1. Information We Collect

We collect information that you provide directly or that is automatically collected when you use our services. This includes:

• Contact & Identification Data: Full name, email address, phone number.
• Professional Information: Your resume and business questionnaire responses (e.g., preferences, budget, team size, target market).
• Authentication Data: OAuth tokens or email-based credentials via NextAuth.
• Session Data: Secure session identifiers stored in our database to maintain your login session.
• Communication & File Data: Messages, attachments, and files exchanged within our post-payment chatroom.
• Usage Data: Anonymous analytics data collected by Google Analytics (e.g., page views, traffic sources) to improve user experience.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our consultancy platform and services.
• Authenticate and authorize your access to secure areas of the site.
• Customize and deliver business planning deliverables based on your selected service bundle.
• Process payments through Stripe; we never store your full payment card details.
• Communicate with you via email and our secure chatroom regarding updates and deliverables.
• Analyze usage patterns via Google Analytics and generate aggregated reports to enhance our services.
• Comply with legal obligations, enforce our Terms of Service, and protect against fraud or unauthorized activity.

We will not use your personal data for unsolicited marketing communications unless you have opted in separately.

3. Cookies & Tracking Technologies

We use minimal cookies for essential functionality (e.g., session management). We do not deploy cookies for advertising or behavioral profiling. Google Analytics may set cookies to collect anonymous usage metrics. You can opt out of this tracking by disabling cookies in your browser or installing a privacy extension.

4. Payments

Payments for consulting services are processed through Stripe. We only store transaction references and status; all sensitive payment details are handled by Stripe in accordance with PCI DSS standards.

5. Data Sharing & Disclosures

We do not sell, trade, or rent your personal data. We may share information in the following scenarios:

• Service Providers: Trusted third parties who perform services on our behalf (e.g., hosting, analytics, payment processing) under confidentiality obligations.
• Legal Requirements: When required by law, subpoena, or governmental authority.
• Protection of Rights: To enforce our Terms, investigate fraud, or protect the safety of our users.

6. International Data Transfers

Our servers are located in Canada and the United States. If you are located outside these regions, please be aware that your data may be transferred to, processed, and stored there, where data protection laws may differ from those in your country. We implement safeguards such as encryption to protect your information during transfer.

7. Data Retention & Deletion

We retain personal data only for as long as necessary to fulfill the purposes outlined herein or as required by law. You may request deletion or export of your personal data by contacting us at any time. We will authenticate your request and respond within 30 days.

8. Security Measures

We employ administrative, technical, and physical safeguards including SSL/TLS encryption, firewalls, access controls, and secure database encryption to protect against unauthorized access, alteration, or destruction of your personal information.

9. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

• Access the personal data we hold about you.
• Correct or update inaccurate or incomplete data.
• Request deletion of your data or restrict processing.
• Object to processing for certain purposes (e.g., legitimate interests).
• Receive a portable copy of your data in a structured format.

To exercise any of these rights, please contact us at horizon@horizon-consultancy.com. We will verify your identity and respond within 30 days.

10. Children's Privacy

Our services are intended for users aged 16 or older. We do not knowingly collect personal data from anyone under 16. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada, without regard to conflict of law principles.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Substantive changes will be communicated via email or by prominent notice on our website prior to the change taking effect.