Purpose-limited collection
We collect data to run the website, authenticate users, maintain workspaces, support orders, and secure operations. We do not collect data without an operational reason.
Privacy Policy
How BullHorns Matrix handles product, website, support, and transaction data
This privacy policy explains what information we collect, why we use it, how long we retain it, when we share it, and what rights users have when using BullHorns Matrix and related services.
Last updated June 24, 2026
Applies to Website, web apps, desktop apps, support, commerce services
Core principle Minimum necessary, explicit purpose, reviewable access
Privacy boundary for matrix software
Because this product may process account, device, support, and transaction data, you should decide early which teams may access which records. Privacy risk usually comes from over-broad access, not only from external attackers.
- Keep permissions aligned to real job responsibilities and remove stale access quickly.
- Do not upload third-party account credentials, customer data, or order information unless you have a lawful basis and a clear operational purpose.
- If your local law requires notice, consent, contract terms, or cross-border safeguards, you must complete those steps before importing data into the product.
Privacy Policy
Privacy in plain language
Consent-based analytics
Website analytics is off by default. Only necessary cookies are active until you explicitly opt in to analytics cookies.
Layered access control
We apply security measures such as access control, environment separation, logging, and issue investigation workflows to reduce unnecessary exposure.
Cross-border review required
If your team operates across regions, you must review whether your own legal obligations require additional notices, transfer safeguards, or customer-facing disclosures.
1. Information we collect
We collect several categories of information depending on whether you browse the website, create an account, contact support, or use marketplace features.
Information you provide directly
This may include your name, company, email address, phone or Telegram contact, support content, billing contact details, order notes, and any documents or screenshots you send when requesting assistance or commercial services.
Operational and technical data
When you use the service, we may collect login identifiers, workspace membership, permission assignments, activity logs, IP address, browser or app version, device or environment metadata, crash information, and records needed to debug or secure product workflows.
- Workspace and role data
- Session and authentication events
- Support, order, and delivery records
- Error logs and security-relevant events
2. Why we use your information
Every collection category is tied to a specific operational purpose rather than open-ended reuse.
Service delivery and maintenance
We use information to create and secure accounts, manage roles and permissions, run product workflows, deliver support, process orders, detect abuse, and maintain service quality.
Communication and improvement
We may use information to respond to support requests, notify you about operational changes, prevent fraud, understand product reliability, and improve page performance or user experience.
3. Cookies, consent, and website analytics
The website separates necessary cookies from optional analytics so that consent is meaningful and reviewable.
Necessary cookies
Necessary cookies help the website remember theme preference, privacy choices, and other core interface states required for a stable browsing experience.
Optional analytics cookies
Analytics cookies are disabled by default. If you grant consent, we may use privacy-conscious measurement tooling such as Google Analytics with IP anonymization to understand high-level website usage patterns.
- Consent can be changed later through the cookie controls.
- Declining analytics will not block access to the public website.
- We do not use analytics consent as permission for unrelated advertising or data resale.
4. When we share information
We do not sell personal information. Sharing happens only when service delivery, law, or safety requires it.
Service providers and processors
We may share limited information with hosting providers, analytics providers you consent to, payment processors, customer-support tools, or infrastructure vendors that help us operate the service under appropriate contractual or technical controls.
Legal, security, and transaction needs
We may disclose information if required by law, regulation, court order, fraud investigation, sanctions screening, abuse response, or to complete a legitimate transaction requested by you.
5. Cross-border access and transfers
The service may be accessed by distributed teams or infrastructure providers across multiple regions.
Operational transfer context
If your team uses the service across jurisdictions, information may be accessed, stored, or processed in locations different from the one where it was collected. We expect customers to evaluate whether local law requires transfer notices, safeguards, or contractual commitments.
Your own obligations remain active
If you upload customer, employee, creator, or account-holder data into the service, you remain responsible for providing any notices, obtaining any permissions, and documenting any cross-border basis required under your law.
6. Retention and deletion
We keep information only for as long as operational, contractual, security, or legal needs require.
Retention windows
Retention depends on the type of record. For example, security logs may be kept longer than marketing inquiries, and order or settlement records may be retained longer than transient website preferences.
Deletion principles
When data is no longer needed, we delete it, anonymize it, or isolate it from routine use, unless a longer period is required for fraud control, dispute resolution, bookkeeping, or legal compliance.
7. Security safeguards
No system is risk-free, but we use layered controls to reduce both external and internal exposure.
Security measures
Measures may include access restriction, environment isolation, log review, transport security, secret management, issue-response procedures, and role-based operational controls.
Your security role
You must also secure local devices, admin access, exported files, staff onboarding and offboarding, and any integrations you connect to the product.
8. Your rights and how to contact us
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to certain processing activities.
How to exercise requests
You may contact us to ask about your information, request corrections, request deletion where applicable, or ask how specific data categories are used inside the service.
Verification and limits
We may need to verify identity and authority before responding. Some requests may be limited where we must protect other users, preserve security, complete transactions, or comply with law.
Privacy Policy
Need more detail for enterprise review?
If your legal, security, or procurement team needs a clearer explanation of cookies, log retention, support data, or order-related records, contact us before onboarding a large team or importing regulated data.
This public privacy policy may be supplemented by transaction-specific notices, support notices, or enterprise arrangements where required.
