence, where applicable).