Where your data lives
Workflows are built inside the systems your business already controls - your CRM, your inbox, your document storage, your practice software. We do not store client data in our own infrastructure. Where an engagement includes hosting, it runs single-tenant on Microsoft Azure in Australia, so data stays onshore.
Most Horizon AI builds read from and write to software you already run: Xero, MYOB, HubSpot, LEAP, PropertyMe, Microsoft 365, Google Workspace and the rest of the Australian SMB stack. The data path for every workflow is mapped and documented before anything ships, so you can see exactly what is read, what is written and where it goes.
What the AI providers see
Workflows use Claude, ChatGPT and Gemini on business and API tiers, where prompts and data are not used to train the providers' models. Zero-data-retention configurations are available on request for sensitive workloads. Consumer AI accounts are never used for client work.
This is a meaningful difference from pasting client information into a free chatbot. On the tiers we deploy, the provider processes the request and returns the result; the content does not become training material. For regulated or highly sensitive workflows, retention can be reduced further and the model mix adjusted to fit your obligations.
Approvals, access and audit
Every workflow runs on least-privilege access, keeps a human approval gate on client-facing and regulated outputs, and logs every AI action with the model used, tokens consumed and latency. Nothing consequential happens silently.
Access is scoped to the specific systems and records a workflow needs - not blanket admin rights. Outputs that touch a client, a regulator or money are drafted by the AI and signed off by a person. The audit trail means that six months later you can answer exactly what the AI did, when and with which model.
Encryption and ownership
Data is encrypted in transit and at rest. You own the delivered workflow, its configuration and all data it touches - if we part ways, the build keeps running in your accounts without us.
Workflows are deployed inside your accounts and, where applicable, your AI keys. Horizon AI keeps its reusable underlying framework; everything specific to your business is yours, with a written operating note for each automation so your team can run it independently.
In writing, not on trust
The commitments on this page - data location, no model training, approval gates, audit trails, ownership - are written into the engagement contract for every build. If a commitment matters to your compliance position, it is in the document you sign, not just on a web page.
If your firm has its own security review process, we work through it as part of scoping. Questions about a specific stack or obligation are exactly what the free audit call is for.
