PRIVACY POLICY

Last Updated: February 2026
Effective Date: February 22, 2026

Welcome to Herizon Capital ("we," "our," "us"). We are committed to protecting your privacy and handling your data transparently and responsibly.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you:

Visit our website (herizon.capital)
Apply to our program
Use our educational platform and dashboard
Participate as a mentor, partner, donor, or beta tester
Engage with our community

By using our services, you agree to this Privacy Policy. If you do not agree, please do not use our platform.

2. WHO WE ARE

Legal Entity: Herizon Capital Foundation
Status: 501(c)(3) nonprofit organization (application in process, operating under fiscal sponsorship)
Location: Delaware, USA
Contact: help@herizon.capital

3. INFORMATION WE COLLECT

A. Information You Provide Directly

During Application:

Name, age, email address, phone number
Country of residence, city, timezone
Industry/sector (STEM, Arts, Sports)
Business or career details (stage, revenue, experience)
Responses to interactive quiz/assessment questions
Educational background, professional experience
Why you're seeking funding and how you'd use it

During Program Participation (Founders):

Financial information (revenue, expenses, cash flow, bank account details for repayment)
Capability scores and milestone completion
Journal entries and reflections
Business progress updates (customers, employees, traction)
Health check responses (emotional state, challenges, support needs)
Repayment status and transaction history
Photos, videos, or content you create for ambassadorship

As Mentors/Partners/Donors:

Professional background and expertise
Contact information and availability
Payment/banking information (for mentor stipends or donation receipts)
Feedback and communications

As Beta Testers:

Usage data (which modules completed, time spent, scores)
Feedback submissions and survey responses
Technical issues reported

B. Information We Collect Automatically

Platform Usage Data:

Login times and frequency
Pages/modules visited and time spent
Quiz/assessment answers and scores
Learning streaks and completion rates
Device type, browser, operating system
IP address and general location (city/country level)

Communication Data:

Messages sent within platform (to mentors, peers, advisors)
Email opens and click-through rates
Event attendance (workshops, webinars, showcases)

Cookies and Tracking Technologies:

Session cookies (keep you logged in)
Analytics cookies (Google Analytics, Mixpanel, or similar)
Preference cookies (language, timezone)

We use cookies to improve user experience. You can disable cookies in your browser settings, but this may limit platform functionality.

4. HOW WE USE YOUR INFORMATION

A. To Provide Our Services

Process applications and evaluate eligibility
Create and manage your personal dashboard
Track your capability scores and milestone completion
Deploy capital tranches when milestones are met
Process repayments and update your account
Match you with appropriate mentors
Facilitate peer cohort connections
Send educational content, reminders, and updates
Conduct health checks and provide support
Generate your playbook from journal entries

B. To Improve Our Platform

Analyze which modules are most effective
Identify where users struggle and improve content
A/B test features and educational approaches
Fix bugs and optimize performance
Develop new features based on user behavior

C. To Measure Impact

Calculate Social Return on Investment (SROI)
Track jobs created, revenue generated, wealth built
Measure repayment rates and capital recycling
Generate reports for donors, partners, and board
Publish aggregate impact data (never individual details without consent)

D. To Communicate With You

Send milestone notifications and congratulations
Remind you of upcoming workshops or health checks
Share cohort updates and peer wins
Provide financial education content
Request feedback and surveys
Announce new features or opportunities

E. For Legal and Compliance Purposes

Comply with IRS 501(c)(3) reporting requirements
Maintain records for audits and tax filings
Respond to legal requests (subpoenas, court orders)
Prevent fraud, abuse, or misuse of platform
Enforce our Terms of Service and contracts

5. HOW WE SHARE YOUR INFORMATION

A. With Your Explicit Consent

Public Case Studies:

We may feature your story on our website, in reports, or in marketing materials
You will always be asked for permission before publication
You can approve, edit, or decline any content about you

Ambassador Content:

When you become an ambassador, you'll create public-facing content
You control what you share and how you're represented

B. Within the Herizon Ecosystem

With Your Assigned Mentor:

Your business details, progress, and challenges
Your capability scores and milestone status
Your health check responses

With Your Cohort Peers (Limited):

Name, industry, general business description
You control how much you share in community forums
Private journals are NOT shared with peers

With Advisors/Staff:

Foundation team members involved in your support
Information necessary to provide guidance and deploy capital

C. With Third-Party Service Providers

We work with trusted vendors who help us operate. They only access data necessary for their service:

Payment Processing:

Stripe (for repayment processing, donor transactions)
Bank account information encrypted and stored securely

Email & Communications:

Mailchimp, SendGrid, or similar (for email campaigns)
Zoom (for workshops and mentor sessions)

Analytics & Platform:

Google Analytics, Mixpanel (for usage tracking)
AWS, Heroku, or similar (for platform hosting)

Accounting & Compliance:

QuickBooks, accountants (for financial reporting and 990-PF filing)

All vendors sign data processing agreements and cannot use your data for their own purposes.

