Privacy Policy

Effective Date: January 7, 2026

This Privacy Policy describes how Bravo Zulu Consulting LLC, dba Bravo Zulu Intelligence ("Company," "we," "us") collects, uses, shares, and protects information when you use BZHorizon (the "Service").

If you use the Service on behalf of an organization, we process Customer Data as a service provider or processor under your instructions. You are responsible for providing appropriate privacy notices to your end users (employees, customers, vendors, and others).

1. Information We Collect

A. Information You Provide

  • Account data: name, email, password (hashed), role, and user settings.
  • Organization data: business name, address, tax IDs (e.g., EIN), industry, and preferences.
  • Financial data: invoices, bills, payments, journal entries, chart of accounts, and reports.
  • Contacts: customer and vendor names, emails, phone numbers, addresses, and notes.
  • Payroll data (if enabled): employee information, pay statements, payroll-related fields.
  • AI conversation content (when you use AI features).

B. Information From Integrations

  • Plaid: account identifiers, balances, transactions, categories, and access tokens.
  • Stripe: customer IDs, subscription IDs, payment intent IDs, refund IDs, and payment status metadata.
  • Finch: employee directory, pay statements, payroll provider connection data, and access tokens.
  • GDELT: public news data used for vendor analysis.

We do not collect or store your online banking credentials. We do not store full payment card numbers; payment processors handle those details.

C. Automatically Collected Information

  • Log data (IP address, browser type, timestamps, request metadata).
  • Usage analytics (feature usage, performance metrics, AI tool usage).
  • Device storage data (localStorage and sessionStorage values for tokens, preferences, and draft forms).

2. How We Use Information

We use information to:

  • Provide, operate, and maintain the Service (accounting, reconciliation, invoicing, reporting).
  • Run AI features (categorization, analytics, forecasting, and recommendations).
  • Process payments and manage subscriptions.
  • Send emails (invoices, reports, notifications).
  • Secure the Service, prevent fraud, and enforce policies.
  • Comply with legal and regulatory obligations.
  • Provide support and respond to requests.
  • Improve the Service using aggregated or de-identified data where practical.

We do not use Customer Data to train our AI models unless you explicitly opt in.

3. Plaid Data Use

If you connect a financial account through Plaid, you authorize us to receive data from Plaid and your financial institution. We store the Plaid access token and related identifiers to maintain your connection and sync data. We also store the account and transaction data you authorize us to access and use it to provide the Service. You may disconnect accounts at any time, which stops future syncing. We store access tokens encrypted at rest and restrict access to authorized systems.

4. How We Share Information

We share information only as needed to provide the Service:

  • Service providers: hosting, database, email delivery, and support tools.
  • AI providers: Anthropic and OpenAI for AI processing.
  • Financial integrations: Plaid for bank data; Stripe for payments; Finch for payroll data.
  • Public data sources: GDELT for market intelligence and news.
  • Legal: if required by law, court order, or to protect rights and safety.
  • Corporate transactions: if we undergo a merger, acquisition, or asset sale, information may be transferred as part of that transaction.

We do not sell personal information.

When we use AI providers, we send only the content needed to perform the requested AI function. Where supported, we configure providers to limit use of submitted content for training and to handle it as a service provider.

5. Data Storage and Security

We host and store data using Amazon Web Services (AWS). We use reasonable and appropriate safeguards, including encryption in transit and at rest, access controls, and audit trails. No method of transmission or storage is 100 percent secure.

6. Data Retention

We retain data as long as necessary to provide the Service and meet legal requirements:

  • Financial records: retained for up to 7 years to comply with accounting and IRS rules.
  • AI conversations: typically archived after 90 days of inactivity and deleted after 180 days; for performance we may retain only a limited portion of message history (for example, the last 100 messages) depending on plan and configuration.
  • AI usage logs: retained for up to 90 days.
  • Cached analytics: typically cleared after 7 days.
  • Device storage: retained on your device until cleared by logout, cache expiration, or manual removal.

Retention may be extended for legal claims, audits, security investigations, or compliance obligations.

7. Your Choices and Rights

Depending on your location, you may have rights to:

  • Access, correct, or delete your information.
  • Export your data.
  • Restrict or object to processing.
  • Withdraw consent (where applicable).

To exercise rights, contact us at info@bzintelligence.ai. We may require verification and may decline requests where retention is required by law.

8. International Transfers

We may process data in the United States and other countries where our providers operate. We use appropriate safeguards for cross-border transfers.

9. Cookies and Local Storage

We use local storage and session storage for authentication tokens, preferences, and draft data. We do not use tracking cookies for advertising unless explicitly disclosed.

10. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the Effective Date and post the revised policy.

12. Contact

Bravo Zulu Consulting LLC, dba Bravo Zulu Intelligence
1201 O St, Ste 309 Unit 678
Lincoln, NE 68508
info@bzintelligence.ai