Horaizon Trust Center
Privacy Policy
We believe trust is built through clarity. That is why we are transparent about how we collect and use data, and avoid hiding behind complex wording or fine print.
Read our Privacy Policy below to understand how your data is used.
Horaizon is committed to your privacy
Click on each box below to expand it and read about our policy.
Who we are
Horaizon Ltd (“Horaizon”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our platforms and services, including the Horaizon Hub, AI chat interfaces, and Document Oracle API (together, the “Services”).
This policy applies to personal data processed in connection with our Services, websites, and business operations.
Our Role
Horaizon Ltd is the data controller for the personal data described in this policy.
Company: Horaizon Ltd
Jurisdiction: United Kingdom
Contact: privacy@horaizon.co.uk
Where required, we may appoint a Data Protection Officer or equivalent privacy contact and will update this policy accordingly.
Information we collect about you
We may collect and process the following categories of personal data:
a. Account and Contact Information
- Name
- Email address
- Organisation name
- Account credentials and identifiers
b. Usage and Technical Data
- API usage records and request metadata
- Chatbot interaction metadata
- Pseudonymous user or session identifiers
- Timestamps, system logs, and performance metrics
c. Customer-Provided Content
- Documents, files, or data uploaded through the Services (e.g. invoices, receipts, SOPs, support documentation)
- Extracted or derived fields generated through processing
d. Support and Communications Data
- Support requests and correspondence
- Chat or ticketing system logs
e. Billing and Transaction Data
- Billing contact details
- Invoices and payment records
We do not intentionally collect special category personal data unless explicitly required and agreed as part of the Services.
How we use your data
We process personal data for the following purposes:
- To provide, operate, and maintain the Services
- To authenticate users and manage access (including API keys and permissions)
- To process documents, generate outputs, and deliver AI-assisted functionality
- To provide customer support and respond to enquiries
- To manage billing, invoicing, and contractual obligations
- To monitor, secure, and improve the performance and reliability of our Services
- To comply with legal and regulatory obligations
We do not use customer content to train general-purpose AI models.
Legal basis we rely on to use your data
Under UK GDPR and EU GDPR, we rely on the following lawful bases:
- Performance of a contract: to deliver the Services you have subscribed to
- Legitimate interests: to secure, operate, and improve our Services, subject to appropriate balancing assessments
- Consent: for marketing communications and optional features where required
- Legal obligation: to comply with accounting, tax, and regulatory requirements
Where processing is based on consent, you may withdraw consent at any time.
AI processing and model usage
Horaizon provides AI-enabled functionality using third-party model providers acting strictly as data processors.
- Customer content is processed solely to deliver requested functionality
- Model providers do not retain or use customer data for training
• • Any internal research or improvement activities rely only on aggregated and de-identified usage data that cannot be linked to individuals or organisations
Third parties & sub-processors
We may share personal data with trusted sub-processors where necessary to provide the Services, including:
- Cloud infrastructure and storage providers
- AI model inference providers
- Monitoring, security, and support tooling providers
All sub-processors are contractually bound by data processing agreements in accordance with Article 28 GDPR.
A current list of sub-processors is available on request.
We may also disclose data where required by law, regulation, or lawful authority.
International data transfers
We primarily store and process data within the UK and European Economic Area (EEA).
Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs)
- UK International Data Transfer Addendum
Data retention
We retain personal data only for as long as necessary for the purposes described in this policy:
- Account data: retained for the duration of the account and up to 2 years after closure
- Usage logs and transcripts: retained for up to 12 months, unless aggregated or required for security purposes
- Uploaded documents: retained in accordance with customer instructions and applicable legal obligations (e.g. up to 7 years for accounting records)
Upon valid deletion requests, data is securely deleted subject to legal retention requirements and backup cycles.
Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration, including encryption, access controls, monitoring, and incident response procedures.
Further information is available in our Security Overview upon request.
Your data protection rights
Under UK GDPR and EU GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Request erasure (“right to be forgotten”)
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.
Requests can be made by contacting privacy@horaizon.co.uk.