Skip to content 
Last updated: 03.05.2026 — Effective: 03.05.2026
1. Who we are
This Privacy Policy describes how comprehensive meaning s. r. o. (“we”, “us”, “our”) collects, uses, and shares personal data when you visit hourcast.io or use the Hourcast service at app.hourcast.io (together, the “Service”).
Controller details:
- Company: comprehensive meaning s. r. o.
- Registered address: Karpatske namestie 7770/10A, 831 06 Bratislava, Slovak Republic
- Company ID: 56 261 471
- VAT ID: SK2122256191
- Registered: Commercial Register of the Bratislava III City Court, Section: Sro, File: 178555/B (link)
- Contact for privacy matters: [email protected]
We are the data controller for personal data processed in connection with the Service. The founder/operator personally handles all privacy-related requests, data subject requests, and data breach notifications.
2. Scope
This Privacy Policy applies to:
- The marketing website at hourcast.io
- The application at app.hourcast.io
- All transactional and marketing emails we send
- All support communications
It does not apply to third-party services we link to (such as Google Ads, Stripe checkout pages, or external podcast platforms), which have their own privacy policies.
3. Data we collect
3.1 Information you provide
- Account data: email address, name, password (stored as a hash), language preference, timezone
- Payment data: processed by Stripe. We do not store full card details. We retain the Stripe customer ID, subscription ID, billing email, and the last four digits and brand of the payment method
- Communications: the content of any emails or support messages you send us
- Marketing preferences: your opt-in choices for newsletters and product updates
3.2 Information from your Google Ads account
When you connect your Google Ads account by pasting our script, we receive:
- Your Google Ads customer ID (account number)
- Campaign, ad group, and ad metadata (names, status, budgets, bidding strategy)
- Performance metrics (impressions, views, completions, watchtime, cost)
- Video asset IDs and durations
- Audience and demographic targeting data
We do not access any other part of your Google Ads account. The script is read-only except for budget shifts within the campaign groups you define.
3.3 Information collected automatically
- Log data: IP address, browser type and version, operating system, referrer URL, pages visited, timestamps
- Device data: device type, screen resolution, language preference
- Cookies and similar technologies: see Section 5
3.4 Session recordings (Hotjar)
We use Hotjar on both hourcast.io and app.hourcast.io to record user sessions, including mouse movements, clicks, scrolls, and page navigation.
This means your interactions inside the paid dashboard may be recorded in addition to your activity on the marketing site. Recordings help us improve usability and debug issues.
All sensitive form inputs (email, password, payment fields, and other text inputs) are automatically masked by Hotjar and are never recorded.
You can opt out of Hotjar tracking at any time via the cookie banner or directly at https://www.hotjar.com/legal/compliance/opt-out.
4. How we use your data and legal bases (GDPR Article 6)
| Purpose | Legal basis |
|---|---|
| Provide and operate the Service | Performance of contract — Art. 6(1)(b) |
| Process payments and renewals | Performance of contract — Art. 6(1)(b) |
| Send transactional emails (welcome, password reset, monthly summary, alerts) | Performance of contract — Art. 6(1)(b) |
| Send marketing emails (newsletters, product updates) | Consent — Art. 6(1)(a) |
| Analytics (Google Analytics, Google Tag Manager, Hotjar) | Consent — Art. 6(1)(a) |
| Advertising (Meta Pixel, LinkedIn Insight Tag, retargeting, custom audiences) | Consent — Art. 6(1)(a) |
| Security, fraud prevention, abuse detection | Legitimate interest — Art. 6(1)(f) |
| Comply with legal obligations (tax, accounting) | Legal obligation — Art. 6(1)(c) |
You opt into marketing emails in one of two ways:
- At signup, by checking the marketing opt-in box on the registration form
- Via a separate newsletter signup form on hourcast.io
You can unsubscribe at any time via the link in every marketing email or by emailing [email protected]. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
5. Cookies and tracking
We use cookies and similar technologies for:
- Strictly necessary (always on): authentication, session management, security, payment processing, load balancing
- Analytics (consent required): Google Analytics, Google Tag Manager, Hotjar
- Marketing/advertising (consent required): Meta Pixel, LinkedIn Insight Tag
Non-essential cookies do not load until you grant consent via the cookie banner (managed by the Complianz consent platform). You can change or withdraw your consent at any time via the cookie settings link in our footer.
For a detailed cookie list (categories, providers, retention), see our Cookie Policy.
