Privacy Policy — Peace Horizon

1. Introduction

Peace Horizon is a brand operated by Ivory Trunk LLC, a company registered in the United States with its principal place of business at 1309 Coffeen Ave Ste 1200, Sheridan, Wyoming 82801-5777. Throughout this policy, the terms we, us, and our refer to Ivory Trunk LLC and its brand Peace Horizon. The terms you and your refer to any individual who accesses or uses our website, applications, products, or services.

This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of personal information. It also explains your rights and choices concerning your data. By using Peace Horizon services, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please discontinue use of our services and contact us with any concerns.

We take privacy seriously. Our approach is guided by principles of transparency, data minimization, purpose limitation, and security. We strive to comply with applicable privacy laws including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, and other relevant state and federal privacy regulations in the United States.

Key Definitions

Personal Information

Any information that identifies, relates to, describes, or could reasonably be linked to an individual or household — including names, email addresses, device identifiers, and browsing activity.

Processing

Any operation performed on personal information, whether automated or manual — including collection, recording, organization, storage, alteration, retrieval, use, disclosure, and deletion.

Data Controller

The entity that determines the purposes and means of processing personal information. For Peace Horizon services, Ivory Trunk LLC is the data controller.

Data Processor

A third party that processes personal information on behalf of the data controller, following our documented instructions and subject to contractual safeguards.

2. Information We Collect

We collect several categories of information to provide and improve our services. The type and volume of data collected depends on how you interact with Peace Horizon. We are committed to collecting only what is necessary for each specific purpose.

2.1 Information You Provide Directly

Category	Examples	How We Collect It
Contact & Identity	Full name, email address, phone number, postal address, company name, job title	Account registration, contact forms, newsletter signup, purchase checkout, customer support inquiries
Account Credentials	Username, encrypted password, security questions, two-factor authentication preferences	Account creation, password reset, security settings
Transaction & Payment	Purchase history, billing address, shipping address, payment method type, last four digits of payment card	Order placement, subscription management, billing portal
Communications	Email correspondence, chat transcripts, support tickets, survey responses, product reviews, feedback submissions	Customer support channels, feedback forms, surveys, direct emails to Peace Horizon addresses
Preferences & Interests	Marketing preferences, communication frequency settings, saved vehicle searches, notification opt-ins	Preference center, account settings, onboarding questionnaires

2.2 Information Collected Automatically

Category	Examples	Collection Method
Device & Browser	IP address, browser type and version, operating system, device model, screen resolution, language settings, time zone	HTTP headers, JavaScript APIs, server logs
Usage & Activity	Pages visited, time spent on pages, click patterns, scroll depth, search queries, referral sources, exit pages, feature interactions	Cookies, pixel tags, session recording (with consent), analytics scripts
Location	Approximate geographic location derived from IP address, country, region, city	IP geolocation, browser geolocation API (only with explicit permission)
Performance & Diagnostics	Page load times, JavaScript errors, API response times, crash reports, session duration	Real user monitoring, error tracking services, performance beacons

2.3 Information from Third Parties

We may receive information about you from trusted third-party sources to supplement our records and enhance our services. These sources include:

Authentication partners — if you choose to sign in using Google, Apple, or similar single sign-on providers, we receive your name, email address, and profile identifier as authorized by you.
Payment processors — confirmation of transaction status, fraud risk scores, and payment verification tokens.
Marketing and analytics platforms — aggregated demographic insights, interest categories, and campaign attribution data.
Identity verification services — when required for compliance or fraud prevention, with your consent where legally required.
Publicly available sources — business registries, professional network profiles, and public datasets to verify business contact information.

3. How We Use Your Information

We use collected information for specific, legitimate business purposes. Every use is tied to a lawful basis and we do not use your data in ways that are incompatible with the purposes disclosed below.

