Who We Are
This Privacy Policy applies to Horizon Pack & Ship LLC ("Company," "we," "us," or "our"), a Kentucky limited liability company operating Horizon Pack & Ship retail shipping locations and Horizon Business Hub automation and consulting services.
Our current locations include Radcliff, KY (734 Knox Blvd) and Elizabethtown, KY (207 Towne Dr), with additional locations planned. This policy applies to all current and future locations, all online platforms, websites, forms, and any digital or physical touchpoint associated with the Horizon brand.
By using any Company service, visiting any Company location, or submitting any form or contact request, you acknowledge and agree to the practices described in this Privacy Policy.
Information We Collect
We collect information in two categories: information you provide directly, and information collected automatically through your use of our services.
2.1 Information You Provide
| Category | Examples | When Collected |
|---|---|---|
| Identity Data | Full name, business name | Account creation, subscription enrollment, in-store transactions |
| Contact Data | Email address, phone number, mailing address | Forms, subscriptions, in-store sign-up |
| Payment Data | Credit/debit card details, billing address | Point of sale and subscription billing (processed by PCI-compliant third parties) |
| Shipping Data | Recipient name, delivery address, package contents declared, tracking numbers | Label printing and drop-off services |
| Business Data | Business type, revenue range, operational details, platform credentials (Business Hub) | Business Hub onboarding and service delivery |
| Communications | Messages, requests, support tickets, feedback | Email, phone, in-person contact |
2.2 Information Collected Automatically
| Category | Examples |
|---|---|
| Device Data | IP address, browser type, operating system, device identifiers |
| Usage Data | Pages visited, time on page, clicks, referral source, scroll depth |
| Cookie Data | Session cookies, preference cookies, analytics cookies, advertising pixels |
| Location Data | General geographic region inferred from IP address. No precise GPS data is collected without explicit consent. |
2.3 Sensitive Information
We do not intentionally collect sensitive personal information such as Social Security numbers, government-issued ID numbers, health data, or financial account numbers beyond what is necessary to process payments through our PCI-compliant payment processor. We do not store raw payment card data on our systems.
How We Collect Information
- In-store transactions — when you use our shipping, sealing, or retail services at any location
- Online forms — subscription sign-up forms, contact forms, consultation requests, and booking forms hosted on our platforms or through GoHighLevel (GHL)
- Direct communication — phone calls, emails, text messages, or in-person conversations
- Website visits — through cookies, pixels, and analytics tools embedded on our pages
- Third-party referrals — when a partner, referral source, or affiliate directs you to our services
- Social media — if you interact with our business profiles on Facebook, Instagram, or other platforms, those platforms may share interaction data with us subject to their own privacy policies
- Advertising platforms — Google Ads and Meta (Facebook/Instagram) may share conversion event data when you interact with our advertisements
How We Use Your Information
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Provide and fulfill services | Contract performance | Identity, contact, shipping, payment |
| Process payments and manage subscriptions | Contract performance | Payment, identity, contact |
| Send transactional communications (receipts, confirmations, account notices) | Contract performance / Legal obligation | Contact, transaction data |
| Send marketing communications (with consent) | Consent (opt-in) | Contact, usage, preference data |
| Improve services and analyze usage | Legitimate interest | Usage, device, cookie data |
| Run advertising and retargeting campaigns | Consent / Legitimate interest | Cookie, device, usage data |
| Comply with legal obligations | Legal obligation | Any relevant data |
| Prevent fraud and ensure security | Legitimate interest / Legal obligation | Identity, payment, usage data |
| Carrier compliance and shipping documentation | Legal obligation / Contract performance | Shipping, identity data |
Cookies and Tracking Technologies
5.1 What We Use
| Type | Purpose | Opt-Out |
|---|---|---|
| Essential Cookies | Required for page function, form submission, session management | Cannot be disabled without breaking functionality |
| Analytics Cookies | Track page visits, traffic sources, user behavior (e.g., Google Analytics) | Opt out via browser settings or Google Analytics opt-out |
| Marketing Pixels | Meta Pixel (Facebook/Instagram), Google Ads conversion tracking, retargeting | Opt out via Meta Ad Preferences, Google Ad Settings, or Do Not Track |
| CRM Tracking | GoHighLevel session and form tracking for lead attribution | Opt out by contacting us directly |
5.2 Your Cookie Choices
Most browsers allow you to refuse cookies or delete existing cookies through browser settings. Disabling certain cookies may affect the functionality of our websites and forms. To opt out of Google Analytics tracking, visit tools.google.com/dlpage/gaoptout. To manage Meta ad preferences, visit your Facebook Ad Settings.
5.3 Do Not Track
Our websites do not currently respond to browser-level "Do Not Track" signals as there is no uniform standard. You may use the opt-out mechanisms described above to limit tracking.
Third-Party Sharing and Disclosure
6.1 Service Providers
We share personal information with trusted third-party vendors who assist in service delivery, subject to confidentiality obligations and data processing agreements:
| Vendor / Platform | Purpose | Data Shared |
|---|---|---|
| GoHighLevel (GHL) | CRM, forms, automation, SMS/email delivery | Contact, communication, subscription data |
| Payment Processor (Stripe / Square or equivalent) | Payment processing and subscription billing | Payment and identity data (PCI-compliant) |
| UPS, FedEx, DHL, USPS | Package pickup, transit, and delivery | Shipping address, package details, contact data |
| Google (Analytics, Ads) | Website analytics and advertising | Anonymized usage and device data |
| Meta (Facebook/Instagram) | Advertising, retargeting, social engagement | Pixel event data, hashed contact data (if applicable) |
| HeyGen | AI video production (Business Hub) | Script content, business context (no personal customer data) |
6.2 Legal Disclosure
We may disclose personal information when required by law, court order, subpoena, or governmental authority, or when we believe disclosure is necessary to: protect the safety of any person, prevent fraud or illegal activity, protect the rights and property of the Company, or comply with a legal obligation.
6.3 Business Transfers
In the event of a merger, acquisition, sale of assets, or other business transfer, customer data may be transferred as part of that transaction. We will notify affected customers via the email on file prior to data transfer and before data becomes subject to a different privacy policy.
6.4 Aggregate and De-Identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify any individual for business analysis, industry reporting, or marketing purposes. Such data is not considered personal information.
Marketing and Communications
7.1 Email Marketing
We send marketing emails only to individuals who have opted in or who have an existing customer relationship with us, in compliance with the CAN-SPAM Act (15 U.S.C. 7701 et seq.). Every marketing email includes a clear and functional unsubscribe mechanism. We honor opt-out requests within 10 business days.
7.2 SMS and Text Marketing
SMS marketing messages are sent only with your prior express written consent, in compliance with the Telephone Consumer Protection Act (TCPA, 47 U.S.C. 227) and applicable FCC regulations. Message and data rates may apply. You may opt out of SMS messages at any time by replying STOP to any message. For help, reply HELP or contact us at the information in Section 17.
7.3 Transactional Communications
Account confirmations, subscription notices, payment receipts, and service-related updates are transactional communications and are sent regardless of marketing preferences. These are required for the operation of your account and cannot be opted out of while your account is active.
7.4 Retargeting Advertising
We may use cookies and pixel data to show advertisements to previous visitors of our website on Google, Meta, and other advertising platforms. You can opt out of retargeting by adjusting your ad preferences on those platforms or by opting out of tracking cookies as described in Section 5.
Data Security
We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
- PCI-compliant payment processing through third-party processors — raw card data is never stored on Company systems
- Access controls limiting employee access to personal data to those with a need to know
- Secure encrypted transmission (HTTPS) for all web-based data collection
- Regular review of data handling practices and vendor agreements
- CRM data secured within GoHighLevel's enterprise-grade security infrastructure
Employees who handle personal data are subject to confidentiality obligations and trained on data handling practices appropriate to their role.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including:
| Data Type | Retention Period | Reason |
|---|---|---|
| Customer account and contact data | Duration of relationship + 3 years | Service delivery, legal claims |
| Transaction and payment records | 7 years | IRS and KY tax compliance |
| Shipping records | 3 years | Carrier compliance, dispute resolution |
| Marketing consent records | 5 years from last consent action | CAN-SPAM and TCPA compliance |
| Website analytics data | 26 months (Google Analytics default) | Performance analysis |
| CRM and subscription data | Duration of subscription + 2 years | Account management, legal claims |
Upon expiration of the applicable retention period, data is deleted or anonymized. You may request early deletion of your personal data as described in Section 10, subject to legal retention requirements that may prevent complete deletion.
Your Rights
Depending on your relationship with us and applicable law, you may have the following rights regarding your personal information:
| Right | Description |
|---|---|
| Right to Access | Request a copy of the personal information we hold about you |
| Right to Correction | Request correction of inaccurate or incomplete information |
| Right to Deletion | Request deletion of your personal data, subject to legal retention requirements |
| Right to Opt Out of Marketing | Unsubscribe from email marketing at any time. Reply STOP to opt out of SMS. |
| Right to Opt Out of Tracking | Disable non-essential cookies and pixels as described in Section 5 |
| Right to Data Portability | Request your data in a portable format where technically feasible |
| Right to Complain | File a complaint with the Kentucky AG or FTC if you believe your rights have been violated |
To exercise any of these rights, submit a written request to the contact information in Section 17. We will respond within 30 days. We may need to verify your identity before processing certain requests. We will not discriminate against you for exercising your privacy rights.
Children's Privacy
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information.
This policy is in compliance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. 6501 et seq.). If you believe we have inadvertently collected information from a child under 13, please contact us immediately at the information in Section 17.
Individuals between the ages of 13 and 17 may use our services only with verified parental or guardian consent. Business Hub services require users to be at least 18 years of age or the age of majority in their jurisdiction.
Third-Party Links and Platforms
Our websites, emails, and materials may contain links to third-party websites, platforms, or services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices or content of any third-party site.
We encourage you to review the privacy policies of any third-party service you access through our platforms, including but not limited to: GoHighLevel, UPS, FedEx, DHL, USPS, Google, Meta, HeyGen, and any payment processor we use.
Kentucky Residents
Kentucky residents are protected by the Kentucky Consumer Protection Act (KRS Chapter 367) and related statutes. As a Kentucky-based business, we are fully subject to these protections and committed to complying with them.
13.1 Automatic Renewal Disclosure
Per KRS 367.46951, we disclose all automatic renewal subscription terms clearly before enrollment, notify customers of price changes no less than 30 days in advance, and honor cancellation requests at any time with no penalty.
13.2 Deceptive Practices Prohibition
We do not engage in unfair, false, misleading, or deceptive acts or practices in the conduct of trade or commerce, as prohibited under KRS 367.170.
13.3 Filing a Complaint
Kentucky residents may contact the Kentucky Attorney General's Consumer Protection Division at:
Toll-free: (888) 432-9257
Online: ag.ky.gov/consumer
Mail: 1024 Capital Center Drive, Suite 200, Frankfort, KY 40601
13.4 Veterans and Service Members
As a veteran-owned business, Horizon Pack & Ship LLC honors all protections available to service members and veterans under the Servicemembers Civil Relief Act (SCRA, 50 U.S.C. 3901 et seq.) and Kentucky law. Active-duty service members who need to cancel subscriptions due to deployment may do so immediately with full credit for any unused prepaid period.
Federal Compliance
This Privacy Policy is designed to comply with applicable federal privacy and consumer protection laws, including:
- CAN-SPAM Act (15 U.S.C. 7701): All commercial email includes identification, opt-out mechanism, and physical address
- TCPA (47 U.S.C. 227): SMS/phone marketing requires prior express written consent; opt-out honored immediately
- COPPA (15 U.S.C. 6501): No intentional collection of data from children under 13
- FTC Act (15 U.S.C. 45): No unfair or deceptive data practices
- Electronic Fund Transfer Act (15 U.S.C. 1693): Subscription billing disclosures comply with Regulation E requirements
- PHMSA (49 C.F.R.): Shipping data handling complies with hazardous materials regulations
- GLBA (15 U.S.C. 6801) (if applicable): Financial information handled with appropriate safeguards
Where state and federal law provide different protections, the law providing the greater protection to the consumer applies.
Data Breach Notification
In the event of a data breach that is reasonably likely to result in harm to affected individuals, the Company will notify affected customers in accordance with applicable law, including:
- Kentucky data breach notification requirements (KRS 365.732)
- Notification to affected individuals within a reasonable time, generally within 60 days of discovery
- Notification to the Kentucky Attorney General where required by law
- Description of the breach, categories of data involved, and steps individuals can take to protect themselves
Notification will be provided via email to the address on file. If email is not available or sufficient, notification may be provided via written notice, website posting, or other method permitted by law.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:
- Update the "Last Revised" date at the top of this document
- Notify active subscribers via email no less than 14 days before the effective date
- Post the updated policy at all physical locations and on our website
Your continued use of Company services after the effective date of an updated Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop using our services and cancel any active subscriptions before the effective date.
Contact Us
For privacy questions, data requests, opt-outs, or complaints, contact us at:
Radcliff: 734 Knox Blvd, Radcliff, KY 40160 | (270) 319-4145
Elizabethtown: 207 Towne Dr, Elizabethtown, KY 42701 | (270) 900-1553
Hours: Monday through Saturday, 9:00 AM to 6:00 PM EST
Written requests for data access, correction, or deletion must be submitted to one of the addresses above. We will acknowledge receipt within 5 business days and respond within 30 days. We may need to verify your identity before processing your request.
For unsubscribing from email communications, use the unsubscribe link in any marketing email. To opt out of SMS, reply STOP to any text message.