Skip to main content

HORIZON FINANCE, INC.

PRIVACY POLICY

Last Amended: June 20, 2026

SECTION 1. INTRODUCTION AND SCOPE

1.1 Commitment to Privacy. Horizon Finance, Inc. ("Horizon," "we," "us," or "our") is committed to the responsible collection, use, and protection of personal information. This Privacy Policy ("Policy") describes in detail the categories of personal information we collect about you, the purposes for which we use that information, the circumstances under which we disclose it to third parties, the measures we employ to protect it, and the rights available to you with respect to your personal information.

1.2 Scope of Application. This Policy applies to all personal information collected by Horizon through: (a) the Horizon Finance mobile application and web-based platform (collectively, the "Service"); (b) our website located at www.myhorizonfinance.com; (c) any application programming interfaces (APIs) through which you or third-party platforms connect to the Service; (d) written, electronic, or telephonic communications between you and Horizon; and (e) any other interactions you have with Horizon in connection with the Service. This Policy does not apply to information collected by third-party services, including financial institutions, data aggregators, financial advisors, or other partners whose products or services may be accessible through or referenced within the Service. Such third parties maintain their own privacy policies and practices for which Horizon bears no responsibility.

1.3 Relationship to Terms of Use. This Policy is incorporated by reference into, and forms an integral part of, Horizon's Terms of Use. Capitalized terms used but not defined herein shall have the meanings ascribed to them in the Terms of Use.

1.4 Regulatory Framework. Horizon's privacy practices are designed to comply with applicable federal and state privacy and data protection laws, including without limitation: the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"); the Telephone Consumer Protection Act ("TCPA"), 47 U.S.C. § 227; the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. §§ 6501–6506; and applicable state data breach notification statutes. California residents should additionally refer to our California Privacy Notice for the CCPA/CPRA-specific disclosures, including categories of personal information collected, your California-resident rights, and the cookie policy.

SECTION 2. INFORMATION WE COLLECT

2.1 Overview. We collect personal information from multiple sources and through multiple means. The categories of information we collect, their sources, and the business purposes for which each is collected are described below. We collect only information that is reasonably necessary to provide and improve the Service, to protect our legal rights, and to comply with applicable law.

2.2 Information You Provide Directly.

We collect the following information that you submit to us voluntarily through the onboarding questionnaire, account settings, and other interactive features of the Service:

  • Identity and Contact Information: Your full name, email address, mobile telephone number, and, if applicable, residential address or zip code.

  • Demographic Information: Your age or date of birth, household size, marital status, and employment status, to the extent you elect to provide such information.

  • Financial Profile Data: Gross annual income; monthly or annual savings and investment contributions; total asset values by category (e.g., retirement accounts, brokerage accounts, cash and equivalents, real estate); total liabilities by category (e.g., mortgage balance, student loans, credit card debt, auto loans); self-reported risk tolerance; and estimated Social Security benefit expectations.

  • Retirement and Financial Goals: Target retirement age, desired retirement income, planned retirement location, anticipated major expenditures (e.g., housing goals, education funding), and other personal financial objectives you input into the Service.

  • Communications Content: The content, metadata, and any attachments associated with any communications you send to Horizon, including customer support inquiries, feedback submissions, and correspondence relating to advisor referral requests.

You are not required to provide all of the foregoing information, but incomplete submissions may limit the accuracy, relevance, or utility of the Outputs generated by the Service.

2.3 Information Collected Automatically.

When you access or use the Service, we and our third-party technology partners automatically collect certain technical and behavioral information, including:

  • Device and Technical Information: Device type, model, and manufacturer; operating system and version; unique device identifiers (including advertising identifiers where applicable); mobile network information; browser type and version; and screen resolution.

  • Log and Usage Data: Internet protocol (IP) address; timestamps of access; pages, screens, and features accessed; actions taken within the Service (including feature interactions such as assumption adjustments in the Analyze & Play tool, opportunity card engagements, and advisor pop-up interactions); session duration; and referring URLs.

  • Location Information: Approximate geographic location derived from IP address. We do not collect precise GPS-level location data unless you expressly grant such permission through your device settings.