Purpose	Description	Categories of Data Used
Service Delivery	Providing, operating, and maintaining Peace Horizon services; processing transactions; fulfilling orders; managing user accounts; delivering customer support	Contact, account, transaction, communications, device
Service Improvement	Analyzing usage patterns; identifying bugs and performance issues; developing new features; conducting user experience research; A/B testing	Usage, performance, device, preferences
Personalization	Tailoring content, recommendations, and search results to your interests; customizing the interface; remembering your preferences across sessions	Preferences, usage, device, location
Communications	Sending transactional emails (order confirmations, password resets, security alerts); responding to inquiries; delivering newsletters and promotional content (with consent); conducting surveys	Contact, preferences, communications
Security & Fraud Prevention	Detecting and preventing fraudulent transactions; protecting against unauthorized access; monitoring for suspicious activity; enforcing our terms of service; maintaining system integrity	Device, usage, transaction, account
Legal & Compliance	Complying with legal obligations; responding to lawful requests from authorities; enforcing agreements; defending legal claims; meeting regulatory reporting requirements	All categories as required
Business Operations	Conducting data analytics; financial reporting; auditing; business planning; merger or acquisition due diligence; evaluating service effectiveness	Aggregated and de-identified data where possible

We do not use automated decision-making, including profiling, in a way that produces legal effects or similarly significant effects concerning you. Should this change, we will notify you and provide meaningful information about the logic involved, as well as the right to obtain human intervention.

4. Legal Basis for Processing

We process personal information only when we have a valid legal basis. Depending on your jurisdiction and the nature of the processing, the applicable legal basis may include:

Contractual Necessity

Processing required to perform a contract with you — for example, creating your account, processing your orders, and delivering the services you have requested.

Legitimate Interests

Processing necessary for our legitimate business interests or those of a third party, provided those interests are not overridden by your rights and freedoms — for example, improving our services, preventing fraud, and direct marketing (where permitted).

Consent

Processing based on your freely given, specific, informed, and unambiguous consent — for example, sending marketing emails, placing non-essential cookies, or processing sensitive data. You may withdraw consent at any time.

Legal Obligation

Processing required to comply with applicable laws and regulations — for example, tax reporting, responding to lawful government requests, and maintaining records as required by law.

Vital Interests

Processing necessary to protect the vital interests of any individual — for example, in emergency situations involving a threat to life or health.

Public Interest

Processing carried out in the public interest or in the exercise of official authority — for example, cooperating with public health authorities or consumer protection agencies.

Where consent is the legal basis for processing, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, please contact us using the details in Section 14 or use the unsubscribe mechanism provided in each communication.

5. How We Share Information

We do not sell your personal information. We share information only as described below and require all recipients to honor the confidentiality and security of your data through binding contractual commitments.

5.1 Service Providers

We engage carefully vetted third-party companies and individuals to perform services on our behalf. These providers access data only as needed to fulfill their functions and are contractually prohibited from using it for any other purpose. Categories of service providers include:

Cloud infrastructure and hosting — data storage, content delivery, server management
Payment processing — transaction handling, billing management, PCI-compliant payment gateways
Analytics and business intelligence — usage analysis, reporting, data warehousing
Customer support platforms — help desk software, live chat services, ticketing systems
Email delivery and marketing automation — transactional and marketing email infrastructure
Security and fraud detection — threat monitoring, identity verification, bot detection
Professional services — legal counsel, auditors, consultants, insurance providers

5.2 Legal and Safety Disclosures

We may disclose information when we believe in good faith that disclosure is necessary to:

Comply with a valid legal obligation, court order, or government request
Enforce or apply our terms of service and other agreements
Protect the rights, property, or safety of Ivory Trunk LLC, our users, employees, or the public
Detect, prevent, or address fraud, security breaches, or technical issues
Defend against legal claims or participate in legal proceedings

5.3 Business Transfers

If Ivory Trunk LLC or Peace Horizon is involved in a merger, acquisition, reorganization, asset sale, financing, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice on our website before your information becomes subject to a different privacy policy. The acquiring entity will be bound by the terms of this policy or a materially equivalent one.

5.4 With Your Consent

We may share your information for purposes not described in this policy when we have your explicit consent to do so. You may revoke such consent at any time.

5.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with partners, researchers, or the public — for example, publishing usage statistics or industry trend reports. We maintain reasonable safeguards to prevent re-identification of such data.

6. Cookies and Tracking Technologies

Peace Horizon uses cookies, web beacons, pixels, tags, scripts, and similar technologies to recognize your browser, remember preferences, understand usage, and improve your experience.

