AlphornAlphornBeta

Privacy Policy

Last updated: May 5, 2026

1. Controller

Armin Reiter (sole proprietor, Vienna, Austria)
Email: hello@alphorn.dev
Full postal address: Imprint

2. Overview

Alphorn is a self-hosted notification routing platform. This privacy policy explains how we collect, use, and protect your personal data when you use our hosted service at app.alphorn.dev or visit our website at alphorn.dev. If you self-host Alphorn, your data processing is governed by your own policies.

3. Data We Collect

3.1 Account Data

When you create an account, we collect your email address and, if you use a social login (GitHub, Google, Microsoft), the profile information provided by that service (name, email, profile picture). This data is processed on the basis of Art. 6(1)(b) GDPR (performance of a contract).

3.2 Usage Data

We collect technical data necessary to operate the service, including IP address, browser type, and timestamps of requests. This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest in security and service operation).

3.3 Notification Data

When you send notifications through Alphorn, we process the webhook payloads (title, message, tags, priority, and any custom JSON fields) to route them to your configured channels. This data is processed on the basis of Art. 6(1)(b) GDPR (performance of a contract). Notification data is retained for up to 14 days for retry and debugging purposes.

3.4 Payment Data

If you subscribe to a paid plan, payment processing is handled by Paddle.com Market Limited ("Paddle"), who acts as our merchant of record. Paddle collects and processes your payment information, billing address, and tax identifiers directly. We do not store your credit card or bank details. We receive from Paddle your subscription status, billing email, and transaction history necessary to manage your plan.

Paddle may collect additional data such as your IP address and device information for fraud prevention purposes. Paddle's processing of your personal data is governed by the Paddle Privacy Policy. This data is processed on the basis of Art. 6(1)(b) GDPR (performance of a contract).

4. Cookies

We use strictly necessary cookies for authentication and session management. These cookies are required for the service to function and cannot be disabled. We do not use tracking cookies or third-party advertising cookies.

5. Third-Party Services

When you configure notification channels (e.g. Slack, Discord, Telegram), your notification data is transmitted to those third-party services as directed by you. Each channel provider has their own privacy policy. Alphorn acts as a data processor on your behalf for this routing.

The alphorn.dev marketing website is hosted on Cloudflare Pages (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare processes connection data (IP address, user agent, timestamps) to deliver the site and protect against abuse, on the basis of Art. 6(1)(f) GDPR (legitimate interest in security and service operation). See the Cloudflare Privacy Policy.

Our contact form is protected by Cloudflare Turnstile, a privacy-preserving CAPTCHA alternative that does not set tracking cookies or fingerprint users. Turnstile processes technical request data to distinguish humans from bots, on the basis of Art. 6(1)(f) GDPR (legitimate interest in preventing spam and abuse).

We use Plausible Analytics to measure aggregate website usage. Plausible is self-hosted on our own infrastructure, so no visitor data is shared with third parties. It is cookieless, does not collect personal data, does not track users across sites or devices, and does not require a consent banner. IP addresses are only used transiently to derive coarse country-level statistics and are not stored. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in understanding website usage).

Payment processing is provided by Paddle.com Market Limited. When you purchase a subscription or message pack, you interact directly with Paddle's checkout. Paddle acts as the merchant of record and is responsible for payment data security, PCI DSS compliance, and tax handling. For details, see the Paddle Privacy Policy.

6. Data Retention

Account data is retained for the duration of your account. Notification data (messages, delivery logs) is retained for up to 14 days. When you delete your account, all associated data is permanently deleted within 30 days.

7. Data Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, and secure session management. All data is stored in PostgreSQL databases with access controls.

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Erase your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise any of these rights, contact us at hello@alphorn.dev. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, dsb.gv.at).

9. International Transfers

Our hosted service infrastructure is located in the European Union. If you configure channels that route data to services outside the EU, that transfer is initiated by you as the data controller.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. The current version is always available at this page.