Control Horizon

Privacy Policy

Last updated: March 2026

1. Who We Are

Control Horizon is operated by Arcbene Pty Ltd, a company registered in the Australian Capital Territory, Australia (ABN available on request). In this policy, “we”, “us”, and “our” refer to Arcbene Pty Ltd.

2. Information We Collect

We collect information in the following categories:

Account information

When you create an account, we collect your name, email address, and authentication credentials (managed by our authentication provider, Clerk). We do not store passwords directly.

Project and risk data

Data you enter into the Service — including projects, risks, controls, treatments, and configurations — is stored to provide the Service. This is your data and you retain full ownership.

Usage data

We collect basic usage information such as pages visited, features used, browser type, and IP address. This helps us improve the Service and diagnose issues.

Payment information

Payment details are processed by our payment provider and are not stored on our servers. We retain transaction records (plan type, dates, amounts) for billing and accounting.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To authenticate your identity and manage your account
  • To process payments and manage subscriptions
  • To communicate with you about the Service (e.g., updates, support)
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not sell your personal information. We do not use your project or risk data for advertising, marketing to third parties, or training AI models.

4. Data Sharing

We share your information only in the following circumstances:

  • Service providers: We use third-party services for authentication (Clerk), hosting (AWS), and payment processing. These providers access data only as needed to perform their services.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

5. Data Storage and Security

Your data is stored on servers located in the United States (AWS). We use encryption in transit (TLS) and at rest (AES-256) to protect your data. Access to production systems is restricted and audited.

While we implement reasonable security measures, no system is completely secure. You are responsible for keeping your account credentials confidential.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal and project data within 30 days, except where retention is required for legal, accounting, or compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, contact us at privacy@controlhorizon.io.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels. Our analytics, if any, use privacy-respecting, cookie-free methods.

9. Australian Privacy Act

We comply with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth). If you believe we have breached the APPs, you may lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the Service or by email. The “Last updated” date at the top reflects the most recent revision.

11. Contact

For privacy-related enquiries, contact Arcbene Pty Ltd at privacy@controlhorizon.io.

Arcbene Pty Ltd
Canberra, ACT, Australia

← Back to home