6.1 What Are Cookies

Cookies are small text files stored on your device by a web browser. They serve various functions — from enabling basic site navigation to remembering your preferences and helping us analyze how our site performs. Cookies may be session-based (deleted when you close your browser) or persistent (retained for a set period or until manually deleted).

6.2 Cookie Categories We Use

Category	Purpose	Duration	Opt-Out Available
Strictly Necessary	Essential for site functionality — user authentication, session management, security, load balancing, shopping cart persistence. The site cannot function properly without these.	Session to 1 year	No — required for operation
Functional & Preferences	Remember choices you make — language preference, region, display settings, recently viewed items, saved searches	Session to 2 years	Yes
Analytics & Performance	Measure site usage and performance — page visits, traffic sources, user journeys, error tracking, A/B testing	Session to 2 years	Yes
Marketing & Advertising	Deliver relevant advertisements; measure ad campaign effectiveness; limit ad frequency; attribute conversions	30 days to 2 years	Yes

6.3 Third-Party Cookies

Some cookies on our site are placed by third-party services we use. These third parties may combine information collected through our site with information they collect elsewhere. We work with the following categories of third-party cookie providers:

Analytics — Google Analytics, and similar services that help us understand site usage
Advertising — Ad networks and exchanges that deliver interest-based advertisements
Social media — Platform plugins and sharing tools (Facebook, Twitter, LinkedIn)
Customer experience — Session replay, heatmapping, and feedback collection tools

6.4 Managing Your Cookie Preferences

You can manage or disable cookies through several mechanisms:

Our cookie preference center — accessible via the Cookie Settings link in the website footer, where you can toggle non-essential cookie categories on or off at any time
Browser settings — most browsers allow you to block or delete cookies through their settings menus. Instructions vary by browser: consult your browser's help documentation
Industry opt-out tools — the Network Advertising Initiative (optout.networkadvertising.org) and the Digital Advertising Alliance (optout.aboutads.info) provide centralized opt-out mechanisms for participating ad networks
Google Analytics opt-out — install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout

Please note that disabling certain cookies may affect the functionality and features of Peace Horizon services. Strictly necessary cookies cannot be disabled as the site requires them for core operation.

6.5 Do Not Track

Some browsers offer a Do Not Track (DNT) signal. Due to the lack of an industry-standard interpretation of DNT signals, our site does not currently respond to browser DNT settings. We do, however, honor Global Privacy Control (GPC) signals as a valid opt-out of sale and targeted advertising under the CCPA, as described in Section 9.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When determining retention periods, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether those purposes can be achieved through other means.

Data Category	Retention Period	Rationale
Active account information	Duration of account activity + 2 years after last login	Service continuity; reactivation convenience; legal claim limitation periods
Transaction records	7 years from transaction date	Tax and accounting legal obligations; warranty fulfillment
Customer support communications	3 years from ticket closure	Service improvement; dispute resolution; trend analysis
Marketing consent records	Duration of consent + 3 years after withdrawal	Proof of consent for regulatory compliance
Server and access logs	12 months from collection	Security monitoring; incident investigation; performance analysis
Cookie data	Per cookie durations in Section 6	Varies by cookie type and purpose
Backup archives	Up to 12 months (rotating schedule)	Disaster recovery; retained in encrypted form

When the retention period expires, we securely delete, anonymize, or de-identify the information so it can no longer be associated with you. In some cases, we may retain information in an aggregated or anonymized form for analytical purposes indefinitely. If legal, regulatory, or technical reasons prevent deletion, we isolate the data from further processing until deletion becomes feasible. To request early deletion, please contact us using the details in Section 14.

8. Data Security

Peace Horizon implements and maintains technical, administrative, and physical safeguards designed to protect your personal information against accidental, unauthorized, or unlawful access, alteration, disclosure, destruction, or loss. Our security program is aligned with industry standards and is regularly reviewed and updated to address evolving threats.

