1. Introduction
Welcome to the StepUp Horse website (“we,” “us,” or “our”). We are committed to protecting your privacy and ensuring the security of your personal data.
This website is a static brochure site. It does not host user accounts, sell products directly, or embed advertising trackers. This Privacy Policy explains what data we collect, how we use and store it, our integration of third-party services, and your rights under applicable privacy laws, including the European General Data Protection Regulation (GDPR).
2. Data Controller
The data controller responsible for processing your data under this policy is:
StepUp Horse ApS
Copenhagen, Denmark
Email: [email protected]
Website: https://stepuphorse.com
3. Data We Collect and Why We Collect It
We collect and process only the minimum amount of data necessary to operate the website and respond to your inquiries.
- What we collect: Your name, email address, stable or company name, and any message you write when submitting a contact, demo, or pre-order form.
- Why we collect it: To respond to your inquiry, follow up on your request, and maintain a record of our business communications.
B. Hosting and Security Logs
- What we collect: IP address, browser user-agent string, requested URL, timestamp, and HTTP status code.
- Why we collect it: To operate the website, protect against malicious traffic, diagnose errors, and maintain security.
- Processing context: This website is served behind Cloudflare as a content delivery network and reverse proxy. Cloudflare processes visitor IP addresses and request metadata as part of its standard CDN and security services.
C. Language Preference Cookie
- What we collect: A
preferred_locale cookie storing your language choice (e.g., en, fr, sv).
- Why we collect it: To remember your language preference so you are redirected to the appropriate localized version of the site on your next visit.
- Duration: 1 year.
- Type: This is a functional (non-marketing) first-party cookie.
D. Privacy-Friendly Website Analytics (Matomo)
- What we collect: Anonymized IP address (truncated, not stored fully), browser type, operating system, screen resolution, pages visited, referral source, and rough geographic location (country-level only).
- Why we collect it: To understand how visitors use our website, which pages are most popular, and how we can improve the site experience.
- How it is privacy-friendly:
- No cookies: Matomo is configured to not use any cookies. No consent banner is required.
- IP anonymization: IP addresses are anonymized immediately after processing — only the first two octets are stored.
- Self-hosted: Matomo runs on our own infrastructure (
analytics.stepupsolutions.dk). No data leaves our control or is shared with third parties.
- No fingerprinting: We do not use browser fingerprinting, cross-site tracking, or any other identification techniques.
The General Sans web font is served from our own domain (first-party) and does not involve any third-party CDN.
4. Integration of Third-Party Services
To operate and deliver this website, we integrate with a small number of trusted service providers:
- Matomo (self-hosted): Provides privacy-friendly, cookie-less website analytics. Matomo runs on our own infrastructure at
analytics.stepupsolutions.dk. No data is shared with third parties. See Section 3.D for details.
- Formspree: Processes contact, demo, and pre-order form submissions. When you submit a form, your name, email, company name, and message are transmitted to and stored by Formspree on our behalf.
- Cloudflare: Acts as our CDN and reverse proxy. Cloudflare processes visitor IP addresses and request metadata to serve cached pages, mitigate DDoS attacks, and filter malicious traffic.
These third-party providers process data in compliance with their respective privacy policies. They are prohibited from using your data for any purpose other than providing services to StepUp Horse ApS.
5. Legal Basis for Processing (GDPR)
If you are located within the European Economic Area (EEA), our legal basis for collecting and using your personal data depends on the data context:
- Consent: We rely on your consent to store the
preferred_locale cookie on your device. You can withdraw consent at any time by clearing your browser cookies.
- Legitimate Interests: Processing anonymized analytics (Matomo), form submissions, hosting logs, and CDN traffic data is necessary for the legitimate interests of improving our website, operating our business, responding to inquiries, and maintaining security.
- Performance of a Contract: Where you submit a pre-order or demo request, processing your data is necessary to take steps at your request prior to entering a potential commercial relationship.
6. Data Security
- Data Transmission: All communications between your browser and our website are encrypted in transit using HTTPS (SSL/TLS).
- Data Storage: Form submissions are stored by Formspree with appropriate access controls. Hosting logs are retained temporarily and are not used for profiling or marketing.
7. International Data Transfers
As we utilize Cloudflare and Formspree, some of your data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), such as the United States.
To ensure that your data remains safe, Cloudflare and Formspree implement Standard Contractual Clauses (SCCs) approved by the European Commission and are certified under the EU-US Data Privacy Framework to guarantee an equivalent level of data protection.
8. Data Retention
- Form Submissions: We retain contact and lead form submissions for as long as necessary to respond to your inquiry and maintain a record of our business correspondence. You may request deletion at any time.
- Analytics (Matomo): Anonymized analytics data is retained for 24 months, after which it is automatically purged. At no point does this data contain full IP addresses or any personally identifiable information.
- Hosting and CDN Logs: Cloudflare and our hosting provider retain request logs on a rolling basis, typically for 30 days or less.
- Cookie: The
preferred_locale cookie persists for 1 year. You can clear it at any time via your browser settings.
9. Your Data Protection Rights (GDPR)
Under the GDPR and other applicable privacy laws, you possess the following rights:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data.
- Right to Restrict or Object to Processing: You can object to certain data processing activities or ask us to limit how we use your data.
- Right to Data Portability: You can request a machine-readable export of your data.
- Right to Withdraw Consent: Where we rely on consent (e.g., the
preferred_locale cookie), you can withdraw consent at any time by clearing your browser cookies.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technical integrations, or legal obligations. We will notify you of any material changes by updating the “Last Updated” date at the bottom of this policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
StepUp Horse ApS
Email: [email protected]
Copenhagen, Denmark
Website: https://stepuphorse.com
Last Updated: June 23, 2026