Privacy Policy

Effective Date: June 1, 2026
Version: 1.0.0
Last Reviewed: June 1, 2026

What this is

This Privacy Policy covers all DarkHorse properties — DarkHorse.Codes, DarkHorse Media, and any other service we operate under the DarkHorse brand. It explains what we collect, why, who we share it with, and how to exercise your rights.

What you should know first


§1 — Who We Are

The controller of your personal information is:

DarkHorse (also known as DarkHorse Codes and Dark Horse Media)
Operated by Tommy R Hudson Jr
1242 Elco Ave
Maumee, OH 43537, USA

Privacy contact: privacy@darkhorse.codes

We do not have a designated Data Protection Officer (DPO) under GDPR Article 37 — the requirement does not apply at our current scale. Privacy inquiries are handled by Tommy R Hudson Jr directly.

§2 — What We Collect

Account Information:

Payment Information:

Service Usage Information:

Communications:

Server Logs:

Custom Build Specific (for Custom Build engagements only):

We do not collect:

§3 — How We Use It

Purposes and Lawful Basis (for EU/UK residents)

Purpose Data Used Lawful Basis (GDPR Art. 6)
Provide the Service Account, payment, service usage Contract performance (Art. 6(1)(b))
Bill your subscription Payment info Contract performance
Send transactional emails Email, name Contract performance
Maintain security Server logs, IP Legitimate interest (Art. 6(1)(f))
Improve the Service Watch history, usage stats Legitimate interest
Respond to your support inquiries Communications Contract performance
Detect fraud and abuse Account, usage, IP Legitimate interest
Comply with legal obligations (tax, DMCA, court orders) Various Legal obligation (Art. 6(1)(c))
Send promotional content Email Consent (Art. 6(1)(a)) — opt-in only

What We Do NOT Do With Your Data

§4 — Who We Share It With

We share data only with third-party services that make DarkHorse work. Each is bound by contractual obligations to protect your data.

Provider Data Shared Purpose Location Safeguard
Stripe, Inc. Name, email, address, tokenized payment Payment processing USA Stripe DPA, Standard Contractual Clauses
Cloudflare, Inc. IP address, request metadata DNS, security, CDN USA + EU edge DPA, SCCs
Google LLC (Workspace) Email addresses, message content Email delivery USA DPA, SCCs
Real-Debrid None of your direct PII; your individual RD account (if used) is separate Content cache infrastructure France EU-EU (no transfer needed)
VPS Mart (hosting provider) All server-processed data Server hosting USA DPA, SCCs

We may also share data:

§5 — How Long We Keep It

Data Category Retention Period Reason
Account profile While account is active + 12 months Customer service follow-up
Billing records 7 years Tax / regulatory requirement
Watch history 90 days after last activity Service improvement, recommendations
Server logs 30 days Security investigation
Email correspondence 2 years Customer service history
DMCA-related records 3+ years Required by 17 U.S.C. § 512
Marketing consent records Until revoked + 3 years Demonstrating compliance
Custom Build deliverables Per applicable SOW Contract requirement

After the retention period:

§6 — Where Your Data Goes

DarkHorse infrastructure is located in:

For data transfers involving EU residents to US-based processors, we rely on Standard Contractual Clauses (SCCs) executed by our processors as the primary transfer mechanism.

§7 — Security

We protect your data with:

We cannot guarantee absolute security. No system is completely secure. If something goes wrong, we'll let you know per §12.

§8 — Your Rights

Regardless of where you live, you have the following rights with respect to your data:

Right to Access. You can request a copy of the data we have about you.

Right to Correct. You can ask us to fix inaccurate data.

Right to Delete. You can request deletion of your data. Exceptions apply (billing records we must retain, ongoing legal obligations, etc.).

Right to Object. You can object to certain uses of your data (e.g., legitimate-interest processing).

Right to Restrict. You can ask us to limit how we use your data.

Right to Portability. You can request your data in a machine-readable format.

Right to Withdraw Consent. Where we rely on consent (like promotional emails), you can withdraw it anytime.