8.1 Technical Safeguards

Encryption in transit — all communications with our services are encrypted using TLS 1.2 or higher with strong cipher suites. We enforce HTTPS across all domains and enable HSTS with preloading.
Encryption at rest — stored personal information is encrypted using AES-256. Passwords are hashed using bcrypt with per-user salts. Backup data is encrypted before transfer and storage.
Network security — firewall infrastructure, intrusion detection and prevention systems, DDoS mitigation, network segmentation, and regular external penetration testing.
Access controls — role-based access with least-privilege principles, multi-factor authentication for administrative access, unique user IDs, automated access reviews, and immediate revocation upon role change or departure.
Monitoring and logging — continuous security event monitoring, automated alerting for anomalous activity, centralized log management with tamper-evident controls, and regular security information and event management (SIEM) analysis.
Vulnerability management — regular automated vulnerability scanning, annual independent penetration testing, a responsible disclosure program, and a structured patch management process with defined SLAs based on severity.

8.2 Administrative Safeguards

Security policies — documented, management-approved information security policies reviewed at least annually
Employee training — mandatory privacy and security awareness training at onboarding and annually thereafter, with role-specific training for personnel handling sensitive data
Vendor risk management — security assessments of all service providers before engagement and periodically thereafter, with contractual data protection requirements
Incident response — a documented incident response plan with defined roles, escalation paths, and communication procedures; regularly tested through tabletop exercises
Business continuity — disaster recovery plans, redundant infrastructure, regular backup testing, and a business continuity management system

8.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify you without undue delay and in accordance with applicable law. Notifications will describe the nature of the breach, the categories of data involved, the likely consequences, measures we have taken or will take to address it, and recommended steps you should take to protect yourself. We will also notify relevant supervisory authorities as required by applicable regulations.

While we strive to protect your information, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security, and you share information with us at your own risk. We encourage you to use strong, unique passwords, enable multi-factor authentication where available, and promptly notify us of any unauthorized use of your account.

9. Your Privacy Rights

You have rights regarding your personal information. The specific rights available to you depend on your jurisdiction. Peace Horizon honors all applicable rights and will not discriminate against you for exercising them.

9.1 California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

Right to Know and Access
You may request that we disclose what personal information we have collected, used, disclosed, and sold or shared about you over the preceding 12 months. This includes the categories and specific pieces of personal information, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we share it. You may make up to two access requests in a 12-month period.
Right to Delete
You may request that we delete the personal information we have collected from you, subject to certain exceptions — including completing a transaction, detecting security incidents, debugging, exercising free speech, complying with legal obligations, or using the data internally in a lawful manner compatible with the context in which you provided it.
Right to Correct
You may request that we correct inaccurate personal information we hold about you, taking into account the nature of the information and the purposes of processing.
Right to Opt Out of Sale and Sharing
You have the right to direct us not to sell your personal information or share it for cross-context behavioral advertising. Peace Horizon does not sell personal information for monetary consideration. To the extent any of our data-sharing practices constitute a sale or sharing under California law, you may opt out using the Do Not Sell or Share My Personal Information link available on our website, or by sending an opt-out preference signal via the Global Privacy Control (GPC).
Right to Limit Use of Sensitive Personal Information
You may direct us to limit the use and disclosure of your sensitive personal information to that which is necessary to perform our services or provide goods reasonably expected. We do not use sensitive personal information for purposes beyond those permitted by the CCPA without your consent.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you goods or services, charge different prices or rates, provide a different level or quality of goods or services, or suggest that you may receive a different price or rate.
Right to Data Portability
You may request a copy of your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

9.2 Other U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws have rights similar to those described above, including the right to access, correct, delete, and obtain a portable copy of personal information, as well as the right to opt out of targeted advertising and profiling. We extend these rights to all U.S. residents regardless of state of residence to the extent consistent with applicable law.

9.3 GDPR Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the GDPR and its UK and Swiss equivalents:

Right of access — obtain confirmation of whether we process your data and a copy of that data
Right to rectification — correct inaccurate or incomplete personal data
Right to erasure — request deletion of your personal data in certain circumstances
Right to restrict processing — limit how we process your data in specific situations
Right to data portability — receive your data in a structured, commonly used, machine-readable format
Right to object — object to processing based on legitimate interests or for direct marketing purposes
Right to withdraw consent — withdraw previously given consent at any time
Right to lodge a complaint — file a complaint with your local data protection supervisory authority

9.4 Exercising Your Rights

To exercise any of these rights, please contact us at support@peacehorizon.autos or write to us at the address listed in Section 14. We will respond to verifiable requests within the timeframe required by applicable law — typically 45 days under the CCPA, with the possibility of a 45-day extension when reasonably necessary, and one month under the GDPR, extendable by two months for complex or numerous requests.

