PRIVACY POLICY

Effective Date: September 12, 2025

Last Updated: September 12, 2025

1. Introduction

Halogen AI, Inc. ("Halogen AI," "we," "us," or "our") is committed to protecting the privacy and security of the personal information we collect from our business customers and their authorized users ("you" or "your"). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our B2B SaaS platform and services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect the following categories of personal information that you provide to us:

  • Account Information: Business contact names, business email addresses (used for account login and authentication), company name, job title, and business phone numbers
  • Payment Information: Billing details, credit card information (processed securely through our payment processor Stripe), billing address, and subscription details
  • Business Data: Information about your business that you input into our platform to generate go-to-market (GTM) plans, including business strategies, market data, competitive information, and other business-related inputs
  • Communications: Information contained in your communications with us, including support requests, feedback, and other correspondence

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Usage Data: Information about how you interact with our Services, including features used, actions taken, and time spent on the platform
  • Log Data: IP addresses, browser type and version, device information, operating system, referring URLs, and access times
  • Analytics Data: Performance metrics and usage patterns collected through Google Cloud services

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our Services, including generating GTM plans based on your inputs
  • Account Management: To create and manage your account, authenticate users, and provide customer support
  • Payment Processing: To process payments, manage subscriptions, and send billing-related communications
  • Communications: To send service-related announcements, technical notices, updates, security alerts, and support messages
  • Analytics and Improvement: To analyze usage patterns, improve our Services, and develop new features
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Security: To detect, prevent, and address technical issues, fraud, and security incidents

4. Legal Basis for Processing (GDPR)

For customers in the European Economic Area, we process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our contractual obligations to provide the Services
  • Legitimate Interests: Processing necessary for our legitimate business interests, including improving our Services, securing our platform, and conducting business analytics
  • Legal Obligations: Processing necessary to comply with applicable laws and regulations
  • Consent: Where we have obtained your explicit consent for specific processing activities

5. Data Sharing and Disclosure

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

  • Stripe: For payment processing and billing management
  • Vercel: For hosting and infrastructure services
  • Google Cloud: For cloud storage, computing services, and analytics

These providers are contractually obligated to protect your information and may only use it to perform services on our behalf.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Requests from government authorities or law enforcement
  • Protection of our rights, property, or safety, or that of others

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Information: Retained for the duration of your active subscription
  • Business Data and GTM Outputs: Retained throughout your subscription period plus six (6) months after termination
  • Payment Information: Retained as required for accounting, tax, and legal compliance purposes
  • Communications: Retained as necessary for business records and legal compliance

After the retention period, we will securely delete or anonymize your personal information.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Access Controls: Role-based access controls and authentication mechanisms to ensure only authorized personnel can access personal information
  • Encryption: HTTPS encryption for data in transit
  • Security Monitoring: Regular security assessments and monitoring for potential vulnerabilities
  • Incident Response: Established procedures for responding to security incidents

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Rights Under GDPR (European Economic Area)

If you are located in the EEA, you have the following rights:

  • Access: Request access to your personal information
  • Rectification: Request correction of inaccurate or incomplete information
  • Erasure: Request deletion of your personal information
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Request a copy of your information in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

8.2 Rights Under U.S. State Privacy Laws

Residents of certain U.S. states may have additional rights, including:

  • California (CCPA/CPRA): Right to know, delete, correct, opt-out of sale/sharing, and non-discrimination
  • Other State Laws: Similar rights may apply under Virginia, Colorado, Connecticut, and other state privacy laws

8.3 Canadian Privacy Rights

Canadian residents have rights under PIPEDA and applicable provincial laws, including the right to access and correct personal information.

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@halo-gen.ai. We will respond to your request within the timeframe required by applicable law (generally within 30 days).

9. International Data Transfers

We operate from the United States and process data in the United States. We do not transfer personal data outside of North America. If you are accessing our Services from outside the United States or Canada, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

11. Do Not Track Signals

Our Services do not currently respond to "Do Not Track" signals from web browsers. However, you can manage cookies and tracking technologies through your browser settings.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending notification to your registered email address for material changes

Your continued use of our Services after such modifications constitutes your acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Halogen AI, Inc.
Email: privacy@halo-gen.ai
Address: 1545 NE 90th St, Seattle, WA 98115

For EU/EEA residents, you also have the right to lodge a complaint with your local supervisory authority.

14. California Privacy Rights Disclosure

This section applies to California residents and supplements the information in this Privacy Policy.

Categories of Personal Information Collected

In the past 12 months, we have collected the categories of personal information described in Section 2 of this Privacy Policy.

Sale and Sharing of Personal Information

  • Sale: We do not sell personal information as defined under the CCPA/CPRA
  • Sharing: We may share personal information through the use of cookies and analytics tools (Google Analytics) for cross-context behavioral advertising purposes. You have the right to opt-out of such sharing.

Opt-Out Rights

To opt-out of the sharing of your personal information:

  • Adjust your browser settings to reject cookies
  • Use Global Privacy Control (GPC) signals (implementation pending)
  • Contact us at privacy@halo-gen.ai

Sensitive Personal Information

We do not collect or process sensitive personal information as defined under the CPRA.

Acknowledgment: By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.