  • Behavioral Analytics Data: Patterns of Service usage, frequency of logins, feature engagement rates, and interaction sequences within the Service, collected to improve user experience and Service functionality.

  • Cookies and Similar Tracking Technologies: Information collected through cookies, web beacons, pixels, local storage objects, and similar technologies as described in the Cookie Policy set forth in Section C of this Compliance Package. We and these partners also use advertising and measurement cookies and pixels to measure conversions and improve our ads.

2.4 Information Received from Third-Party Data Sources.

With your express authorization, we may receive personal and financial information from third-party sources, including:

  • Financial Data Aggregators: If you elect to connect external financial accounts to the Service through a data aggregation platform such as Plaid, Inc. (or a successor provider), we receive, in reliance on your authorization to that aggregator, financial account data including account balances, transaction histories, account type and institution information, and aggregate income and spending data. The scope of data retrieved is governed by the permissions you grant at the time of account connection and is subject to the aggregator's own terms and policies.

  • Credit Data Providers: If, in connection with certain features of the Service (including, where applicable, advisor matching or financial health assessments), you authorize Horizon to access credit-related information, we may receive data from consumer reporting agencies or credit data platforms. Any such access will be preceded by a separate, explicit disclosure and consent process in compliance with the Fair Credit Reporting Act, 15 U.S.C. §§ 1681 et seq. ("FCRA").

  • Identity Verification Services: We may use third-party identity verification or fraud prevention services to confirm the accuracy of information you provide and to protect the integrity of the Service.

  • Advisor and Partner Platforms: If you engage with a financial advisor or Third-Party Provider through the Service, that party may share information about the status of your engagement back to Horizon, solely for the purpose of improving the referral experience and measuring Service quality.

2.5 Inferences and Derived Data.

Using the information described above, Horizon's AI systems generate inferences and derived data, including retirement readiness assessments, financial opportunity scores, scenario-based projections, and personalized content signals. Such inferences are generated solely for the purpose of providing the Service to you and improving its accuracy. We treat inferences derived from sensitive financial data with the same level of care as the underlying source data.

SECTION 3. PURPOSES AND LEGAL BASES FOR PROCESSING

3.1 Primary Service Purposes. We process your personal information for the following primary purposes:

  • Service Delivery: To generate retirement timeline projections, scenario analyses, financial opportunity identifications, and other Outputs that constitute the core functionality of the Service.

  • Account Creation and Authentication: To establish and maintain your account, authenticate your identity through phone number verification and one-time passcode delivery, and manage account security.

  • Personalization: To tailor the features, content, and presentation of the Service to your financial profile and stated objectives, and to retain your preferences and settings across sessions.

  • Transactional Communications: To deliver one-time passcodes, account activity alerts, material policy update notifications, and other communications that are necessary components of the Service.

3.2 Secondary Service Purposes. We may also process your personal information for the following secondary purposes, each of which is consistent with the reasonable expectations of users of a financial planning service:

  • Product Referrals: To identify and present financial products and services offered by Third-Party Providers that may be relevant to your financial profile, in connection with the compensation disclosure obligations set forth in the Terms of Use.

  • Advisor Matching and Referral: To facilitate connections between you and licensed financial advisers, subject to your express consent and the data sharing disclosures set forth in Section F of this Compliance Package.

  • AI Model Improvement: To use aggregated, de-identified, and anonymized data derived from user interactions to train, test, validate, and improve the accuracy and reliability of Horizon's AI projection models. Horizon will not use individually identifiable financial data for model training without your express, informed consent.

  • Safety, Security, and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized account access, identity theft, and other potentially illegal or harmful activities.

  • Legal Compliance and Rights Protection: To comply with applicable law, regulations, and lawful governmental requests; to establish, exercise, or defend legal claims; and to protect the rights, property, and safety of Horizon, its users, and the public.

  • Business Analytics and Service Improvement: To analyze aggregate usage patterns, measure feature performance, conduct internal research, and develop new features and services, in each case using data in a manner that does not identify individual users.

