Effective Date: January 10, 2026
The data controller responsible for your personal information is:
Horizon Analytic Studios, LLC
7402 Albany Dr
Amarillo, TX 79118
United States
Privacy Inquiries: support@horizonanalytic.com
As a software development company that does not engage in large-scale processing of sensitive personal data or systematic monitoring of individuals, we are not required to appoint a Data Protection Officer (DPO) under GDPR Article 37. However, you may direct all privacy-related inquiries to the email address above.
We collect and process the following categories of personal information:
Payment processing is handled by Stripe. We do not store full payment card numbers on our servers.
Collected automatically when you access our services:
If you connect external analytics services:
When you download our software products:
We process your personal data only when we have a lawful basis to do so under applicable data protection laws. The legal bases we rely on depend on the purpose for which we process your data.
We process certain data because it is necessary to perform our contract with you or to take steps at your request before entering into a contract:
We process certain data based on our legitimate interests, provided these interests are not overridden by your rights and freedoms. For each legitimate interest listed below, we have conducted a balancing test to ensure our interests do not override your fundamental rights.
Your Right to Object: You may object to processing based on legitimate interests at any time. When you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims. To object, email support@horizonanalytic.com with the subject line "Right to Object" and specify which processing activities you object to. We will respond within 30 days.
We only process certain data with your explicit consent, which you may withdraw at any time:
Withdrawing Consent: You may withdraw your consent at any time by: clicking the "unsubscribe" link in any marketing email, adjusting your preferences in your account settings, or contacting us at support@horizonanalytic.com. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal. We will process your withdrawal request within 48 hours.
We process certain data to comply with legal requirements:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract |
| Payment processing via Stripe | Contract |
| Transactional emails (receipts, password reset) | Contract |
| Platform security monitoring | Legitimate Interest |
| Analytics for product improvement | Legitimate Interest |
| Server logs and error tracking | Legitimate Interest |
| Service updates and security alerts | Legitimate Interest |
| Marketing emails and newsletters | Consent |
| Non-essential analytics cookies | Consent |
| Tax record retention | Legal Obligation |
| Responding to legal requests | Legal Obligation |
We implement appropriate technical and organizational measures to protect the security of your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure.
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, or as required by law. Below are our specific retention periods for each category of data.
| Data Category | Retention Period | Retention Trigger |
|---|---|---|
| Account Data | Duration of account + 30 days after deletion request | Account deletion request |
| Transaction Records | 7 years | End of tax year in which transaction occurred |
| Financial/Billing Information | 7 years | Last payment or subscription end |
| Website Analytics (GA4) | 14 months | Data collection date |
| Usage Data | 90 days | Activity date |
| Server/Application Logs | 90 days | Log creation date |
| Security/Audit Logs | 12 months | Log creation date |
| Contact Form Submissions | 1 year | Resolution of inquiry |
| Software License Records | License duration + 7 years | License expiration or termination |
| Download History | 3 years | Download date |
| Email Correspondence | 2 years | Last communication |
| Marketing Consent Records | Duration of consent + 3 years | Consent withdrawal or account deletion |
The retention countdown begins based on specific trigger events for each data type:
Data in backup systems may persist for up to 90 days beyond the stated retention periods due to our backup rotation schedule. When you request deletion, we will remove your data from active systems within 30 days. Backup data will be deleted through our regular backup rotation process, typically within 90 days of your deletion request.
In certain circumstances, we may be required to retain data longer than the standard periods:
Tax and Financial Regulations
Transaction records and financial data must be retained for 7 years to comply with IRS requirements and applicable tax laws. This includes invoices, payment records, and subscription history.
Legal Holds and Litigation
When litigation is reasonably anticipated or ongoing, normal retention policies may be suspended. All relevant data will be preserved until the legal matter is fully resolved, even if it exceeds standard retention periods.
Regulatory Compliance
Certain records may be retained longer to comply with regulatory requirements, respond to audits, or fulfill legal obligations to government authorities.
Fraud Prevention
Data related to fraudulent or abusive activity may be retained to protect against future fraud, establish legal claims, or cooperate with law enforcement.
Where possible, instead of deleting data, we may anonymize it so that it can no longer be associated with you. Anonymized data may be retained indefinitely for statistical analysis, research, and service improvement purposes. Anonymized data is not considered personal data under GDPR or CCPA.
