Privacy Policy

This Privacy Policy describes how Halo AI, Inc. (“Halo AI,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with our website (haloagents.ai), our AI-powered customer success platform, our embeddable SDK, and all related services (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use our Services.

1. Who This Policy Applies To

This Privacy Policy applies to the following categories of individuals:

• Customers: Organizations and individuals that subscribe to the Halo AI platform and embed our SDK into their applications.
• End Users:Individuals who interact with the Halo AI agent embedded in a Customer’s application, including through chat, voice, and video interfaces.
• Website Visitors: Individuals who visit haloagents.ai or any of our publicly accessible web pages.

When we process End User data on behalf of a Customer, the Customer acts as the data controller and Halo AI acts as a data processor. In that context, the Customer’s own privacy policy governs how End User data is handled. This Privacy Policy governs our practices as a data controller for data we collect directly.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: Name, email address, company name, job title, phone number, and billing details when you register for or subscribe to our Services.
• Communication data: Messages, support requests, feedback, and any other content you send to us.
• Knowledge base content: Articles, documentation, FAQs, training materials, and other content you upload to configure your AI agent.
• Configuration data: Agent settings, appearance preferences, workflow rules, escalation policies, and integration credentials you provide.

2.2 Information Collected Through Our SDK

When a Customer embeds the Halo AI SDK in their application, the SDK may collect the following data from End Users, as configured by the Customer:

• User identifiers: User IDs, email addresses, and other identifying information the Customer chooses to pass to our SDK.
• Behavioral data: Page views, navigation paths, click events, DOM interactions, and UI element visibility to enable the AI agent to provide contextual, proactive guidance.
• Conversation data: Chat messages, voice transcriptions, and video session metadata exchanged between End Users and the AI agent.
• Device and browser information: Browser type and version, operating system, screen resolution, language preference, and time zone.
• Session data: Session identifiers, timestamps, duration, and referring URLs.

2.3 Information Collected Automatically

• Log data: IP address (used for approximate geolocation only, not stored in raw form), request timestamps, HTTP method, response status, and referring URLs.
• Cookies and similar technologies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies. See Section 8 for more details.
• Analytics data: Aggregated usage patterns, feature adoption metrics, and performance data to improve our Services.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Services: Deliver AI-powered customer success capabilities, process conversations, generate contextual guidance, and manage your account.
• Train and improve our AI models: Conversation data and interaction patterns are used to improve the accuracy, relevance, and helpfulness of our AI agents. Customer data is logically isolated and is never used to train models for other customers without explicit consent.
• Enable proactive engagement: Analyze behavioral data collected through the SDK to identify user friction points and deliver timely, contextual assistance within Customer applications.
• Process escalations: When the AI agent reaches its limits, we create tickets and relay information between End Users and Customer support teams.
• Communicate with you: Send transactional emails, service announcements, security alerts, and (with your consent) marketing communications.
• Ensure security and prevent abuse: Detect and prevent fraud, unauthorized access, and other harmful activities.
• Comply with legal obligations: Respond to lawful requests from public authorities, including to meet law enforcement requirements.
• Analyze and improve the Services: Conduct research and analysis to improve performance, reliability, and user experience.

4. How We Share Your Information

We do not sell personal information. We share information only in the following circumstances:

• With Customers: End User interaction data, conversation history, and behavioral analytics are shared with the Customer whose application the End User is using. Customers control how this data is used within their organization.
• Service providers: We engage trusted third-party service providers who process data on our behalf, including cloud infrastructure providers, AI model providers (e.g., Anthropic for language processing, ElevenLabs for voice synthesis), payment processors (e.g., Stripe), email delivery services, and analytics tools. These providers are contractually bound to use data solely for the purposes we specify and are subject to appropriate security obligations.
• Legal requirements: We may disclose information when required by law, court order, subpoena, or other legal process. Where permitted, we will notify affected Customers of such requests and cooperate with them to challenge or limit disclosure.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of the transaction. We will provide notice before personal information becomes subject to a different privacy policy.
• With your consent: We may share information for any other purpose with your explicit consent.