Right to Complain. You can complain to a supervisory authority. For EU residents: your local data protection authority. For California residents: California Attorney General.

We do not engage in automated decision-making that produces legal effects on you, so GDPR Article 22 rights do not apply.

§9 — How to Exercise Your Rights

Email privacy@darkhorse.codes. Include:

We respond within 14 days. For requests covered by GDPR, EU subscribers have a statutory right to a response within 30 days; we generally beat that.

We may need to verify your identity before processing a request, particularly for access or deletion requests. This protects you against someone else attempting to obtain or delete your data.

§10 — Cookies & Tracking

Essential cookies: Used for login sessions, security, and to make the Service work. Cannot be disabled.

Functional cookies: Remember your preferences (language, subtitle defaults, audio language).

Analytics cookies: Anonymized usage statistics to help us understand and improve the Service.

We do not use:

For EU residents, our cookie banner allows opt-in to non-essential cookies. You can change cookie preferences anytime via the footer link.

§11 — Children's Privacy

DarkHorse is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with information, contact privacy@darkhorse.codes and we will delete it.

For EU residents, the minimum age is 16, or 13-15 with verified parental consent (we ask at signup).

§12 — Breach Notification

If we discover a breach affecting your personal data:

§13 — Updates to This Policy

We may update this Policy. Material updates:

Non-material updates (typos, clarifications) may happen without separate notice but always with a new version number and effective date.

§14 — Contact

Purpose Email
Privacy requests, GDPR / CCPA inquiries privacy@darkhorse.codes
General support support@darkhorse.codes
Legal inquiries legal@darkhorse.codes
DMCA notices dmca@darkhorse.codes

§15 — Region-Specific Provisions

§15.1 — For EU and UK Residents

Under GDPR / UK GDPR, you have all the rights in §8, plus:

We do not have an EU or UK representative — the requirement does not apply at our current scale. Direct your inquiries to privacy@darkhorse.codes.

Lawful Basis Map is in §3 above.

Data Transfers Outside EEA: Standard Contractual Clauses with each US-based processor. See §4 for the list.

§15.2 — For California Residents

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) may not technically apply at our current scale, but we honor CCPA-equivalent rights for all California residents as a matter of practice.

Right to Know: Categories of personal information collected, sources, purposes, and recipients are detailed throughout this Policy.

Right to Delete: Submit deletion requests per §9.

Right to Opt-Out of Sale/Sharing: We do NOT sell your personal information. We do NOT share it for cross-context behavioral advertising. No opt-out is needed because we don't engage in these activities.

Right to Correct: Submit corrections per §9.

Right to Limit Sensitive Personal Information Use: Email privacy@darkhorse.codes. We collect account credentials (subject to this right) and IP address (also subject), but no other sensitive PI categories.

Right to Non-Discrimination: Exercising any of these rights does not affect your service or pricing.

Categories of personal information collected in the last 12 months (per CCPA categorization):

§15.3 — For Other Jurisdictions

If you reside in a jurisdiction with applicable privacy law not specifically called out above (LGPD in Brazil, PIPEDA in Canada, etc.), we apply equivalent protections as a matter of practice. Contact privacy@darkhorse.codes with specific inquiries.


§16 — OMERTA App & Instagram Platform Data

This section applies when you interact with our Instagram presence powered by our O.M.E.R.T.A. application (Meta App ID 1553420016281952) — for example, when you comment on one of our posts, send our account a direct message, or tap a link that opens a conversation with us.

What the app receives from Meta

The app does not receive your password, your email address, your follower list, or access to your private account content.

How we use it

Retention

Conversation and comment data held by the app is retained for up to 12 months from your last interaction, or until you request deletion — whichever comes first. Standard website and click data is governed by §5 and §10 above.

How to Delete Your Data

Send the word DELETE as a direct message to our Instagram account, or email privacy@darkhorse.codes with your Instagram username. We will delete your conversation and comment data held by the app within 30 days and confirm when complete. This also satisfies Meta Platform data-deletion requirements.


Version History


© DarkHorse · Silent · Controlled · Inevitable