Questions About Data Retention: If you have questions about our retention practices or would like to request deletion of your data, please contact us at support@horizonanalytic.com with the subject line "Data Retention Inquiry."
If you are located in the European Union or European Economic Area, you have specific rights under the General Data Protection Regulation (GDPR). We are committed to honoring these rights and providing you with control over your personal data.
You have the right to obtain confirmation as to whether we are processing your personal data and, if so, to access that data along with information about:
You have the right to request correction of inaccurate personal data and to have incomplete data completed. You can update most of your information directly through your account settings, or contact us for assistance with data that cannot be self-corrected.
Also known as the "right to be forgotten," you may request deletion of your personal data when:
Note: This right is not absolute. We may retain certain data where required by law (e.g., tax records) or where necessary to establish, exercise, or defend legal claims.
You may request that we restrict processing of your personal data when:
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV). Where technically feasible, you may also request that we transmit this data directly to another controller. This right applies to data you have provided to us where processing is based on consent or contract performance.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. When you object:
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. Currently, we do not make any automated decisions that produce legal effects on our users. If this changes, we will provide meaningful information about the logic involved and the significance of such processing.
To exercise any of these rights, please contact us at:
Email: support@horizonanalytic.com
Subject Line: "GDPR Request - [Type of Request]" (e.g., "GDPR Request - Data Access" or "GDPR Request - Erasure")
Right to Lodge a Complaint: If you believe we have not handled your request appropriately or have infringed your rights, you have the right to lodge a complaint with a supervisory authority. You can find your local data protection authority through the European Data Protection Board member list.
This section applies to California residents and is provided in compliance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). While our company may not currently meet the statutory thresholds that trigger CCPA obligations, we voluntarily extend these rights to California residents as part of our commitment to privacy.
In the preceding 12 months, we have collected the following categories of personal information:
| CCPA Category | Examples Collected | Collected |
|---|---|---|
| A. Identifiers | Name, email, IP address, account name | Yes |
| B. Customer Records | Name, address, payment information | Yes |
| C. Protected Classifications | N/A | No |
| D. Commercial Information | Products purchased, subscription history | Yes |
| E. Biometric Information | N/A | No |
| F. Internet/Network Activity | Browsing history, interactions with our site | Yes |
| G. Geolocation Data | IP-based approximate location | Yes |
| H. Sensory Data | N/A | No |
| I. Professional/Employment Info | Company name, job role (if provided) | Yes |
| J. Education Information | N/A | No |
| K. Inferences | N/A (no profiling conducted) | No |
We Do Not Sell Your Personal Information
Horizon Analytic Studios does not sell personal information to third parties for monetary or other valuable consideration. We have not sold personal information in the preceding 12 months.
Data Sharing for Analytics: We use Google Analytics to understand how visitors interact with our website. This may constitute "sharing" of personal information under CPRA, as data such as IP addresses and browsing behavior is transmitted to Google. This sharing is solely for website analytics purposes and is not used for cross-context behavioral advertising by us.
To Opt Out of Analytics Tracking: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, adjusting your browser's cookie settings, or using browser privacy features such as "Do Not Track."
In the preceding 12 months, we have disclosed personal information to the following categories of third parties for business purposes:
All third-party service providers are contractually obligated to use your information only for the specific purposes for which we engaged them and to maintain appropriate security measures.
As a California resident, you have the following rights under CCPA/CPRA:
Right to Know
You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it. You may make this request up to twice per 12-month period.
Right to Delete
You may request that we delete the personal information we have collected about you, subject to certain exceptions (such as data needed to complete a transaction, detect security incidents, or comply with legal obligations).
Right to Correct
You may request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale/Sharing
While we do not sell personal information, you may opt out of the sharing of your information with Google Analytics as described above.
Right to Limit Use of Sensitive Personal Information
We do not collect sensitive personal information as defined by CPRA (such as Social Security numbers, precise geolocation, racial/ethnic origin, or health information) beyond what is necessary to provide our services.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny services, charge different prices, provide different quality of service, or retaliate against you for exercising your privacy rights.
To submit a request to know, delete, or correct your personal information:
Verification: To protect your privacy, we will verify your identity before processing your request. This may include confirming information associated with your account or asking you to provide additional verification.
Authorized Agents: You may designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization, and we may still verify your identity directly.
This section describes how we use cookies, local storage, and similar technologies to store and access information on your device. Understanding these technologies helps you make informed choices about your privacy.