3.3 No Sale of Your Information. Horizon does not sell your personal information, and we never share your Financial Data — income, assets, debts, account balances, or financial goals — with advertisers. To measure and improve our own marketing, Horizon shares a limited set of identifiers — in hashed form where supported — with advertising and measurement partners. Under California law this activity may constitute "sharing" for cross-context behavioral advertising; you may opt out at any time, as described in Section 8.5.

SECTION 4. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES

4.1 General Principle. Horizon does not sell your personal information. We disclose personal information to third parties only in the circumstances described in this Section, and only to the extent necessary for the stated purpose.

4.2 Service Providers and Processors.

We engage third-party companies and individuals to perform functions on our behalf that are necessary to operate and improve the Service. These service providers act as data processors and are contractually prohibited from using your personal information for any purpose other than providing services to Horizon. Categories of service providers include:

  • Cloud infrastructure and hosting providers that store and process data on Horizon's behalf;

  • Analytics platforms that help us understand Service usage and performance;

  • SMS and communication delivery providers that transmit one-time passcodes and account notifications;

  • Customer relationship management (CRM) and customer support platforms;

  • Identity verification and fraud prevention services;

  • Data aggregation platforms (e.g., Plaid) through which you authorize account connectivity;

  • Legal, accounting, and compliance advisors operating under professional confidentiality obligations; and

  • Cybersecurity and data protection service providers.

All service providers with access to personal information are required to execute data processing agreements with Horizon that impose obligations of confidentiality, data security, and use limitation consistent with this Policy and applicable law.

4.3 Third-Party Financial Product Referrals.

When you engage with a referral opportunity presented within the Service — such as a high-yield savings account, checking account product, or other financial instrument — we may share limited personal and financial profile data with the relevant Third-Party Provider for the purpose of facilitating your inquiry or enrollment. Such sharing will be disclosed to you at or before the point of engagement, and will be limited to the data necessary to initiate the referral. Horizon will not share more data than is reasonably necessary for the purpose, and all such sharing is subject to applicable law.

4.4 Financial Advisor Referrals.

If you request a connection with a financial adviser through the Service, Horizon will share specified categories of Financial Data and profile information with the relevant adviser or adviser network. The specific data categories to be shared, and the identity of the receiving adviser or firm, will be disclosed to you through a separate, explicit consent interface at the time of the referral request, as described in detail in Section F (Advisor Lead Data Disclosure Framework) of this Compliance Package. You are not obligated to consent to such sharing, and declining will not affect your ability to continue using the core features of the Service. If you do consent, your data will be subject to both this Policy and the adviser's own privacy disclosures.

4.5 Legal Process and Governmental Requests.

Horizon may disclose personal information to governmental authorities, law enforcement agencies, or other third parties when we have a good-faith belief that such disclosure is required by, or necessary to comply with: (a) applicable law, regulation, rule, or legal process, including a court order, subpoena, civil investigative demand, or governmental audit; (b) a request from a regulatory body with jurisdiction over Horizon or its activities; or (c) the terms of a binding agreement with a governmental authority. Where legally permitted and practicable, Horizon will use commercially reasonable efforts to notify you of any such request before complying, so that you may seek a protective order or other appropriate relief. In responding to legal process, Horizon will produce only the minimum amount of data required to satisfy the legal obligation.

4.6 Protection of Rights and Safety.

Horizon may disclose personal information to third parties to the extent we reasonably believe such disclosure is necessary to: (a) investigate, prevent, or take action with respect to suspected or actual fraud, identity theft, or other financial crimes; (b) enforce or protect Horizon's rights and property under the Terms of Use or applicable law; (c) protect the personal safety of any individual, including Horizon employees, users, or the general public; or (d) respond to imminent physical threats.

4.7 Corporate Transactions.

In connection with any proposed or consummated merger, acquisition, reorganization, joint venture, assignment, bankruptcy proceeding, or sale of all or a material portion of Horizon's assets, your personal information may be disclosed to the counterparties, their advisers, and their financing sources under appropriate confidentiality obligations, and may be transferred to a successor entity as part of the transaction. In the event of a completed corporate transaction, Horizon will use commercially reasonable efforts to ensure that the successor entity is bound by privacy obligations no less protective than those set forth in this Policy with respect to personal information collected prior to the transaction, or will provide you with notice and choice before your personal information is used in a materially different manner.

