Legal

Privacy Policy

Last updated: May 16, 2026 · Applies to: Horizon Market Compass (iOS, macOS) v2.0+

      The short version: Horizon does not collect, store, or share any personal information. All your data stays on your device by default. There are two optional features, both disabled by default and requiring your explicit consent, that send limited data to our servers: Share Links (a time-limited read-only snapshot, Section 4) and Cloud Alerts (your watchlist + Apple push-notification token so a daily market-close summary can be calculated server-side and pushed even when the app is closed, Section 5). Turning either feature off permanently deletes the associated data from our servers.
    

1. Information We Collect

Horizon does not collect any personally identifiable information. Specifically:

No account registration is required
No name, email, or contact information is collected
No location data is accessed
No analytics or tracking SDKs are included in the app
No advertising identifiers (IDFA) are collected
No device identifiers are collected, except an Apple Push Notification service (APNs) token when you explicitly enable Cloud Alerts or Price Movement Alerts — see Section 5

2. Data Stored on Your Device

All portfolio data you enter (holdings, cost basis, number of shares) is stored locally on your device using Apple's SwiftData framework. This data:

Never leaves your device to our servers, except via the optional Share Links feature (Section 4) or the optional Cloud Alerts feature (Section 5)
May be synced to your other Apple devices via iCloud if you have CloudKit sync enabled in Settings (controlled entirely by you)
Is included in your iCloud backup if you have iCloud backup enabled
Is deleted when you delete the app

3. Third-Party Market Data Services

Horizon fetches live market data from the following public APIs. These requests are made directly from your device — or, for popular tickers, through our shared cache server described at the end of this section. All requests contain only stock ticker symbols, fund codes, or currency codes — no personal data is sent:

Yahoo Finance — stock quotes, dividend data, historical prices, and company information.
Financial Modeling Prep (FMP) — fallback data source for quotes and fundamentals. API key stored securely in your device's Keychain.
Twelve Data — fallback data source for US stock quotes. API key stored securely in your device's Keychain.
Finnhub — technical indicators, analyst ratings, price targets, and dividend data for US stocks. API key stored securely in your device's Keychain.
Frankfurter API (frankfurter.app) — currency exchange rates. Open-source, no account required.
SEC EDGAR (data.sec.gov) — publicly available 13F institutional investor filings for the Guru Portfolios feature. No personal data is sent.
NSE India — public market sentiment and FII/DII data for Indian market users.
WealthAdvisor (wealthadvisor.jp) — Japanese mutual fund NAV and distribution history. Fund codes only.
Morningstar / Seeking Alpha — analyst ratings and stock intelligence data.
BSE India (api.bseindia.com) — corporate-actions (dividend) data for Indian holdings. Public endpoint, ticker symbols only (v2.5+).
Nasdaq / NEOS / Goldman Sachs / JPMorgan — issuer-direct distribution data for covered-call and dividend ETFs. Ticker symbols only (v2.5+).
Google Gemini (v2.4+) — when AI Explain or Portfolio Q&A is enabled using your own Gemini API key, your query (which may include ticker symbols and portfolio composition you've explicitly chosen to send) goes from your device directly to Google using your key; MARS Studio servers are not involved. When using the Apple Intelligence on-device fallback (available on supported hardware), the query is processed locally and never leaves your device. API keys are stored in your device's Keychain.

Shared Public-Data Cache (no user data, no opt-in needed). To reduce upstream API costs and speed up cold launches, some read-only market-data requests (quotes, dividends, basic fundamentals, RSI, ETF distributions, Compounder Scores) flow through a Cloudflare Worker we operate. Devices fetch from this cache first; on a cache miss the device fetches from the upstream provider and then writes the result back to the cache so a different device asking for the same ticker the same day reads the cached copy instead of hitting the upstream provider again. The cache is shared across all MARS Studio investing apps (Horizon Market Compass, Compounder HQ).

What the cache requests contain: stock ticker symbol, market identifier (e.g. US / Japan / India), and — for write-back after a fresh fetch — the public market data the upstream provider just returned (price, dividend history, computed score, etc.). The shared cache database is hosted on Cloudflare's infrastructure (Workers + D1, EU – Dublin region). Cloudflare's privacy policy applies to data stored on their infrastructure: cloudflare.com/privacypolicy.

What the cache requests do not contain: no device identifier, no user identifier, no Apple Push Notification token, no portfolio holdings, no cost basis, no watchlist contents, no IP-derived location, no analytics, no advertising identifier. It is impossible for the cache to identify you or your portfolio — the same request a million Horizon devices make for "AAPL" looks identical on the wire.

4. Share Links (Optional, Opt-In)

Version 2.0 introduces an optional Share Links feature that allows you to create a shareable, read-only link to your portfolio or watchlist. This feature is disabled by default and requires your explicit consent before activation.