For complete details on our cookie usage and how to manage your preferences, please see our Cookie Policy.
Our platform primarily uses browser storage technologies (localStorage and sessionStorage) rather than traditional HTTP cookies for most functionality. Authentication tokens are stored in your browser and sent via secure headers rather than cookies. Third-party services, such as Google Analytics, may set their own cookies as described below.
These storage items are strictly necessary for the platform to function. They enable core features like authentication and cannot be disabled while using our services.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| access_token | localStorage | JWT authentication token for API requests | 30 minutes (token expiry) |
| refresh_token | localStorage | Token used to obtain new access tokens | Until logout |
| user | localStorage | User profile information (name, email, role) | Until logout |
| current_organization_id | localStorage | Currently selected organization context | Until logout or change |
| cookie_consent | localStorage | Stores your cookie consent preferences | 1 year |
These storage items remember your preferences and settings to provide a better experience. Clearing these will reset your preferences but will not prevent you from using the platform.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| pwa_preferences | localStorage | Tracks PWA installation prompts shown to you | Persistent |
| usageMonitoringSettings | localStorage | Your usage monitoring preferences | Persistent |
These items are stored only for the duration of your browser session and are automatically cleared when you close the browser tab.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| redirectAfterOrgCreate | sessionStorage | Remembers where to redirect after org creation | Tab session |
| ab_test_session_id | sessionStorage | Anonymous identifier for A/B testing features | Tab session |
We use Google Analytics 4 to understand how visitors use our website. Google Analytics sets cookies on your device to collect anonymous usage data. These cookies are set and managed by Google, not by us.
| Cookie Name | Provider | Purpose | Expiration |
|---|---|---|---|
| _ga | Distinguishes unique users by assigning a randomly generated client ID | 2 years* | |
| _ga_<container-id> | Persists session state across page views | 2 years* | |
| _gid | Distinguishes users for short-term tracking | 24 hours | |
| _gat | Throttles request rate to limit data collection | 1 minute |
*Browser policies may limit cookie duration. Most browsers limit first-party cookies to approximately 400 days (13 months). Safari may further limit cookies to 7 days without return visits.
You have control over cookies and storage on your device. Here are your options:
Browser Settings
Most browsers allow you to view, manage, and delete cookies and site data through their settings. You can also configure your browser to block cookies entirely or prompt you before accepting them.
Clearing Storage
To clear localStorage and sessionStorage for our site, use your browser's developer tools (usually F12) or clear site data through browser settings. Note that clearing essential storage will log you out of your account.
Google Analytics Opt-Out
To prevent Google Analytics from collecting your data, install the Google Analytics Opt-out Browser Add-on. This add-on prevents the Google Analytics JavaScript from sharing information with Google Analytics about visits activity.
For detailed instructions on managing cookies in your specific browser, please visit:
In addition to traditional HTTP cookies, we use the following browser technologies:
These technologies are governed by the same principles as cookies and can be managed through your browser settings under "Site Data" or similar options.
We use trusted third-party service providers to operate our platform. Each provider receives only the data necessary for their specific function and is contractually obligated to protect your information. Below is a complete list of third-party services that may receive your data.
We use Stripe to process payments securely. Stripe is PCI-DSS Level 1 certified, the highest level of certification available in the payments industry.
Data Shared with Stripe:
Privacy Policy: stripe.com/privacy
Data Processing: Stripe acts as an independent data controller for payment data. See the Stripe Privacy Center for more information.
We use AWS to host our platform and provide core infrastructure services. AWS maintains numerous compliance certifications including SOC 1/2/3, ISO 27001, and GDPR compliance.
AWS Services Used:
Data Processed by AWS:
Privacy Notice: aws.amazon.com/privacy
Data Region: Our AWS infrastructure is hosted in the United States (us-east-1 region). AWS complies with the EU-US Data Privacy Framework.
We use Google Analytics 4 to understand how visitors use our website and to improve our services. This helps us analyze traffic patterns and optimize user experience.
Data Collected by Google Analytics:
Privacy Policy: policies.google.com/privacy
How Google Uses Data: google.com/policies/privacy/partners
Opt Out: You can prevent Google Analytics from collecting your data by installing the Google Analytics Opt-out Browser Add-on, using browser privacy settings, or enabling "Do Not Track" in your browser.