4.8 Aggregated and De-Identified Information.

Horizon may freely use, publish, and disclose aggregated, de-identified, and anonymized data — that is, data that has been processed so that it cannot reasonably be used to identify you individually — for any lawful purpose, including research, business analytics, marketing, and service improvement. Such use is not subject to the restrictions in this Policy, provided that Horizon does not attempt to re-identify any individual from such data.

4.9 Advertising and Measurement Partners. To measure and improve our own marketing, Horizon shares a limited set of identifiers — in hashed form where supported — with advertising and measurement partners. We do not share your Financial Data with these partners. This sharing may constitute "sharing" for cross-context behavioral advertising under the CCPA/CPRA; you may opt out as described in Section 8.5.

SECTION 5. DATA SECURITY

5.1 Technical and Organizational Measures. Horizon employs a comprehensive information security program designed to protect your personal information against unauthorized access, use, disclosure, alteration, or destruction. Our security measures include, without limitation:

  • Encryption of data in transit using industry-standard Transport Layer Security (TLS) protocols;

  • Encryption of sensitive data at rest using AES-256 or equivalent encryption standards;

  • Multi-factor authentication requirements for administrative access to production systems containing personal information;

  • Role-based access controls limiting employee access to personal information on a need-to-know basis;

  • Regular security assessments, penetration testing, and vulnerability scanning of production systems;

  • Vendor security assessment protocols for all service providers with access to personal information;

  • Employee training on data privacy and security obligations; and

  • An incident response plan governing the detection, containment, and remediation of security incidents.

5.2 Limitations of Security. Notwithstanding the foregoing, no security measure or system is impenetrable, and Horizon cannot guarantee the absolute security of your personal information. The transmission of information over the internet inherently carries risks that are beyond Horizon's control. You are responsible for maintaining the security of your account credentials and for notifying Horizon promptly of any suspected unauthorized account access.

5.3 Breach Notification. In the event of a security breach that compromises the security, confidentiality, or integrity of your unencrypted personal information, Horizon will comply with applicable state and federal breach notification laws, including notifying affected individuals in the manner and within the timeframes required by the applicable statutes of each affected individual's state of residence. Horizon will also notify relevant regulatory authorities as required by law.

SECTION 6. DATA RETENTION AND DELETION

6.1 Retention Periods. Horizon retains personal information for as long as is reasonably necessary to fulfill the purposes for which it was collected, as set out in this Policy, unless a different retention period is required or permitted by law. In determining appropriate retention periods, Horizon considers: (a) the nature and sensitivity of the personal information; (b) the purposes for which the information is processed and whether those purposes can be achieved through less information or in a shorter period; (c) applicable legal, regulatory, tax, and accounting requirements that may mandate minimum retention periods; and (d) the potential risk of harm from unauthorized use or disclosure. As a general framework:

  • Active account data is retained for the duration of your account relationship with Horizon and for a period of [X] years thereafter, to support dispute resolution, fraud prevention, and legal compliance.

  • Financial account data retrieved through a Data Aggregator is retained for [X] days following the end of your authorization, after which it is deleted or anonymized, unless retention is required by law.

  • Transactional log data and technical records are retained for [X] months for security monitoring and debugging purposes.

  • Communications records are retained for [X] years to document consent and to respond to regulatory inquiries.

  • Anonymized and aggregated data derived from your information may be retained indefinitely, as it no longer constitutes personal information.

6.2 Account Deletion Requests. You may request deletion of your account and associated personal information at any time by submitting a written deletion request to privacy@myhorizonfinance.com. Horizon will process deletion requests within 30 days of receipt, subject to verification of your identity. Certain categories of information may be retained beyond your deletion request to the extent required by applicable law, including records required by tax authorities, financial regulators, or anti-money laundering statutes, or to the extent necessary to defend or resolve pending or threatened legal claims.

