Privacy Policy

1. Information We Collect

We collect data you provide directly to us when requesting a demo, contacting our team, or subscribing to updates. This includes name, email address, company name, job title, and phone number.

We also automatically gather technical details when visitors interact with our platform. This encompasses cookies, session identifiers, IP addresses, browser type and version, device characteristics, operating system, referring URLs, and page interaction patterns. Analytics tools help us understand how visitors navigate our site, which features attract the most engagement, and where users may encounter difficulties.

Log files capture timestamps, clickstream data, and usage metrics that enable us to monitor system performance, diagnose technical issues, and optimize the user experience across different devices and browsers.

2. How We Use Your Information

We utilize collected data to deliver, maintain, and enhance our HSE management platform. This includes processing demo requests, responding to support inquiries, sending product updates and security notifications, and customizing content based on industry and company size.

Analytics guide our development priorities, helping us identify which safety modules receive the most adoption, which workflows need refinement, and which integrations would benefit our clients most. We also use contact details to share relevant content such as compliance guides, industry benchmarks, and platform training resources.

Legal compliance requires us to maintain records for audit purposes, respond to lawful requests from authorities, and fulfill contractual obligations with enterprise clients who deploy Haloehs across multiple facilities and operations.

3. Data Security

We implement enterprise-grade safeguards to protect personal and organizational data. All transmitted content uses TLS 1.3 encryption protocols. Stored records are encrypted using AES-256 standards, ensuring that sensitive safety reports, incident documentation, and compliance records remain secure.

Our infrastructure undergoes annual SOC 2 Type II audits conducted by independent third-party assessors. These examinations verify that our controls for security, availability, and confidentiality meet rigorous industry benchmarks. Penetration testing occurs quarterly to identify and remediate potential vulnerabilities before they can be exploited.

Access controls follow the principle of least privilege. Multi-factor authentication is mandatory for all administrative accounts. Employee training on data handling procedures occurs during onboarding and annually thereafter. Incident response protocols are tested regularly to ensure rapid containment and notification in the unlikely event of a breach.

4. Data Retention

We retain personal records only as long as operationally necessary or legally required. Marketing contacts who do not engage with communications for 24 months are archived and eventually purged from active systems. Demo request details are maintained for 36 months to support long sales cycles common in enterprise B2B environments.

Client account records remain accessible throughout the subscription period plus seven years following contract termination, consistent with international record-keeping standards for occupational health and safety documentation. This extended retention supports audit trails, regulatory investigations, and historical incident analysis that safety professionals often require.

5. Your Rights

Individuals have specific rights regarding personal records under GDPR (European Union), CCPA (California), and similar regulations worldwide. These include the right to access what data we hold, request corrections to inaccurate records, obtain copies in portable formats, and demand deletion when no longer legally required.

EU residents may object to processing based on legitimate interests and request restriction of certain activities. California residents can opt out of any sale of personal details, though Haloehs does not sell customer data to third parties. All individuals may withdraw consent for marketing communications at any time via unsubscribe links or direct request.

To exercise these rights, email privacy@haloehs.com with specific details about the action requested. We respond within 30 days, or sooner when feasible. Verification of identity may be required to prevent unauthorized disclosure.

6. Contact Us

For questions about this Privacy Policy or data practices, please reach out at privacy@haloehs.com. Our team typically responds within two business days.

7. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations. When material modifications occur, we will notify active users via email at least 14 days before the new terms take effect.

The “Last updated” date at the top of this page indicates when the most recent revision was published. We encourage periodic review of this policy, especially before sharing new categories of data with us. Continued use of Haloehs services after policy updates constitutes acceptance of the revised terms.