Privacy Policy
How we collect, use and protect your data within Horizon Suite.
Last Updated: February 2026
1. Data Controller
1.1 The data controller for Horizon Suite is the Operator as defined in the General Terms and Conditions.
1.2 For data protection enquiries, contact: michal@belejconsulting.com
2. Data We Collect
2.1 Account data: email address, hashed password (managed by Supabase authentication).
2.2 Membership application data: full name, company, role, business sector, revenue range, and motivation statement.
2.3 Usage data: session timestamps and feature access logs for platform improvement.
2.4 We do not collect financial data, bank details, or personally identifiable financial disclosures unless explicitly submitted by the Member.
3. Legal Basis for Processing
Personal data is processed under the following lawful bases as defined by UK GDPR:
- Contract performance — processing necessary to provide access to Horizon Suite services;
- Legitimate interests — platform security, fraud prevention, and service improvement;
- Consent — where explicitly given for optional communications.
4. How We Use Your Data
4.1 To verify identity and manage membership access.
4.2 To communicate membership status and platform updates.
4.3 To derive anonymised analytical patterns (no identifiable company data is retained).
4.4 We do not sell, rent, or distribute personal data to third parties.
5. Data Retention
5.1 Membership data is retained for the duration of active membership.
5.2 Analytical data submitted to the platform is retained for a maximum of 30 days.
5.3 Upon membership termination, personal data is deleted within 60 days unless legal compliance requires otherwise.
6. Data Security
6.1 Authentication is managed via Supabase with industry-standard encryption.
6.2 Access to member data is restricted to authorised personnel only.
6.3 We implement appropriate technical and organisational measures as required by the Data Protection Act 2018.
7. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data;
- Rectify inaccurate data;
- Request erasure of your data;
- Restrict or object to processing;
- Data portability;
- Lodge a complaint with the Information Commissioner's Office (ICO).
To exercise any of these rights, contact the data controller at the address above.
8. Third-Party Services
8.1 Supabase: authentication and database services (hosted within the EU/UK).
8.2 Hosting provider: static site hosting with standard security measures.
8.3 No third-party analytics, advertising, or tracking services are used within Horizon Suite.
9. Cookies
9.1 Horizon Suite uses only essential authentication cookies required for session management.
9.2 No marketing, analytics, or third-party cookies are used.
10. Changes to This Policy
10.1 This policy may be updated periodically. The "Last Updated" date will reflect any changes.
10.2 Continued use of the Platform after updates constitutes acceptance of the revised policy.
11. Governing Law
This Privacy Policy is governed by the laws of England and Wales.