6.3 Backup and Residual Data. Following account deletion, residual copies of your data may remain in Horizon's encrypted backup systems for a period of up to [X] months, consistent with Horizon's backup and disaster recovery procedures. Such residual data is isolated from active systems and will be deleted in the ordinary course of Horizon's backup rotation schedule.

SECTION 7. CHILDREN'S PRIVACY

7.1 Age Restriction. The Service is directed exclusively to individuals who are eighteen (18) years of age or older. Horizon does not knowingly collect, solicit, receive, or use personal information from any individual under the age of eighteen (18). If you are under eighteen, you are not authorized to use the Service.

7.2 COPPA Compliance. The Service is not a website or online service directed to children within the meaning of the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. §§ 6501–6506, and Horizon does not knowingly collect personal information from children under the age of thirteen (13). If Horizon discovers that it has inadvertently collected personal information from a person under the age of thirteen, it will promptly delete such information from its systems.

7.3 Parental Notification. If you are a parent or guardian and you believe that your minor child has provided personal information to Horizon without your consent, please contact us immediately at privacy@myhorizonfinance.com. We will investigate and, if confirmed, promptly delete the minor's information from our systems.

SECTION 8. YOUR PRIVACY RIGHTS AND CHOICES

8.1 General Rights. Depending on your jurisdiction of residence, you may have one or more of the following rights with respect to your personal information. Horizon will honor all legally required rights requests submitted in compliance with the procedures set forth in this Section, subject to applicable exceptions and to Horizon's ability to verify your identity.

8.2 Right of Access.

You may request that Horizon provide you with a copy of, or a summary of, the personal information we hold about you, including: the categories of personal information collected; the specific pieces of personal information we have collected; the sources from which such information was obtained; the business purposes for which it was collected; and the categories of third parties with whom it has been shared. Horizon will respond to verified access requests within the timeframes required by applicable law.

8.3 Right of Correction.

You have the right to request that Horizon correct inaccurate personal information we maintain about you. You may update much of your profile information directly through the account settings interface within the Service. For corrections to information that cannot be self-corrected through the Service, submit a written request to privacy@myhorizonfinance.com describing the specific inaccuracy and, where applicable, providing supporting documentation.

8.4 Right of Deletion.

Subject to the exceptions described in Section 6.2, you have the right to request deletion of the personal information we hold about you. Horizon may decline to delete, or may retain, certain categories of information to the extent permitted or required by applicable law, including information needed to: complete a transaction you have authorized; detect, investigate, or prevent security incidents or fraud; comply with a legal obligation; or defend or exercise legal rights.

8.5 Your Right to Opt Out of Sharing.

Horizon does not sell your personal information. We do share certain identifiers with advertising and measurement partners for cross-context behavioral advertising, as described in Section 3.3. You may opt out at any time, without detriment to your use of the Service, via the "Your Privacy Choices" link in our site footer, or by emailing privacy@myhorizonfinance.com. We also honor Global Privacy Control (GPC) signals.

8.6 Right to Limit Use of Sensitive Personal Information.

To the extent that Horizon processes "sensitive personal information" as defined under applicable law, including income data, precise financial account information, and government-issued identifier numbers, Horizon limits its use of such information to the purposes of providing the Service and the reasonably expected secondary purposes set forth in this Policy. Horizon does not use sensitive personal information to infer characteristics about you beyond what is necessary to deliver the Service.

8.7 Right to Data Portability.

To the extent required by applicable law, you may request that Horizon provide your personal information in a structured, commonly used, machine-readable format. Horizon will use commercially reasonable efforts to honor portability requests within the timeframes required by law, subject to technical feasibility and to the extent that doing so would not adversely affect the rights and freedoms of other individuals.

8.8 Communication Preferences.

Horizon sends two categories of electronic communications: (a) transactional and service communications (including one-time passcodes, account security alerts, and material policy update notices), which are necessary components of the Service and from which you cannot opt out while maintaining an active account; and (b) promotional or marketing communications, which Horizon will not send without your prior, separate opt-in consent. If Horizon obtains your consent to send promotional communications, you may withdraw that consent at any time by following the unsubscribe instructions in such communications or by contacting us at privacy@myhorizonfinance.com.