D. With Institutional Partners (Aggregated Only)

Capital Partners, Education Partners:

Receive aggregate impact data (total jobs created, average repayment rate, sectors funded)
Do NOT receive individual founder details unless you explicitly consent

E. For Legal Compliance

We may disclose information if required by law:

Court orders, subpoenas, or legal processes
Government investigations or regulatory requests
To protect rights, safety, or property of Herizon or others
To prevent fraud or illegal activity

We will notify you when legally permitted before disclosing your information.

7. HOW WE PROTECT YOUR DATA

Security Measures:

Technical Protections:

Industry-standard encryption (SSL/TLS for data in transit, AES-256 for data at rest)
Secure cloud hosting with regular backups
Two-factor authentication (2FA) available for all accounts
Regular security audits and penetration testing
Role-based access controls (staff only see data they need)

Operational Protections:

Background checks for staff with data access
Confidentiality agreements for all team members
Data breach response plan in place
Regular staff training on data protection

Financial Data:

Bank account information tokenized through Stripe (we don't store full account numbers)
PCI-DSS compliant payment processing
Repayment data encrypted and access-restricted

Data Retention:

Active Participants:

We retain your data for the duration of your participation + 7 years (IRS requirement for 501c3 records)

After Program Completion:

Financial records: 7 years (tax compliance)
Impact data: Indefinitely in aggregated form (anonymized)
Personal details: Deleted upon request after legal retention period ends

If You Withdraw:

We retain financial and contractual records (7 years for compliance)
Educational progress and platform usage data retained for research (anonymized)
Personal communications and journals deleted within 90 days of withdrawal

8. YOUR RIGHTS & CHOICES

A. Access Your Data

Request a copy of all personal information we hold about you
Download your dashboard data, journal entries, and progress reports
How: Email help@herizon.capital

B. Correct or Update Your Data

Update your profile, contact information, or business details anytime via dashboard
Request corrections to inaccurate information
How: Dashboard settings or email privacy@herizon.capital

C. Delete Your Data (Right to be Forgotten)

Request deletion of personal information (subject to legal retention requirements)
We will delete what we can while preserving records required for tax/legal compliance
Aggregate anonymized data may be retained for research
How: Email privacy@herizon.capital with subject "Data Deletion Request"

D. Opt-Out of Communications

Unsubscribe from marketing emails (click "unsubscribe" in any email)
Adjust notification preferences in dashboard settings
Note: You cannot opt-out of essential communications (milestone unlocks, repayment reminders, health checks) while participating in program

E. Limit Data Sharing

Opt-out of being featured in case studies or public materials
Request that your data not be shared with specific partners
Control your visibility within cohort community
How: Dashboard privacy settings or email privacy@herizon.capital

F. Data Portability

Download your data in a machine-readable format (CSV, JSON)
Transfer your educational progress to another platform (if applicable)
How: Dashboard "Export Data" feature or email request

G. Withdraw Consent

If you provided consent for specific data uses (e.g., case study), you can withdraw it
This won't affect lawfulness of processing before withdrawal
How: Email privacy@herizon.capital

9. CHILDREN'S PRIVACY

Our program is open to participants ages 16 and older.

For ages 16-17:

Parental/guardian consent required before participation
Parents/guardians can access and manage minor's data
Special protections apply to minors' data (limited sharing, enhanced security)

We do not knowingly collect data from children under 16. If we discover we have, we will delete it immediately.

10. INTERNATIONAL DATA TRANSFERS

Herizon operates globally but is based in the USA.

If you're outside the USA:

Your data may be transferred to and stored in the United States
We comply with applicable data protection laws (GDPR for EU users, etc.)
Standard Contractual Clauses (SCCs) used for EU data transfers
Your rights under GDPR (if applicable) are preserved

For EU/UK Users (GDPR Rights):

Right to access, rectify, erase, restrict processing
Right to data portability
Right to object to processing
Right to lodge complaint with supervisory authority
Contact our Data Protection Officer: dpo@herizon.capital

11. THIRD-PARTY LINKS

Our platform may link to external sites (resources, partner platforms, payment processors).

We are not responsible for privacy practices of third-party sites.

Before providing information to external sites, review their privacy policies.

12. CHANGES TO THIS PRIVACY POLICY

We may update this policy to reflect:

Changes in legal requirements
New features or services
Improved data protection practices

When we make changes:

Updated "Last Updated" date at top
Notify active users via email (for material changes)
Post notice on platform dashboard
Continued use after changes = acceptance of new policy

You can always view current and previous versions at herizon.capital/privacy

13. CONTACT US

Questions about this Privacy Policy?
Want to exercise your rights?
Concerned about how your data is used?

📧 Email: help@herizoncapital.com

Response time may vary according to demand.

14. CONSENT

By using Herizon Capital's platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described.

Special consent checkboxes during signup:

I consent to Herizon collecting and using my data as described in the Privacy Policy
I consent to my anonymized data being used for research and impact reporting
I consent to being featured in case studies or marketing materials (optional - you can decline and still participate)
I am 16+ years old (or have parental consent if 16-17)