Legal Center

All legal documents governing use of CashHorizon are published below. If you have any legal or compliance question, email admin@cashhorizon.io.

Terms of Service

Subscription terms, refund policy, acceptable use, limitation of liability, governing law.

Privacy Policy

How we collect, use, store, and protect your personal information. GDPR and CCPA compliant.

Cookie Policy

What cookies and local storage we use (only essential — no tracking cookies).

Data Processing Agreement

Terms for customers processing personal data subject to GDPR, CCPA, or other data protection laws.

About / Company

Formation, state entity ID, EIN, registered address, ownership of the CashHorizon brand.

Cookie Policy

Last updated: April 13, 2026

This Cookie Policy explains how The Reserve Pro LLC, operator of CashHorizon ("we," "us"), uses cookies and similar technologies when you visit or use the CashHorizon platform ("Service"). This policy should be read alongside our Privacy Policy.

What are cookies? Cookies are small text files stored on your device by your web browser. They can be "session" cookies (deleted when you close your browser) or "persistent" cookies (remain until expiry or deletion).

What we use. Only strictly necessary (essential) cookies. We do NOT use advertising, marketing, or third-party tracking cookies.

sb-*-auth-token (Supabase) — Essential. Keeps you logged in. Session / 7 days.
sb-*-auth-token-code-verifier (Supabase) — Essential. PKCE verifier for secure OAuth. Session.
ch_cookie_consent (CashHorizon, local storage) — Records your cookie consent preference. 1 year.

Local storage. We use browser local storage to save UI preferences (theme, selected brand, onboarding state, chart view preferences, collapsed panel states). This data never leaves your device.

Third-party cookies. We do not embed tracking pixels, social media widgets, or advertising scripts. PostHog (anonymous analytics) is configured to use first-party cookies only. Stripe may set its own cookies during checkout flows on Stripe-hosted pages — see Stripe's Cookie Policy.

Do Not Track. Because we do not use tracking cookies and do not track users across third-party websites, the DNT signal does not change our behavior.

Data Processing Agreement (DPA)

Last updated: April 13, 2026

This DPA forms part of the agreement between The Reserve Pro LLC ("Processor") and the customer ("Controller") for the provision of the CashHorizon Service. It applies when the Controller's use of the Service involves the processing of personal data subject to GDPR, CCPA, or other applicable data protection laws.

Roles. The Controller determines what data is entered into CashHorizon and for what purpose. The Processor processes that data solely to provide the Service as described in the Terms of Service. The Processor shall:

Process Personal Data only on documented instructions from the Controller
Not process Personal Data for any purpose other than providing the Service
Ensure persons authorized to process Personal Data have committed themselves to confidentiality
Implement appropriate technical and organizational measures to ensure security
Assist the Controller in responding to Data Subject requests
Delete or return all Personal Data upon termination, unless retention is required by law

Sub-processors. The Controller authorizes the Processor to engage: Supabase (on AWS), Stripe, Anthropic, Vercel, Resend, Meta (WhatsApp Business API), Telegram FZ-LLC, PostHog, Sentry. The Processor will notify the Controller at least 14 days before adding or replacing a sub-processor.

Security. TLS 1.3 in transit, AES-256 at rest, row-level security, bcrypt password hashing, API rate limiting, encrypted storage of third-party API credentials, automated monitoring (Sentry), incident response procedures.

Data breach notification. The Processor shall notify the Controller without undue delay and no later than 48 hours after becoming aware of a breach, providing sufficient information to meet Controller obligations under GDPR Article 33 and 34.

International transfers. For EEA/UK transfers, the Processor relies on Standard Contractual Clauses (EC Decision 2021/914), sub-processor agreements with equivalent safeguards, and the EU-US Data Privacy Framework where applicable.

Audits. The Processor shall make available documentation of security measures and processing activities and allow audits upon at least 30 days' notice, limited to once per year unless a breach has occurred.

Governing law. This DPA is governed by the laws of the State of New Mexico, USA, except where GDPR mandates the application of EU member state law for EEA/UK Personal Data.

Contact

The Reserve Pro LLC
1209 Mountain Road Pl NE, Ste R, Albuquerque, NM 87110, USA
Email: admin@cashhorizon.io
Phone: +1 (505) 226-2760
Website: https://cashhorizon.io