Privacy Policy
Last updated: March 2026
1. Introduction
Tech Horizon Labs ("we", "our", "us") is an AI consulting business based on the Sunshine Coast, Queensland, Australia (ABN: 80 976 285 425). We are committed to protecting your privacy and handling your personal information responsibly.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at techhorizonlabs.com or use our services. We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and comply with all applicable privacy laws.
2. Information We Collect
Contact Form
When you submit our contact form, we collect:
- Name
- Email address
- Company name (optional)
- Message content
Newsletter Signup
When you subscribe to our fortnightly newsletter, we collect:
- Email address
AI Readiness Assessment & Scorecard
When you complete our self-assessment tools, we collect:
- Name (optional — only if you opt in to contact)
- Email address (optional — only if you opt in)
- Business name (optional)
- Assessment scores and answers
Analytics (with consent)
If you accept analytics cookies, Google Analytics (GA4) collects anonymised usage data including pages visited, session duration, device type, and approximate location. This data is aggregated and cannot identify you personally.
3. How We Use Your Information
We use the information we collect to:
- Respond to enquiries — contact form submissions are emailed to our team for follow-up
- Deliver newsletters — your email is passed to our newsletter platform for distribution
- Provide assessment results — assessment data is used to generate personalised recommendations emailed to you
- Analyse website usage — anonymised analytics help us improve site content and performance (consent-required)
- Manage leads — contact details are synced to our CRM for relationship management
- Comply with legal obligations — as required by Australian law
4. Third-Party Services
We use the following third-party services to operate our business. Each service receives only the minimum data necessary for its function.
| Service | Purpose | Data Shared | Jurisdiction |
|---|---|---|---|
| Resend | Transactional email delivery | Email address, name, message content | United States |
| Google Analytics (GA4) | Website analytics (consent-required) | Anonymised browsing data, IP anonymised | United States |
| Klipy | CRM — lead management | Name, email, company, submission source | United States |
| Beehiiv | Newsletter platform | Email address | United States |
| Replit | Application hosting | All submitted form data (stored in database) | United States |
| Anthropic (Claude) | AI processing for consulting | Client data only with explicit consent | United States |
| Google Workspace | Internal business operations | Business correspondence | Australia (data region setting) |
5. Cookies & Tracking
Our website uses a cookie consent system. Only essential cookies are set by default. Analytics cookies require your explicit consent.
| Cookie | Type | Purpose | Duration | Consent Required |
|---|---|---|---|---|
thl-cookie-consent | Essential | Stores your cookie preference | Persistent (localStorage) | No — essential |
_ga | Analytics | Google Analytics visitor identifier | 2 years | Yes |
_ga_TN1HR73SJH | Analytics | Google Analytics session state | 2 years | Yes |
6. Data Retention
- Contact form submissions — retained until you request deletion
- Newsletter subscriptions — retained until you unsubscribe
- Assessment submissions — retained for 2 years, then deleted
- Analytics data — 14 months (GA4 default retention period)
- CRM records — retained until you request deletion or the business relationship ends
7. Data Security
We implement appropriate technical and organisational measures to protect your personal information:
- All data transmitted via SSL/TLS encryption
- Database stored with encryption at rest
- Access controls limiting data access to authorised personnel
- Admin endpoints protected by API key authentication
- Rate limiting on all public API endpoints
- Regular review of security practices and access logs
8. Your Rights
Under the Australian Privacy Act 1988, you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate or incomplete information
- Deletion — request deletion of your personal information
- Opt-out — unsubscribe from marketing communications at any time
- Complain — lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
To exercise any of these rights, contact us at hello@techhorizonlabs.com. We will respond within 30 days.
9. International Data Transfers
Some of our third-party service providers are based in the United States (see Section 4). When your data is transferred outside Australia, we ensure that:
- The service provider has strong privacy practices and appropriate security measures
- Data is transferred only for the specific purpose described
- We maintain contractual protections where available
- Australian-hosted alternatives are used where possible (e.g., Google Workspace data region)
10. Notifiable Data Breaches
In the event of a data breach that is likely to result in serious harm, we will:
- Notify affected individuals as soon as practicable
- Report the breach to the OAIC within 30 days as required by the Notifiable Data Breaches (NDB) scheme
- Take immediate steps to contain and remediate the breach
- Document the breach and our response for compliance records
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes affecting how we process your data will be communicated via email where possible.
12. Contact
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:
- Email: hello@techhorizonlabs.com
- Location: Noosa Heads, Sunshine Coast, Queensland, Australia
- ABN: 80 976 285 425