Horizon

Legal

Privacy Policy

Last updated on April 22, 2026

This Privacy Policy explains how Horizon AI Global Inc. and its affiliates (collectively, "Horizon", "we", "us", or "our") collect, use, share, and protect personal data when you visit our website at https://usehorizon.ai (the "Site") or use our AI-powered continuous discovery platform (the "Platform"). It is designed to meet the requirements of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (together, the "CCPA").

1. Who we are

Horizon is a B2B SaaS company headquartered in San Francisco, California, with engineering and operations in Montevideo, Uruguay. When we process personal data on behalf of enterprise customers (for example, employee conversation data), we act as a processor under GDPR and a service provider under the CCPA. When we process data from visitors to our Site, we act as a controller.

For any questions about this policy or to exercise your rights, email privacy@usehorizon.ai.

2. Data we collect on the marketing site

  • Analytics and usage data. When you visit the Site we collect IP address, browser type, device identifiers, pages viewed, referral source, and timestamps via cookies and similar technologies (including PostHog and Vercel Analytics).
  • Form submissions. If you fill out a form on the Site (for example, the contact, demo, or strategic alliance forms), we collect the name, work email, company, job title, message, and any other information you provide.
  • Communications. If you email us, we keep a record of the correspondence.

3. Data we collect in the Platform

When your employer deploys Horizon, the Platform processes information your employer provides or authorizes us to collect, including:

  • Employee conversation data. Text and optional voice transcripts of conversations between employees and our AI interviewer.
  • Organizational structure data. Names, titles, email addresses, reporting lines, teams, and work areas, as supplied by your employer.
  • Account data. Login identifiers and authentication metadata for administrators.
  • Derived insights. Ranked opportunities, process maps, and initiative drafts generated by our AI models from the inputs above.

We do not sell personal data, and we do not use employee conversation data to train models that serve other customers.

4. How we use personal data

  • To provide, operate, and improve the Site and the Platform.
  • To respond to inquiries, schedule demos, and deliver customer support.
  • To secure our systems and detect, prevent, or investigate abuse and fraud.
  • To comply with legal obligations and enforce our terms.
  • To send product updates and marketing communications, where you have opted in. You can unsubscribe at any time.

5. Legal bases (GDPR)

  • Contract. To provide the Platform to enterprise customers and their authorized users.
  • Legitimate interests. To secure our services, improve the product, and run our business, balanced against your rights.
  • Consent. For optional marketing communications and non-essential cookies, where required.
  • Legal obligation. To comply with laws, regulations, and valid government requests.

6. Storage, encryption, and retention

Data is stored in hardened cloud environments with access controls, audit logging, and encryption both in transit (TLS 1.2+) and at rest (AES-256). We operate dedicated environments for enterprise customers who require them.

Retention periods depend on the type of data and the contract with the relevant enterprise customer. Marketing-site form submissions are retained for up to 24 months unless you ask us to delete them sooner. Platform data is retained according to the data-processing agreement in place with each customer. Retention periods referenced here are current defaults and may be adjusted before publication pending legal review.

7. Third-party processors and vendors

We work with a limited set of subprocessors to operate our Site and Platform:

  • Vercel (United States) for hosting the Site and API routes.
  • Resend (United States) for transactional email delivery from contact and inquiry forms.
  • PostHog (United States) for product and website analytics.
  • Cloudflare (United States) for edge security and bot protection (including Turnstile).

A full subprocessor list for the Platform is available to enterprise customers on request. We update this list as new processors are added.

8. Your rights under GDPR

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data, subject to legal exceptions.
  • Restrict or object to certain processing.
  • Receive a portable copy of your data in a machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority if you believe we have violated your rights.

9. Your rights under CCPA

If you are a California resident, you have the right to know what personal information we collect, use, disclose, and share; to request deletion or correction of your personal information; to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising); and to limit the use of sensitive personal information. You will not be discriminated against for exercising any of these rights.

10. How to exercise your rights

Email privacy@usehorizon.ai with your request. We will verify your identity using reasonable methods (for example, confirming control of the email address on file) and respond within the timelines required by applicable law. If you are an employee of an enterprise customer, we will generally direct rights requests to your employer, who is the controller of your data in the Platform.

11. Children's privacy

Horizon is a B2B product and the Site is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided personal data to us, please email privacy@usehorizon.ai and we will delete the data.

12. International data transfers

Data may be processed in the United States, the European Union, and other jurisdictions where our vendors operate. Where personal data is transferred from the EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

13. Cookies

We use cookies and similar technologies to operate the Site, remember your language preference, measure usage, and secure forms. Strictly necessary cookies are always on. Non-essential cookies are only set where permitted. You can control cookies through your browser settings. A dedicated cookie consent experience is on our roadmap and will replace this summary in a future update.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make a material change, we will update the "Last updated" date at the top of this page and, where required by law, provide additional notice. Continued use of the Site or the Platform after an update means you accept the revised policy.

15. Contact

Questions, requests, or complaints about this Privacy Policy or our data practices should be sent to privacy@usehorizon.ai.