We use Google Fonts to display typography on our website. When you visit our site, your browser downloads font files directly from Google servers.
Data Transmitted to Google:
Privacy Information: developers.google.com/fonts/faq/privacy
| Service Provider | Purpose | Data Categories |
|---|---|---|
| Stripe | Payment processing | Identifiers, financial data, billing address |
| AWS S3 | File storage and downloads | Downloaded files, request metadata |
| AWS SES | Email delivery | Email addresses, names, message content |
| Google Analytics | Website analytics | IP address, usage data, device info |
| Google Fonts | Typography | IP address, browser info |
Data Processing Agreements: We maintain appropriate data processing agreements with our service providers as required by GDPR. These agreements ensure that our providers process your data only on our instructions and implement appropriate security measures.
Horizon Analytic Studios is based in the United States. If you are accessing our services from outside the United States, please be aware that your personal data will be transferred to, stored, and processed in the United States.
Our infrastructure and services are hosted in the following locations:
The third-party services we use also process data in the United States:
| Service Provider | Processing Location | Transfer Mechanism |
|---|---|---|
| Amazon Web Services | United States | DPF Certified + SCCs |
| Stripe | United States | DPF Certified + SCCs |
| Google (Analytics, Fonts) | United States | DPF Certified + SCCs |
When we transfer personal data from the European Union, European Economic Area, or the United Kingdom to the United States, we rely on the following legal mechanisms as permitted under GDPR Articles 44-49 and the UK GDPR:
EU-US Data Privacy Framework (DPF)
On July 10, 2023, the European Commission adopted an adequacy decision for the EU-US Data Privacy Framework under GDPR Article 45. All of our third-party service providers (AWS, Stripe, and Google) are certified under the DPF and have committed to complying with its principles. This certification allows for lawful transfers of personal data from the EU/EEA to these US-based organizations.
UK Extension to the EU-US DPF
For transfers from the United Kingdom, our service providers also participate in the UK Extension to the EU-US Data Privacy Framework. This provides equivalent protections for UK residents' personal data under the UK GDPR.
Standard Contractual Clauses (SCCs)
As an additional safeguard, our data processing agreements with third-party providers incorporate the European Commission's Standard Contractual Clauses (SCCs) approved under Commission Implementing Decision (EU) 2021/914. These clauses provide contractual protections for your data regardless of the DPF's status.
If you are located in the EU/EEA or UK, you have the following rights regarding international data transfers:
Questions About Data Transfers: If you have questions about our international data transfer practices or would like to obtain a copy of the transfer safeguards we use, please contact us at support@horizonanalytic.com with the subject line "Data Transfer Inquiry."
Our services are designed for businesses and professionals. We do not knowingly collect or solicit personal information from children.
Our services are intended for use by adults in a professional or business capacity:
Horizon Analytic Studios provides business-to-business analytics software and services. Our platform is not designed for, marketed to, or intended for use by children. We do not intentionally collect personal information from anyone under the minimum age requirements stated above.
If we learn that we have inadvertently collected personal information from a child below the applicable minimum age, we will take immediate steps to:
If you believe we have collected information from a child under the applicable minimum age, or if you are a parent or guardian who believes your child has provided us with personal information, please contact us immediately:
Email: support@horizonanalytic.com
Subject Line: "Child Privacy Concern"
We will promptly investigate any report and take appropriate action, including deleting the child's personal information from our records.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. This section describes how we will notify you of any changes.
The effective date of this Privacy Policy is displayed at the top of this page and at the bottom of the policy. Any changes will be effective from the date stated in the updated policy unless we specify otherwise.
We are committed to keeping you informed about how we protect your privacy. Depending on the significance of the changes, we may notify you in one or more of the following ways:
Material Changes
For significant changes that affect how we collect, use, or share your personal information, we will:
Minor Changes
For minor changes (such as clarifications, formatting updates, or corrections that do not materially affect your rights), we will update the policy and the "Last updated" date without additional notice.
Material changes include, but are not limited to:
By continuing to use our services after the effective date of an updated Privacy Policy, you acknowledge the revised terms. If you do not agree with any changes, you should stop using our services and may request deletion of your account and personal data as described in Section 6 (GDPR Rights) or Section 7 (CCPA/CPRA Rights) of this policy.
Stay Informed: We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information. You can always find the current version at horizonanalytic.com/landing/privacy.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Last updated: January 10, 2026