We will verify your identity before fulfilling requests. Verification may require you to confirm specific pieces of information we already hold about you, or to authenticate through your account. If you use an authorized agent to submit a request, we may require written proof of authorization and may verify your identity directly. Any information collected for identity verification will be used solely for that purpose and deleted promptly after the request is resolved.

10. Children's Privacy

Peace Horizon services are not directed to or intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from anyone under 16 years of age. If we learn that we have inadvertently collected personal information from a child under 16 without verified parental consent, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@peacehorizon.autos so we can take appropriate action. We comply with the Children's Online Privacy Protection Act (COPPA) and all other applicable laws regarding the privacy of minors. We do not sell the personal information of consumers we actually know to be under 16 years of age without affirmative authorization as required by the CCPA.

11. International Data Transfers

Peace Horizon is headquartered in the United States, and your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

When we transfer personal information across borders, we implement appropriate safeguards in accordance with applicable law to ensure your data remains protected. These safeguards include:

Standard Contractual Clauses (SCCs) — we use the European Commission-approved SCCs, including the UK addendum and Swiss addendum where applicable, as the legal transfer mechanism for data transfers from the EEA, UK, and Switzerland
Adequacy decisions — we rely on adequacy decisions where the European Commission has determined a country provides an adequate level of data protection
Data Processing Agreements (DPAs) — all service providers processing personal data on our behalf are bound by DPAs that include transfer safeguard provisions
Transfer impact assessments — we conduct assessments of the laws and practices of destination countries and implement supplementary measures where necessary to bring protection to the required standard
Technical measures — where appropriate, we apply additional technical safeguards such as encryption with key management outside the destination jurisdiction, pseudonymization, and data segmentation

By using Peace Horizon services, you acknowledge that your information may be transferred to, stored, and processed in the United States and other countries as described in this policy.

12. Third-Party Links and Services

Peace Horizon may contain links to third-party websites, plugins, applications, or services that are not owned or controlled by Ivory Trunk LLC. These links are provided for your convenience and reference only. We are not responsible for the privacy practices, content, or security of any third-party site or service. We encourage you to review the privacy policies of every third-party service you interact with, including those linked from our platform.

Additionally, our services may integrate with social media platforms, payment gateways, mapping services, and other third-party APIs. Your interactions with these features are governed by the privacy policies of the respective companies providing them, not by this Privacy Policy. We do not control how these third parties collect, use, or share your data.

This Privacy Policy applies solely to information collected by Peace Horizon and Ivory Trunk LLC through our own website, applications, and direct interactions with you. It does not apply to information collected offline or through other channels unless specifically stated.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or operational needs. We reserve the right to modify this policy at any time, and we will always indicate the effective date of the current version at the top of the page.

For material changes, we will provide prominent notice through one or more of the following methods before the changes take effect:

A prominent banner or notification on the Peace Horizon website
An email notification sent to the address associated with your account
An in-app notification or interstitial notice requiring acknowledgment
A notice posted at least 30 days before the effective date for substantial changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of Peace Horizon services after any changes to this policy constitutes your acknowledgment of the updated terms. If you do not agree with the revised policy, you should discontinue use of our services and may request deletion of your information as described in Section 9.

13.1 Version History

Version	Effective Date	Summary of Changes
1.0	June 20, 2026	Initial publication of the Peace Horizon Privacy Policy

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, we encourage you to reach out. We are committed to addressing your inquiries promptly and transparently.

Peace Horizon — Data Protection Office

Company: Ivory Trunk LLC
Address: 1309 Coffeen Ave Ste 1200, Sheridan, WY 82801-5777, United States
Email: support@peacehorizon.autos
Website: peacehorizon.autos

Response Time: We aim to acknowledge all privacy-related inquiries within 5 business days and provide a substantive response within 30 days. Complex requests may require additional time, and we will notify you if an extension is necessary.

14.1 Supervisory Authority Complaints

If you believe our processing of your personal information violates applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. For California residents, this is the California Privacy Protection Agency (CPPA). For EEA residents, you may contact the supervisory authority in your country of residence. We would, however, appreciate the opportunity to address your concerns directly before you approach a regulatory body, and we encourage you to contact us first.