6. Subprocessors and third parties
We use the following third-party providers to operate the Service. Each has its own privacy policy and security commitments.
| Provider | Purpose | Location |
|---|---|---|
| Railway | Application hosting (backend, database) | EU West (Amsterdam, Netherlands) |
| Websupport, s.r.o. | WordPress hosting (marketing site, dashboard) | Slovak Republic |
| Cloudflare | DNS, CDN, DDoS protection | Global (with EU routing where available) |
| Stripe | Payment processing | USA / Ireland (EU) |
| Mailjet | Transactional and marketing emails | France (EU) |
| Google (Google Ads, Google Analytics, Google Tag Manager) | Advertising platform connection, web analytics | USA / EU |
| Hotjar | Session recording and behavioral analytics | Malta (EU) |
| Meta Platforms | Advertising and conversion tracking | USA / Ireland (EU) |
| Advertising and conversion tracking | USA / Ireland (EU) | |
| Zapier | Workflow automation between Stripe, our CRM, and ad platforms | USA |
| Wordfence | WordPress security plugin | USA |
| Complianz | Cookie consent management | EU |
Data flowing through Zapier: Zapier may move data between Stripe, our CRM, and our advertising platforms (e.g., Meta and LinkedIn for custom audiences). We use it for workflow automation related to billing, signups, and marketing operations.
International data transfers: where personal data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, on adequacy decisions, or on other lawful transfer mechanisms.
7. Data retention
We retain personal data only as long as necessary for the purposes described above.
| Data category | Retention period |
|---|---|
| Active account data | For the duration of your subscription |
| Account data after cancellation | 12 months, then deleted or anonymized |
| Payment and invoicing records | 10 years (Slovak tax and accounting law) |
| Server logs (IP addresses, request logs) | 6 months |
| Hotjar session recordings | 12 months |
| Marketing email consent records | Until consent is withdrawn, then 3 years for proof of consent |
| Backup copies | Up to 30 days after deletion from primary storage |
After the retention period, data is permanently deleted or irreversibly anonymized.
8. Your rights under GDPR
If you are in the EEA, UK, or Switzerland, you have the following rights:
- Right of access (Art. 15): get a copy of your personal data
- Right to rectification (Art. 16): correct inaccurate data
- Right to erasure (Art. 17): request deletion (“right to be forgotten”)
- Right to restriction (Art. 18): limit how we process your data
- Right to data portability (Art. 20): receive your data in a machine-readable format
- Right to object (Art. 21): object to processing based on legitimate interest, including direct marketing
- Right to withdraw consent (Art. 7): withdraw any consent at any time, without affecting prior lawful processing
- Right to lodge a complaint with a supervisory authority (see below)
How to exercise your rights
We currently handle data subject requests on an informal, ad-hoc basis. To exercise any rights under GDPR (access, rectification, erasure, portability, objection), contact us at [email protected] with the request and the email address associated with your account. We will respond within 30 days.
We will manually verify your identity and process the request by deleting or exporting data from PostgreSQL, WordPress, Mailjet, Stripe, and any other system where it is stored. We aim to respond within 30 days, as required by Art. 12(3) GDPR.
Supervisory authority
If you believe we have mishandled your personal data, you can lodge a complaint with the Slovak Data Protection Authority:
Úrad na ochranu osobných údajov Slovenskej republiky Hraničná 12, 820 07 Bratislava 27, Slovak Republic Tel: +421 2 3231 3214 Email: [email protected] Web: https://dataprotection.gov.sk
You also have the right to lodge a complaint with the supervisory authority in your EU country of residence.
9. Security
We implement appropriate technical and organizational measures to protect personal data, including:
- TLS encryption for all data in transit
- Encrypted database storage
- Restricted administrative access (limited to the founder/operator)
- API key authentication for backend endpoints
- WordPress security hardening via Wordfence
- Regular software updates and dependency monitoring
No security measure is perfect. If a personal data breach occurs, we will notify the Slovak Data Protection Authority within 72 hours of becoming aware, in accordance with Art. 33 GDPR. Where the breach is likely to result in a high risk to the rights and freedoms of affected users, we will notify those users without undue delay (Art. 34 GDPR).
10. Children
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The “Last updated” date at the top of this document indicates when it was last revised.
12. Contact
Privacy questions, data subject requests, and breach reports:
comprehensive meaning s. r. o. Karpatske namestie 7770/10A 831 06 Bratislava Slovak Republic
Email: [email protected] Company ID: 56 261 471 VAT ID: SK2122256191
This Privacy Policy is provided in English. Translations may be available for convenience; in case of conflict, the English version controls.