5. AI Data Processing and Model Training

Halo AI’s core functionality relies on artificial intelligence. We are committed to transparency about how data is used in our AI systems:

• Customer isolation:Each Customer’s data is logically isolated. Knowledge bases, conversation histories, and behavioral data from one Customer are never accessible to or used for the benefit of another Customer.
• Self-improving agents:Our AI agents improve over time by learning from interactions and human escalation resolutions within a Customer’s own environment. This learning is scoped exclusively to that Customer’s data.
• Third-party AI providers:We use third-party AI services (such as Anthropic’s Claude) to power portions of our AI capabilities. Data sent to these providers is processed under strict data processing agreements that prohibit the use of your data to train their general-purpose models.
• Aggregated insights: We may use aggregated, de-identified data across our platform to improve general product performance, benchmark quality, and develop new features. This data cannot be used to identify any individual or Customer.

6. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account data:Retained for the duration of the Customer’s subscription and for up to 30 days after account deletion to enable recovery.
• Conversation data:Retained in accordance with the Customer’s configured retention settings or for the duration of the subscription, whichever is shorter.
• Behavioral and session data: Automatically purged after 12 months of inactivity unless the Customer configures a different retention period.
• Log and security data: Retained for up to 12 months for security monitoring and incident investigation purposes.
• Billing records: Retained as required by applicable tax and accounting laws, typically for up to 7 years.

Customers may request deletion of their data at any time by contacting us at support@haloagents.ai. Upon verified request, we will delete or anonymize the data within 30 days, except where retention is required by law.

7. Data Security

We implement industry-standard technical and organizational measures to protect personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Logical tenant isolation at the application and database layers to prevent cross-customer data access.
• Role-based access controls and least-privilege principles for internal access to production systems.
• Regular security assessments, vulnerability scanning, and penetration testing.
• Automated monitoring and alerting for suspicious activity and unauthorized access attempts.
• Incident response procedures with defined notification timelines for affected Customers.

While no system can guarantee absolute security, we continuously review and improve our security practices to protect your data.

8. Cookies and Tracking Technologies

We use the following categories of cookies:

• Strictly necessary cookies: Required for authentication, session management, and security. These cannot be disabled.
• Functional cookies: Remember your preferences and settings (such as language and display preferences) to enhance your experience.
• Analytics cookies: Help us understand how visitors interact with our website and Services so we can improve them. These are only placed with your consent where required by law.

We do not use third-party advertising or cross-site tracking cookies. Our SDK uses session-scoped identifiers rather than persistent tracking cookies to deliver contextual assistance within Customer applications.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request a machine-readable copy of your data for transfer to another provider.
• Restriction: Request that we restrict certain processing activities.
• Objection: Object to processing based on our legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, contact us at support@haloagents.ai. We will respond within 30 days, or sooner where required by law.

For End Users:If you interact with a Halo AI agent embedded in another company’s application and wish to exercise your privacy rights, please contact that company directly. As a data processor, we will cooperate with the Customer to fulfill your request.

10. International Data Transfers

Halo AI is based in the United States, and our Services are hosted on infrastructure located in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate.

Where required by applicable law, we implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission and other transfer mechanisms recognized under applicable data protection laws.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• The right to know what personal information we have collected, the sources of collection, the business purpose, and the categories of third parties with whom it is shared.
• The right to delete your personal information.
• The right to opt out of the sale or sharing of personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.

To submit a verifiable consumer request, contact us at support@haloagents.ai.

12. European Economic Area, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Performance of a contract: To provide the Services you have subscribed to.
• Legitimate interests: To improve our Services, ensure security, prevent fraud, and communicate with you about your account, where those interests are not overridden by your data protection rights.
• Consent: For marketing communications and non-essential analytics cookies.
• Legal obligation: To comply with applicable legal requirements.

You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable law.

13. Children’s Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@haloagents.ai.

14. Third-Party Links and Integrations

Our Services may contain links to third-party websites or integrate with third-party services (such as Slack, Google Workspace, and other tools Customers connect). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Services after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: