Privacy & Legal

Who We Are

HOURO ("Company", "we", "us") is an IT consulting and technology company headquartered at 12301 Branford St, Sun Valley, CA 91352-1012, United States. We provide solution architecture, DevOps, cloud engineering, cybersecurity, data & AI consulting, and squad-as-a-service solutions for businesses worldwide.

This Privacy & Legal document describes how we collect, use, store and protect the personal data of our clients, prospects, platform users and website visitors in compliance with the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the GDPR and other applicable regulations.

Personal Data We Collect

We collect personal data necessary to deliver our IT consulting services, manage client engagements and operate our website:

• Contact & Identity Data — Name, email address, phone number, job title and company name.
• Client & Project Data — Technical requirements, system architecture details, SLA parameters and project scope documentation.
• Candidate & Team Data — CV/resume, technical skills, certifications and professional background for squad placement.
• Billing & Financial Data — Invoice details, payment records and contract information processed through secure providers.
• Technical & Usage Data — IP address, browser type, device identifiers, operating system and website interaction logs.
• Communication Data — Emails, support tickets, consultation recordings (with consent) and project correspondence.
• Free Diagnosis Data — Technical questionnaire responses, system descriptions and vulnerability assessment information provided through our free diagnosis service.

How We Use Your Data

We use your data exclusively for legitimate, specific and informed purposes with the appropriate legal basis:

Data Sharing & Disclosure

HOURO does not sell your personal data. We share information only where necessary to deliver our services and with appropriate contractual safeguards:

• Cloud infrastructure partners — AWS, Azure and Google Cloud for hosting, data processing and security tooling under appropriate Data Processing Agreements.
• Development and DevOps tool providers — GitLab, Datadog, PagerDuty and similar platforms used in client project delivery.
• Payment processors — Stripe and other PCI-DSS certified processors for secure billing and invoice payment.
• Background check providers — For engineer placement verification, subject to candidate consent and applicable privacy protections.
• Analytics providers — Google Analytics and similar tools for website performance monitoring under appropriate DPAs.
• Regulatory and legal authorities — When required by US federal or California state law, court order or regulatory investigation.
• International transfers — Data transferred outside the US is protected using Standard Contractual Clauses (SCCs) or other approved mechanisms.

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to improve user experience, analyse traffic and support our marketing activities.

Manage your cookie preferences via the consent banner on our website or through your browser settings. Disabling essential cookies may prevent access to certain contact and diagnosis forms.

Data Retention

We retain personal data only as long as necessary to deliver services and meet legal obligations:

• Active client and project data: for the duration of the engagement, plus 5 years after project completion for warranty and dispute resolution purposes.
• Security audit and vulnerability assessment records: 3 years or as required by client contractual obligations.
• Financial records and invoices: 7 years per IRS requirements and California state tax law.
• Engineer and candidate placement records: 3 years from last application or engagement.
• Website access logs and technical data: 12 months for security monitoring and performance analysis.
• Free diagnosis questionnaire data: 12 months from submission, then deleted unless a project engagement follows.
• Marketing consent and newsletter data: 3 years from last engagement or until opt-out is received.

Your Privacy Rights (CCPA / CPRA)

As a California-based company, we uphold all rights under the CCPA and CPRA. Depending on your location, additional rights may apply under GDPR or other laws:

1. Right to Know — Request disclosure of the categories and specific pieces of personal data we have collected, used, disclosed or sold.
2. Right to Access — Obtain a copy of your personal data in a portable, machine-readable format.
3. Right to Delete — Request deletion of personal data we hold, subject to applicable legal retention obligations.
4. Right to Correction — Request correction of inaccurate or incomplete personal information in our records.
5. Right to Opt-Out of Sale — HOURO does not sell personal data. This right is upheld by default.
6. Right to Limit Sensitive Data Use — Limit our use of sensitive personal information to purposes strictly necessary to provide services.
7. Right to Non-Discrimination — Exercising your privacy rights will not result in denial of service or any adverse treatment.
8. Right to Withdraw Consent — Withdraw marketing consent at any time without affecting prior lawful processing.

Security Measures

As a security-focused IT consultancy, we apply the same rigour to protecting our own data as we recommend to our clients:

• TLS 1.3 encryption for all data in transit between users, our systems and third-party integrations.
• AES-256 encryption for sensitive client and project data at rest across all storage systems.
• Role-based access control (RBAC) ensuring only authorised personnel access client project data.
• Multi-factor authentication (MFA) required for all staff access to systems handling client data.
• Regular security audits aligned with OWASP Top 10 and NIST Cybersecurity Framework standards.
• Incident response plan with mandatory breach notification within 72 hours to regulatory authorities and affected parties.
• Zero-trust network architecture for internal systems and client project environments.
• Regular penetration testing of our own infrastructure by independent third parties.

External Links & Tool Integrations

HOURO's website and project work may involve links or integrations with external platforms including GitHub, GitLab, cloud consoles, monitoring tools and client systems. When you access external links or connect third-party tools, you are subject to those providers' own privacy policies.

HOURO is not responsible for the privacy practices of external websites or tool providers. This Privacy & Legal document applies exclusively to data processed directly by HOURO within our own systems and engagements.

Children's Privacy

HOURO's services are directed exclusively at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 16.

If you believe a minor has provided data through our website or contact forms, please notify us immediately at privacy@houro.com and we will take prompt action to delete the data.

Changes to This Policy

We may update this Privacy & Legal document periodically to reflect changes in our services, legal obligations or business practices. When material changes are made:

• The "Last Updated" date at the top of this page will be revised accordingly.
• Active clients will be notified by email with at least 30 days advance notice for material changes.
• A prominent notice will be displayed on our homepage for a minimum of 30 days.
• Previous versions of this policy are available upon written request.

Continued use of HOURO services after the effective date of any changes constitutes your acceptance of the updated policy.

Contact & Privacy Team

For any questions, rights requests or concerns regarding how HOURO processes your personal data, please reach out through any of the following channels: