Legal · Privacy Policy

Privacy Policy

This Privacy Policy explains what personal information Haltered collects when you use our marketplace, why we collect it, who we share it with, and the choices you have.

Effective Date: To be set at launch Jurisdiction: Arizona, USA
Draft for attorney review. This document is a substantive working draft prepared by Haltered for review and revision by licensed counsel. Items marked like this require legal or operational input. This document is not in effect.

Haltered handles personal information so the marketplace can work — verifying credentials, processing payments, and routing communication between trainers. We try to keep that footprint small, transparent, and under your control.

01 Scope & Operator

This Privacy Policy applies to information we collect when you use haltered.com and related services (the "Service") operated by The Horsedad LLC dba Haltered, an Arizona limited liability company.

It does not apply to third-party services that may be linked from the Service (for example, Stripe's hosted payment pages, USEF's website, or hauling-partner sites). Each third party has its own privacy policy.

02 What We Collect

We collect personal information directly from you, automatically as you use the Service, and from third parties (such as USEF for credential verification and Stripe for payment processing).

Category
Examples
Source
Account information
Name, email, password (hashed), account type, profile photo, bio, location (city, state)
From you
Equestrian identifiers
USEF member number, USEF horse identifier, discipline, zone, level, show record references
From you and from USEF
Listing content
Horse photos, video, description, price, history, registration documents
From you
Messaging content
Trainer-to-trainer messages, owner-coordination threads, attachments
From you and counterparties
Transaction information
Offers, contracts, e-signatures, trial agreements, contract amendments
From you and counterparties
Payment information
Bank account for ACH (held by Stripe), payment timestamps, settlement amounts. We do not store full card or bank numbers ourselves — Stripe does.
Via Stripe
Tax information
SSN or EIN (for trainers and barns receiving $600+/year), Form W-9, mailing address for Form 1099-NEC
From you
Device & usage data
IP address, browser type, OS, device identifiers, pages viewed, referring URLs, session timestamps
Automatic
Cookies & similar
Authentication cookies, preferences, analytics identifiers (see Section 9)
Automatic
Family / minor data
Rider profiles for minors, including age, USEF identifier, riding level — only when entered by the parent or guardian under a Family Account
From parent / guardian

03 How We Use It

We use personal information for the following purposes:

  • Operate the marketplace. Create and authenticate accounts, display profiles and listings, route messages between trainers, and run the offer, trial, and contract flows.
  • Verify identity and credentials. Confirm USEF membership status for trainers and barns; confirm horse identifiers; protect the marketplace from impersonation and false listings.
  • Process payments. Move funds through Stripe Connect; settle to seller and barn payout accounts; calculate and apply commission splits; collect and remit ACH and card processing fees.
  • Tax reporting. Calculate annual payments to each trainer and barn; issue Form 1099-NEC at the $600 threshold; report to the IRS and state tax authorities as required.
  • Communicate with you. Transactional emails (offer received, contract ready to sign, trial confirmed); customer-support replies; service announcements. Marketing emails only with consent and with an opt-out in every message.
  • Trust and safety. Detect fraud and circumvention; review messages flagged by automated filters; investigate disputes; enforce these Terms.
  • Improve the Service. Aggregate analytics to understand which features are useful; product-quality bug investigations; A/B test new features.
  • Comply with law. Respond to lawful subpoenas, court orders, or other legal process; comply with anti-money-laundering and tax reporting obligations.
What we don't do. We do not sell personal information. We do not run third-party advertising on the Service. We do not allow third-party advertisers to track you across sites through Haltered.

05 Who We Share It With

We share personal information only as described below:

Other Users of the Service

By design, certain information is visible to other users:

  • Public profile information (name, barn affiliation, USEF identifier on professional profiles) is visible on listing pages and barn pages.
  • Listing content is visible to all users browsing the Service.
  • Trainer-to-trainer messages are visible only to the participating trainers (and, where applicable, to the parent or guardian holding the relevant Family Account, in read-only form).
  • Owner-coordination threads are visible only to the trainer and the legal owner (or the owner's parent or guardian).

Public-facing barn pages display trainers, not riders or clients. Rider names and other client information are not surfaced publicly.

Service Providers

We share personal information with vendors who help us operate the Service, under contracts that limit their use of the data to the services they provide:

  • Stripe — payment processing, payout, fraud screening.
  • Supabase — hosting, authentication, file storage.
  • Vercel — application hosting and content delivery.
  • USEF — credential and horse identifier verification (we share USEF numbers and matching identifiers; we do not share your account password or payment data).
  • Email and notification providers — transactional email delivery.
  • Analytics — privacy-respecting product analytics. [Confirm specific provider and any DPA at launch.]
  • Hauling, insurance, and veterinary partners — when those features are integrated and you initiate a request to a partner. Each partner has its own privacy policy.
  • Professional advisors — accountants, auditors, and lawyers, under confidentiality obligations.

Legal & Safety

We may disclose information when we have a good-faith belief that disclosure is necessary to: (a) comply with a subpoena, court order, or other legal process; (b) enforce these Terms or our agreements; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Haltered, our users, or the public.

Business Transfers

If Haltered is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections and to this Privacy Policy as it may be updated.

06 Stripe & Payment Data

Haltered does not store full bank account numbers, credit card numbers, or card CVVs. Stripe handles all sensitive payment data on PCI-DSS-compliant infrastructure. We receive only the information we need to settle a transaction (e.g., transaction ID, last four digits, payment method type, settlement timing).

When you connect a payout account or pay for a transaction, you interact with Stripe directly. Stripe's privacy policy governs that interaction. By using payment features on the Service, you agree to Stripe's Connected Account Agreement and Privacy Policy, in addition to this Policy.

07 USEF Verification Data

For trainers and barns, we look up your USEF membership status and your horses' USEF identifiers to verify credentials and to surface verified show records. We share with USEF only the identifiers needed to look up the relevant records (such as USEF member numbers and horse identifiers). We store the look-up results to display "USEF-verified" indicators on profiles and listings.

USEF's processing of your information is governed by USEF's own privacy policy, which is independent of ours.

08 Tax Data (1099-NEC)

Trainers and barns who earn $600 or more in a calendar year through the Service are required to provide a Form W-9, including SSN or EIN. We collect this information for the sole purpose of issuing Form 1099-NEC and reporting to the IRS and applicable state tax authorities.

Tax data is stored separately from general account data, with restricted access limited to the personnel responsible for tax operations. We retain tax records for the period required by law (generally seven years).

09 Cookies & Tracking

We use cookies and similar technologies for the following purposes:

  • Strictly necessary — keeping you logged in, remembering your account, securing your session, preventing CSRF attacks. These cannot be disabled if you want to use the Service.
  • Preferences — remembering display preferences such as your selected discipline filters or last-viewed listings.
  • Analytics — measuring how the Service is used in aggregate. We use a privacy-respecting analytics provider that does not share data with advertisers and that supports IP truncation and respect for "Do Not Track."

We do not use third-party advertising cookies. We do not allow third-party advertisers to track you across sites through Haltered. [Confirm specific cookie banner approach and consent management at launch.]

10 Security

We protect personal information using a combination of technical, administrative, and physical safeguards:

  • Encryption in transit for all communications with the Service (TLS 1.2 or higher).
  • Encryption at rest for our databases and file storage.
  • Access controls on personnel access to production systems, on a need-to-know basis, with audit logging.
  • Stripe handles card and bank-account data on PCI-DSS-compliant infrastructure.
  • Security monitoring for unusual access patterns and abuse.
  • Chargeback risk is borne by Haltered, not by sellers — see the Terms of Service for the financial allocation.

No system is perfectly secure. If we discover a security incident affecting your personal information, we will notify you and the appropriate authorities as required by law.

11 Data Retention

We retain personal information only as long as we need it for the purposes described in this Policy, then delete or de-identify it. Specifically:

  • Account information — for as long as your account is active, plus a limited period after closure to handle disputes and legal obligations.
  • Transaction records, contracts, and tax records — at least seven years from the transaction date, to comply with tax and recordkeeping obligations.
  • Messaging content — for the life of the relevant transaction plus a reasonable period thereafter for dispute resolution and trust-and-safety review.
  • Analytics and security logs — as long as necessary to operate, secure, and improve the Service, typically not more than two years.
  • Backups — residual copies may persist in routine backups for a limited period after deletion from active systems.

12 Your Rights & Choices

You have the following rights with respect to your personal information, subject to applicable law and reasonable verification of your identity:

Access
Request a copy of the personal information we hold about you.
Correction
Update or correct information that is inaccurate or incomplete. Most account fields you can edit yourself.
Deletion
Request deletion of your personal information, subject to legal retention obligations (e.g., tax records).
Portability
Request a machine-readable export of the personal information you provided to us.
Opt-out of marketing
Unsubscribe from marketing email at any time using the link in each message. Transactional emails are required for service operation.
Withdraw consent
Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect processing already done.

To exercise any of these rights, email [privacy@haltered.com — confirm]. We will respond within the time required by applicable law, generally within thirty days. We may need to verify your identity before fulfilling certain requests.

13 Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us and we will delete it.

For minors aged 13 to 17 — riders are common in this age range — personal information is collected only when their parent or guardian creates a Family Account and adds the rider as a child profile. The parent or guardian is responsible for the rider's information and for compliance with COPPA and similar laws.

Barns may not create rider profiles for minors under any circumstances. The financial party of record for any transaction involving a minor is always the minor's parent or guardian.

14 California Residents (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we have collected about you, the right to delete that information, the right to correct inaccurate information, and the right to limit the use of sensitive personal information.

We do not sell or share your personal information for cross-context behavioral advertising as those terms are defined under California law.

To exercise your California rights, follow the process in Section 12. We will not discriminate against you for exercising any of your rights.

[Confirm full CCPA disclosure language and "Do Not Sell or Share My Personal Information" link with counsel before launch, even though we don't sell or share — California requires the link be present.]

15 International Users

The Service is operated from the United States and is intended for users located in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country.

[If Haltered later operates in jurisdictions with GDPR or similar regimes, this section will need expansion — Standard Contractual Clauses, data protection officer designation, etc.]

16 Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date. Material changes will be communicated by email or in-app notice when feasible. Your continued use of the Service after the updated effective date constitutes your acceptance of the updated Policy.

17 Contact

For privacy questions, requests, or complaints:

Haltered
[Mailing address — confirm with counsel]
Email: [privacy@haltered.com — confirm]
Web: haltered.com

If you are not satisfied with our response, you may contact a relevant data-protection authority, including the Arizona Attorney General's Office.

This is a working draft prepared for attorney review and is not in effect. Effective date will be posted upon launch.