Hovera as Processor
When you use Hovera, we (Sendormeco Holding sp. z o.o.) are the Processor of your data — we process it on your behalf and on your instructions. You remain the Controller of your clients' data.
Data Processing Agreement (DPA)
Every paid Hovera plan includes an automatically concluded data processing agreement. Full text in Terms, Annex A.
Categories of data processed
- Identification of stable clients (name, email, phone)
- Operational data (rides, passes, invoices)
- Horse data (owner, veterinary history)
Security measures
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Encrypted backups, daily, 30-day retention, geo-replicated
- Full audit log of every data change
- Production access: 2-person authorization, 2FA, log forwarded to SOC
- RBAC for stable users
Sub-processors
- Hetzner Online GmbH (Germany) — hosting
- Cloudflare (EU) — CDN and WAF
- Stripe (Ireland) — payments
- Postmark (USA) — email (Standard Contractual Clauses)
30-day notice for sub-processor changes.
Your rights
Full data export as JSON available from the panel (Profile → Data → Export). Account and data deletion within 30 days of request.
Contact
Data Protection Officer: gdpr@hovera.app