Last updated: November 23, 2025
Your privacy matters to us. Learn how we collect, use, and protect your information.
When you create an account, we collect your email address, name, and password. If you sign in with Google or GitHub, we receive your profile information from those services.
We automatically collect information about how you use our services, including your IP address, browser type, device information, pages visited, and features used. This helps us improve our platform and provide better service.
We store the code, files, and projects you create using our platform. This data is necessary to provide our core services and is stored securely in encrypted databases.
Payment details are processed securely through Stripe. We do not store your full credit card information on our servers. We only retain transaction records and subscription status.
We use your information to provide, maintain, and improve our AI-powered development platform. This includes processing your code, generating responses, and storing your projects.
We may send you service-related emails, such as account notifications, security alerts, and important updates about our platform. You can opt out of marketing emails at any time.
We analyze usage patterns to understand how users interact with our platform, identify bugs, and develop new features. This data is aggregated and anonymized whenever possible.
We use your information to detect and prevent fraudulent activity, abuse, and security threats. This helps protect both you and other users of our platform.
All data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL protocols. Sensitive data at rest is encrypted using AES-256 encryption.
We implement strict access controls to ensure that only authorized personnel can access user data, and only when necessary for support or maintenance purposes.
We conduct regular security audits and vulnerability assessments to identify and address potential security risks. Our infrastructure is monitored 24/7 for suspicious activity.
Your data is automatically backed up to multiple secure locations to prevent data loss. Backups are encrypted and stored in geographically distributed data centers.
We use trusted third-party services for specific functions: Firebase for authentication and database, Stripe for payments, and Anthropic for AI models. These providers have their own privacy policies.
We may disclose your information if required by law, court order, or government request. We will notify you of such requests unless prohibited by law.
If Xork is acquired or merged with another company, your information may be transferred to the new owners. We will notify you before your information becomes subject to a different privacy policy.
We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is yours, and we respect that.
We use cookies to maintain your session, remember your preferences, and ensure the security of your account. These cookies are necessary for our platform to function properly.
We use analytics tools like Google Analytics to understand how users interact with our platform. You can opt out of analytics tracking through your browser settings.
You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our platform.
You have the right to access your personal data and request a copy in a portable format. You can export your projects at any time through your account settings.
You can update your account information at any time through your profile settings. If you notice any inaccuracies, please let us know so we can correct them.
You can request deletion of your account and associated data at any time. Some data may be retained for legal or security purposes as required by law.
You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or adjusting your notification preferences in account settings.
Our services are hosted on cloud infrastructure that may store data in multiple countries. We ensure that all data transfers comply with applicable data protection laws.
For users in the European Union, we comply with GDPR requirements. This includes providing data portability, the right to be forgotten, and transparent data processing practices.
We implement appropriate safeguards to protect your data when it is transferred internationally, including encryption and contractual protections with our service providers.
We retain your data for as long as your account is active or as needed to provide our services. This includes your projects, usage history, and account information.
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, security, or fraud prevention purposes.
Deleted data may persist in backup systems for up to 90 days before being permanently removed. During this period, the data is not accessible through our platform.
If you have questions about this privacy policy or how we handle your data, please contact us at privacy@halo.com. We're here to help and will respond within 48 hours.
We may update this privacy policy from time to time. We will notify you of significant changes via email or through a prominent notice on our platform.
This privacy policy is effective as of November 23, 2025. Your continued use of our services after any changes indicates your acceptance of the updated policy.
Bank-level security for all your data
Full compliance with EU data protection
Export or delete your data anytime
We're committed to transparency. If you have any questions about how we handle your data, we're here to help.