Privacy Policy
1. Introduction
The Reserve Pro LLC, operator of the CashHorizon platform ("we," "us," "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use CashHorizon ("Service"). This policy complies with the EU General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA"), and other applicable data protection laws. If you are located in the European Economic Area ("EEA"), United Kingdom, or California, you have additional rights described in Sections 11 and 12.
2. Data Controller / Business
The Reserve Pro LLC 1209 Mountain Road Pl NE, Ste R, Albuquerque, NM 87110, USA EIN: 32-0835689 State Entity ID: 0008062062 (New Mexico) Email: admin@cashhorizon.io Phone: +1 (505) 226-2760
For GDPR purposes, The Reserve Pro LLC is the "data controller." For CCPA purposes, The Reserve Pro LLC is the "business."
3. Information We Collect
- Account Information — Email address, password (stored as a cryptographic hash; we never store your plaintext password), display name, timezone, profile picture (optional).
- Financial & Business Data — All cash-flow data you enter, including monthly targets, supplier orders, payment terms, marketplace configurations, product details, inventory levels, recurring transactions, modifiers, and planner decisions.
- Marketplace Integration Data — When you connect a marketplace API (Amazon, Shopify, eBay, Walmart), we retrieve order history, product catalog, inventory levels, payout/settlement data, and reserve amounts. API credentials are stored encrypted.
- Payment Information — Processed exclusively by Stripe, Inc. We do not store your full credit card number, CVV, or bank account details.
- Communication Data — If you connect WhatsApp: your phone number and message history with the AI assistant. If you use AI Chat: your chat messages and the AI's responses.
- Usage & Analytics Data — Login timestamps, pages visited, features used, AI message counts. Collected via PostHog (anonymous, no PII).
- Technical Data — IP address, browser type and version, operating system, device type, referring URL.
4. How We Use Your Information
- Providing the Service — Processing your data to generate cash-flow projections, KPIs, charts, and reports.
- Account Management — Creating and maintaining your account, authenticating access.
- Payment Processing — Managing subscriptions, processing payments via Stripe.
- Transactional Communications — Account verification emails, password resets, subscription confirmations, payment receipts.
- Optional Notifications — Payment reminders, balance alerts, daily digests via email, WhatsApp, or Telegram. You can opt out at any time.
- AI Features — Transmitting your financial data snapshot to Anthropic's Claude API to generate AI chat responses.
- Security — Detecting and preventing fraud, unauthorized access, and abuse.
- Service Improvement — Analyzing aggregated, anonymized usage patterns.
- Legal Compliance — Responding to legal requests, enforcing our Terms, complying with applicable laws.
5. Legal Basis for Processing (GDPR)
- Performance of Contract (Art. 6(1)(b)) — Processing necessary to provide the Service, manage your account, and process payments.
- Legitimate Interest (Art. 6(1)(f)) — Service improvement, security, fraud prevention, aggregated analytics.
- Consent (Art. 6(1)(a)) — Optional features: WhatsApp, Telegram, optional email notifications, cookie consent.
- Legal Obligation (Art. 6(1)(c)) — Where required to retain or disclose data by law.
6. AI Data Processing
When you use AI Chat, WhatsApp, or Telegram AI features, a snapshot of your current cash-flow data is sent to Anthropic's Claude API along with your message. Anthropic processes this data solely to generate a response and does not use it to train, fine-tune, or improve their models. AI conversation history is retained for up to 90 days for quality and debugging purposes, then permanently deleted. You may disable AI features at any time. For details on Anthropic's data handling, see Anthropic's Privacy Policy.
7. Data Sharing & Third-Party Processors
We do not sell, rent, or trade your personal information. We share data only with the following service providers ("processors"), each bound by data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Supabase (AWS) | Database hosting, authentication | US |
| Stripe, Inc. | Payment processing | USA |
| Anthropic | AI chat responses | USA |
| Vercel | Application hosting, serverless functions | USA |
| Resend | Transactional email delivery | USA |
| Meta (WhatsApp Business API) | WhatsApp messaging | USA/EU |
| Telegram FZ-LLC | Telegram message delivery | UAE / Global |
| PostHog | Anonymous product analytics | EU |
| Sentry | Error monitoring | USA |
We may also disclose information if required by law, court order, or governmental authority, or if necessary to protect the rights, safety, or property of The Reserve Pro LLC, our users, or the public.
8. Data Retention
- Account & Financial Data — Retained for as long as your account is active. You may delete individual records at any time within the app.
- AI Chat History — 90 days from the date of the conversation, then permanently deleted.
- Audit Logs — 12 months, then permanently deleted.
- Payment Records — Retained for 7 years as required by US tax law (IRS record-keeping requirements).
- Technical/Server Logs — 30 days.
- After Account Deletion — All personal data is permanently removed within 30 days of account deletion, except where retention is required by law. Backups are purged within 90 days.
9. Data Security
- Encryption in transit via TLS 1.3 for all connections
- Encryption at rest for database storage (AES-256)
- Password hashing using bcrypt (via Supabase Auth)
- Row-level security (RLS) policies ensuring users can only access their own data
- API rate limiting and CORS policies
- Encrypted storage of marketplace API credentials
- Regular security reviews and dependency audits
- Monitoring via Sentry for error detection
In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of discovery (as required by GDPR) and within the timeframes required by applicable US state breach notification laws.
10. International Data Transfers
The Reserve Pro LLC is based in the United States. If you are accessing the Service from outside the US (including the EEA, UK, or other jurisdictions), your data will be transferred to and processed in the United States. For transfers from the EEA/UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with all sub-processors that include appropriate safeguards, and the EU-US Data Privacy Framework, where applicable.
11. Your Rights — GDPR (EEA/UK Residents)
- Right of Access (Art. 15) — Request a copy of all personal data we hold about you.
- Right to Rectification (Art. 16) — Correct inaccurate or incomplete data.
- Right to Erasure (Art. 17) — Request deletion of your data.
- Right to Data Portability (Art. 20) — Export your data in JSON or CSV.
- Right to Restrict Processing (Art. 18) — Request that we limit how we process your data.
- Right to Object (Art. 21) — Object to processing based on legitimate interest.
- Right to Withdraw Consent (Art. 7) — Withdraw consent for optional processing at any time.
- Right to Lodge a Complaint — You may file a complaint with your local data protection supervisory authority.
To exercise any right, email admin@cashhorizon.io. We will respond within 30 days (extendable to 60 days for complex requests, with notice).
12. Your Rights — CCPA (California Residents)
- Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete — Request deletion of your personal information, subject to certain exceptions.
- Right to Correct — Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing — We do not sell or share your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
To exercise your rights, email admin@cashhorizon.io or use the in-app account deletion and data export features. We will respond within 45 days.
13. Cookies & Local Storage
See our separate Cookie Policy for full details. In summary: we use essential cookies only (Supabase authentication session). No tracking, advertising, or third-party cookies. We use browser local storage for UI preferences.
14. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected data from a child under 18, we will delete it promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email and/or a prominent in-app notice at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
16. Contact
The Reserve Pro LLC 1209 Mountain Road Pl NE, Ste R, Albuquerque, NM 87110, USA Email: admin@cashhorizon.io Phone: +1 (505) 226-2760 Website: https://cashhorizon.io
We aim to respond to all inquiries within 30 days.