Privacy Policy

New Moon Labs, Inc. (“we,” “us,” or “our”) operates Horizons. This Privacy Policy describes how we collect, use, disclose, and protect your personal and financial information when you use our service. Where specific laws provide greater protections, those protections apply.

1. Data We Collect

• Account Information: Name, email address, and password (hashed) when you create an account.
• Financial Profile Data: Income, expenses, assets, liabilities, and planned future expenses that you enter into Horizons for forecasting purposes.
• Bank Data via Plaid: If you connect a bank account, Plaid securely transmits account balances and transaction data. We do not store your bank credentials.
• Payment Data via Stripe: If you subscribe to Horizons Pro, Stripe processes your payment information. We do not store full credit card numbers; Stripe handles all payment data in compliance with PCI-DSS.

2. How We Use Your Data

We use your data solely for the purpose of providing the Horizons service:

• Generating financial forecasts, projections, and Monte Carlo simulations based on your inputs.
• Managing your account, authentication, and subscription status.
• Sending transactional emails (account verification, password resets, billing receipts).

We do not sell, rent, or share your personal data for advertising or marketing purposes.

3. Third-Party Services

We share data with the following third-party providers only as necessary to operate Horizons:

• Plaid — To securely connect and retrieve data from your bank accounts. Plaid processes data under its own privacy policy.
• Stripe — To process subscription payments securely. Stripe processes data under its own privacy policy.
• Resend — To deliver transactional emails (verification, password resets, billing notifications).

4. Data Retention

We retain your data for as long as your account is active. When you delete your account, we permanently remove all associated personal and financial data from our systems. Backups containing your data are purged within 30 days of account deletion.

5. Your Rights

You have the following rights regarding your personal data. If you are a California resident, these rights are provided under the California Consumer Privacy Act as amended by CPRA.

• Right to Know / Access: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it. Use Settings → Export Data in the app or email us.
• Right to Delete: Request deletion of all personal information we hold. Use Settings → Delete Account in the app. This cancels your subscription, disconnects Plaid, and permanently removes all profile, financial, and audit data.
• Right to Correct: Request correction of inaccurate information via the entity edit pages or by contacting us.
• Right to Limit Use of Sensitive PI: Request that we limit our use of your financial data to purposes necessary to provide the Service.
• Right to Opt Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising. No opt-out action is needed.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights.
• Data Portability: Export your data in a structured JSON format via Settings → Export Data.

To exercise any right, use the in-app controls or email contact@chartyourhorizons.com. We will verify your identity and respond within 45 days.

6. Cookies

Horizons uses only strictly necessary httpOnly cookies for authentication and session management. We do not use tracking or advertising cookies. With your consent, we use a privacy-friendly product-analytics tool (see Service Monitoring below) that stores pseudonymous usage events in your browser’s local storage rather than cookies; analytics is off until you opt in, and you can withdraw consent at any time. For more details, see our Cookie Policy.

7. Service Monitoring

We use Sentry (sentry.io) for error tracking and performance monitoring. When an error occurs, Sentry receives a report containing the request path, error type, and stack trace. These reports help us identify and fix issues quickly. Sentry does not receive your email address, name, financial data, or any personally identifiable information — automatic PII collection is disabled. Sentry processes this data under their Data Processing Addendum.

With your consent, we also use PostHog for product analytics — pseudonymous, aggregated usage events (for example, which features are used), tied to an account identifier but never your name or email, that help us prioritize improvements. Analytics is off until you opt in, stores its data in your browser’s local storage rather than cookies, never records your screen, and never receives your financial data. You can withdraw consent at any time from our Cookie Policy. PostHog processes this data under their Data Processing Addendum.

8. Security

We use industry-standard security measures to protect your data, including encrypted connections (TLS), hashed passwords, and secure httpOnly cookies. While no system is completely secure, we are committed to protecting your information and promptly addressing any security concerns.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy, please contact us at contact@chartyourhorizons.com.