8.9 Exercising Your Rights; Response Timeframes.

To exercise any of the rights described in this Section, submit a written request to Horizon by emailing privacy@myhorizonfinance.com. Your request must include sufficient information to allow Horizon to verify your identity, including at minimum your name and the telephone number or email address associated with your account. Horizon will acknowledge receipt of your request within 10 business days and will respond substantively within the timeframes required by applicable law (generally 45 days, extendable by an additional 45 days with notice where reasonably necessary). Horizon will not discriminate against you in the provision or pricing of the Service for exercising any of your privacy rights.

8.10 Authorized Agents.

You may designate an authorized agent to submit privacy rights requests on your behalf. To use an authorized agent, you must either: (a) provide the authorized agent with written, signed permission to act on your behalf and verify your own identity directly with Horizon; or (b) provide Horizon with a valid power of attorney executed in compliance with applicable state law. Horizon reserves the right to deny requests submitted by authorized agents who cannot demonstrate proper authorization.

SECTION 9. INTERNATIONAL USERS

9.1 Geographic Scope. The Service is designed for use by individuals located in the United States. Horizon does not intend to direct the Service to individuals located outside the United States, and does not represent that the Service is appropriate for use in any other jurisdiction.

9.2 Data Transfers. Horizon's servers and data processing operations are located in the United States. If you access the Service from outside the United States, you acknowledge that your information will be transferred to, stored in, and processed in the United States, where data protection and privacy laws may differ from those in your country of residence. By using the Service from outside the United States, you consent to such transfer and processing.

SECTION 10. THIRD-PARTY LINKS, INTEGRATIONS, AND SERVICES

10.1 Third-Party Services. The Service may contain links to, or enable integrations with, third-party websites, applications, financial institutions, data aggregation platforms, and advisor networks. This Policy does not govern the data collection, use, or disclosure practices of any third party, regardless of whether that third party is accessible through or referenced within the Service. Horizon has no control over, and expressly disclaims all responsibility for, the privacy practices of any third-party service. We encourage you to read the privacy policy of every website, application, or service you visit or use.

10.2 Social Login and Third-Party Authentication. If Horizon introduces any third-party login or single sign-on features in the future, the scope of information received from the applicable third-party platform and Horizon's use of such information will be disclosed at the time such features are made available.

SECTION 11. CHANGES TO THIS PRIVACY POLICY

11.1 Right to Amend. Horizon reserves the right to modify this Policy at any time to reflect changes in our data practices, legal obligations, or Service features. We will identify the effective date of any revision at the top of this document.

11.2 Notice of Material Changes. When we make changes that are material — meaning changes that significantly affect how we collect, use, or share your personal information — we will provide notice through one or more of the following methods: (a) a prominent notice within the Service displayed at or before your next login following the change; (b) an email to the address associated with your account; or (c) a push notification through the Service. We will provide notice of material changes at least 30 days before the changes take effect, where practicable.

11.3 Continued Use. Your continued access to or use of the Service following the effective date of a revised Policy constitutes your acceptance of the revised Policy. If you do not agree with a material change to the Policy, you may request deletion of your account prior to the effective date of the change.

11.4 Prior Versions. Horizon will maintain an archive of prior versions of this Policy and make them available upon written request submitted to privacy@myhorizonfinance.com, so that you may review the historical evolution of Horizon's data practices.

SECTION 12. CONTACT INFORMATION AND PRIVACY INQUIRIES

Questions, requests, or concerns regarding this Policy or Horizon's data practices should be directed to Horizon's Privacy Team:

Horizon Finance, Inc.
Attn: Privacy Officer
[STREET ADDRESS]
[CITY, STATE, ZIP]
Email: privacy@myhorizonfinance.com
Telephone: [PHONE NUMBER]
Privacy Request Portal: [URL]

If you are a California resident with a privacy complaint that has not been resolved to your satisfaction, you may contact the California Privacy Protection Agency ("CPPA") at cppa.ca.gov or the California Attorney General's office at oag.ca.gov/privacy.