When you enable Share Links and create a link:

A snapshot of your selected portfolio or watchlist data is uploaded to our servers (hosted on Cloudflare's infrastructure)
The snapshot is stored temporarily in Cloudflare KV storage for the duration you select (1 hour to 90 days)
The data is automatically and permanently deleted when the link expires
You can control what is included: you may hide portfolio values, hide cost basis, or show allocations only
No account, name, or email is associated with the uploaded data
The data is never used for advertising, analytics, or sold to third parties
The shared link is accessible to anyone who has the link URL

You can disable Share Links at any time in Settings > Privacy. We recommend disabling it after each use and re-enabling only when needed.

Cloudflare's privacy policy applies to data stored on their infrastructure: cloudflare.com/privacypolicy.

5. Cloud Alerts (Optional, Opt-In)

Version 2.4 introduces an optional Cloud Alerts feature that pushes a daily watchlist summary to your device after each supported market closes — even when the app is closed. This feature is disabled by default and requires your explicit consent before activation. When you first enable the toggle, a consent screen shows you exactly what will be sent and you must tap "Enable" to proceed.

When you enable Cloud Alerts, the following is sent from your device to our server and stored until you turn the feature off:

Your Apple Push Notification service (APNs) device token — a random identifier issued by Apple so notifications can be routed to your specific device. It cannot be used to identify you as a person and cannot be used to track you across other apps or websites.
Your watchlist: ticker symbol, market (US / Japan / India / etc.), and the stock's display name for each watchlisted stock. Portfolio holdings, cost basis, share counts, trade history, and all other app data are never sent.
The app's bundle ID (used to validate the request).

What we do not send: no name, no email, no location, no IP-based geolocation, no portfolio value, no cost basis, no holdings, no trades, no API keys, no analytics, and no advertising identifiers.

Data is stored on our server (Cloudflare Workers + D1, hosted in the EU — Dublin region). It is accessible only by our server code that generates your notifications. It is never used for advertising, analytics, or sold to any third party.

Each device's entry is permanently deleted from our server when:

You turn Cloud Alerts off in Settings (immediate)
You uninstall Horizon — Apple invalidates the device token, our server is notified on the next attempted push, and the row is automatically removed
You revoke notification permission at the iOS / macOS level

The Cloud Alerts and Price Movement Alerts backend is maintained in a private MARS Studio repository. Regulators, large enterprise customers, and security researchers may request a code review by contacting hmc-privacy@marsstudio.app; we respond to reasonable requests.

Cloudflare's privacy policy applies to data stored on their infrastructure: cloudflare.com/privacypolicy.

6. Subscriptions

Version 2.0 introduces an optional Premium subscription ($39.99/yr) processed entirely through Apple's App Store and StoreKit. MARS Studio does not receive, store, or process any payment information. Apple's privacy policy governs all subscription transactions: apple.com/legal/privacy.

7. Advertising

Horizon Market Compass contains no advertisements and does not use any advertising identifiers (IDFA).

8. Children's Privacy

Horizon Market Compass does not knowingly collect information from children under 13. The app contains no features directed at children.

9. European Users (GDPR) & California Users (CCPA/CPRA)

Lawful basis (GDPR Art. 6). Where we process limited personal data (your APNs token plus your watchlist symbols for Cloud Alerts and Price Movement Alerts; share-link snapshots for Share Links), the lawful basis is your explicit consent (Art. 6(1)(a)), which you provide via the in-app opt-in screen. You can withdraw consent at any time by disabling the feature in Settings — see Sections 4 and 5. The shared public-data cache described in Section 3 does not process personal data and therefore does not require an Art. 6 lawful basis.

Your rights. European users have the right to access, rectify, erase, restrict, port, and object to processing of any personal data we hold (GDPR Art. 15–22). California users have equivalent rights to know, delete, correct, and limit use under CCPA/CPRA. To exercise any of these rights, contact hmc-privacy@marsstudio.app — we respond within 30 days. Because we do not collect names, emails, or persistent device fingerprints, we may need additional context (e.g. your device's APNs token, the share-link short code, or the approximate date of use) to locate any record about you.

We do not sell or share your personal information for cross-context behavioural advertising or any other purpose. There is no "Do Not Sell or Share My Personal Information" link because we have no sale or sharing flow to opt out of.

Supervisory authority. European users who believe our handling of their data violates GDPR may lodge a complaint with their local data-protection authority. Because our EU infrastructure is hosted in Ireland (Cloudflare D1, Dublin region), the lead authority for cross-border issues is the Irish Data Protection Commission (dataprotection.ie).

MARS Studio is a small independent developer and has not appointed a Data Protection Officer or EU representative; the volume and nature of our data processing falls below the GDPR thresholds requiring either (Art. 27, Art. 37). Indian users have equivalent rights under the Digital Personal Data Protection Act 2023.

10. Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Contact us at hmc-privacy@marsstudio.app or write to us at MARS Studio, marsstudio.app.