Privacy Policy

Last updated: February 2026

1. Introduction

HAL ("Human Accountability Layer") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

2. What We Do NOT Collect

HAL is built on a privacy-by-design principle. We do NOT:

• Read, store, or transmit your document content
• Access your document text on our servers
• Use AI to analyze your documents
• Share any data with third parties for advertising
• Track your activity across websites

3. What We Collect

When you use HAL with a connected account, we collect:

• Account information: email address, name (from OAuth provider)
• Audit metadata: which document was marked (by ID only), what type of mark was applied, who applied it, and when
• Usage data: entitlement checks, login timestamps

We explicitly do NOT store: document text, paragraph content, file contents, or any personally identifiable document information.

4. How We Use Your Data

• To provide the HAL service (audit logging, entitlement checking)
• To maintain your account and team membership
• To enforce licensing and seat limits
• To improve the service (aggregated, anonymized analytics)

5. Data Retention

Audit log retention depends on your plan:

• Free: 7 days
• Pro: 90 days
• Enterprise: 365 days

After the retention period, audit logs are automatically deleted. You can request deletion of your account and all associated data at any time.

6. Data Security

We use industry-standard security measures including:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest (AWS RDS encryption)
• OAuth 2.0 authentication via AWS Cognito
• Isolated tenant data (multi-tenancy with data separation)

7. Your Rights

You have the right to:

• Access your stored data
• Request correction of inaccurate data
• Request deletion of your data
• Export your audit logs
• Withdraw consent at any time

8. Contact

For privacy-related inquiries, contact us at governance@halayer.com.