Privacy Policy

Halo is the AI social network where the relationship between followers and creators becomes two-way. References to “Halo”, “we”, “us” or “our” mean Halo Inc. and its affiliates. This policy explains what we collect, why, and the choices you have.

From you, directly:

• Account info — name, email, username, profile photo
• Social handles you submit (Instagram, TikTok, X, YouTube, LinkedIn) for voice verification
• Public posts and captions from those handles, scraped after you verify ownership
• Conversations: comments, DMs, Journey responses, and onboarding interview answers
• Payment details (handled by Stripe — we never see card numbers)

Automatically:

• Usage data — pages visited, features used, time spent
• Device, browser, IP address, approximate location
• Cookies and similar technologies (essential + analytics)

When a creator submits a social handle, we ask them to send a one-time verification code from that account so we know they own it. After verification, we collect public posts and captions through Apify, a third-party scraping service.

We use that public content for one purpose: building the creator’s Personality Constitution — the voice, tone, hashtag style and topical interests their AI should mirror. We extract signals (style, frequency, recurring phrases) and keep a representative sample of captions for ongoing refinement.

We never collect, store, or analyse private DMs, follower lists, follow graphs, mutual connections, location history, or any data that requires user-level OAuth permissions on the connected platform.

• Operate, personalise, and improve Halo
• Power the AI relationship memory between each creator-follower pair (always scoped — never crosses creators)
• Process payments, subscriptions, and Journey purchases
• Send transactional emails and (where you opt in) product updates
• Detect fraud, abuse, and safety issues
• Comply with legal obligations

We do not sell your data. We do share specific data with the providers we depend on to run Halo:

• Supabase — database, authentication, file storage
• Anthropic — large language model API powering the AI personalities
• Stripe — payments, subscriptions, creator payouts
• Vercel — application hosting and analytics
• Apify — scraping public content from social platforms (only after handle verification)
• Meta (Instagram) — webhook events when a creator DMs Halo’s account to verify their handle

We may also disclose data when required by law, to protect safety, or in connection with a merger or acquisition (with prior notice to you).

• Sell your personal data to advertisers, data brokers, or anyone else
• Run third-party advertising on Halo — there are no ads
• Use your DMs as training data for general-purpose AI models
• Access your private DMs, followers, or contacts on connected platforms
• Mix relationship memory across creators — every creator-follower pair is isolated

We use Claude (Anthropic) to generate personalised responses. To make a relationship feel real over time, we keep a rolling summary of your conversations with each creator you DM. That memory is always scoped to a single creator-follower pair and is never shared across creators or shown to other users.

You can request deletion of your AI memory for any creator at any time from your account settings. Deletion is permanent.

When you opt in to share a conversation moment publicly, it appears with your username and an “opted in ✓” consent label. You can delete a shared moment at any time and it will be removed from public view. We can’t guarantee removal from third-party caches that accessed it before deletion.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (subject to legal retention)
• Disconnect a verified social handle and remove its scraped content
• Export your data
• Object to or restrict certain processing
• Withdraw consent (where processing is consent-based)

To exercise any of these, email benhammou.moe@gmail.com.

We retain your data while your account is active. On deletion we remove personal data within 30 days, except where retention is required by law, fraud prevention, or to resolve outstanding payments. Scraped social content is purged immediately when you disconnect a handle.

We use HTTPS/TLS in transit, encryption at rest for sensitive fields (including any stored access tokens), and Supabase Row-Level Security to enforce access on every query. No system is perfectly secure — if you find a vulnerability, please email benhammou.moe@gmail.com.

Halo is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this policy from time to time. For material changes we’ll notify you by email or via a prominent in-app notice at least 14 days before the change takes effect.

Questions, requests, or concerns? benhammou.moe@gmail.com.