Privacy Policy

This Policy applies to personal information we process as a controller — for example, information about visitors to our website, prospective customers, and the individual users who administer customer accounts.

When we process personal information contained in Customer Data on behalf of a business customer in order to provide the Services, we act as a processor (or "service provider" under CCPA/CPRA). In those cases, our customer is the controller, our processing is governed by our agreement with that customer, and you should direct privacy requests to that customer. The handling of that data is described in Section 9.

Information you provide. This includes contact details (name, email, company, job title), account credentials, billing and payment information, communications you send us, and any information you choose to provide through forms, demos, or support requests.

Information collected automatically. When you use our website or Services, we may collect device and usage information such as IP address, browser type, pages viewed, referring URLs, timestamps, and similar log data, including through cookies and similar technologies (see Section 7).

Information from third parties. We may receive information from business partners, analytics providers, and publicly available sources, such as enrichment data used for sales and marketing.

We do not intentionally collect sensitive personal information about website visitors, and we do not knowingly collect personal information from children under 16.

Where the GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Services you request); legitimate interests (to operate, secure, and improve our business, where not overridden by your rights); consent (for certain marketing and cookies, which you may withdraw at any time); and compliance with legal obligations.

We are based in the United States and may process personal information in the United States and other countries. Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country not deemed to provide an adequate level of protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with supplementary measures where required.

We use cookies and similar technologies to operate the website, remember preferences, analyze traffic, and support marketing. You can control cookies through your browser settings and, where offered, through our cookie banner. Some features may not function properly if you disable certain cookies. We honor recognized opt-out preference signals, such as Global Privacy Control, where required by law.

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and the context. For Customer Data processed on behalf of business customers, retention is governed by our customer agreements and our data retention practices, after which data is deleted or de-identified.

When you are an individual whose personal information appears in Customer Data submitted by one of our business customers, that customer determines how the data is used. We process it only on the customer's documented instructions to provide the Services, to maintain security, and as required by law. If you wish to exercise privacy rights with respect to such data, please contact the relevant customer (the controller). We will support our customers in responding to such requests as required by our agreements and applicable law.

California (CCPA/CPRA). California residents have the rights to know, delete, correct, and opt out of the sale or sharing of personal information, and the right not to receive discriminatory treatment for exercising their rights. We do not sell personal information for money. To the extent any disclosures for cross-context behavioral advertising constitute "sharing," you may opt out as described below.

EU/UK (GDPR). You may exercise the rights above and have the right to lodge a complaint with your local supervisory authority.

To make a request, contact us at privacy@haladir.com. We will verify your request consistent with applicable law and respond within the required timeframe — generally within 45 days under CCPA/CPRA (extendable by a further 45 days) and within one month under GDPR (extendable where permitted). You may use an authorized agent to submit a request where the law allows. We will not discriminate against you for exercising your rights.

We maintain administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit and at rest where appropriate, logging and monitoring, and vendor risk management. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

The Services are not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us personal information, please contact us so we can delete it.

We may update this Policy from time to time. If we make material changes, we will provide notice by posting the updated Policy on haladir.com and updating the "Last updated" date, or by other means as required by law. Your continued use of the Services after the changes take effect indicates your acceptance.

For questions or requests regarding this Policy or your personal information:

If you are in the EEA or UK and have concerns we have not resolved, you may contact your local data protection authority.