HalaFlow
Back to Home

Privacy Policy

Last updated: December 29, 2024

1. Introduction

Welcome to HalaFlow ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp business automation platform and related services (collectively, the "Service").

By using HalaFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, password, and business details when you create an account.
  • Business Data: Information about your services, staff, bookings, and customers that you enter into the platform.
  • Communication Data: Messages, templates, and conversation history with your customers through WhatsApp and other channels.
  • Payment Information: Billing details and payment card information (processed securely by Stripe).
  • Support Communications: Information you provide when contacting our support team.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
  • Device Information: Browser type, operating system, device type, and IP address.
  • Analytics Data: Aggregated statistics about platform usage via Google Analytics and Vercel Analytics.
  • Cookies: Small data files stored on your device (see our Cookie Policy).

2.3 Information from Third Parties

  • WhatsApp/Meta: When you connect your WhatsApp Business account, we receive phone number details and messaging data.
  • Authentication Providers: If you sign in with Google, we receive your profile information.

3. How We Use Your Information

We use the collected information for:

  • Service Provision: To operate the platform, manage bookings, send messages, and provide customer support.
  • Communication: To send service updates, security alerts, and promotional content (with your consent).
  • Improvement: To analyze usage patterns, improve features, and develop new functionality.
  • Security: To detect and prevent fraud, abuse, and security threats.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Billing: To process payments and manage subscriptions.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

  • Service Providers: Third-party vendors who assist in operating our Service (e.g., Supabase for database, Stripe for payments, Meta for WhatsApp API).
  • Your Customers: When you send messages through our platform, recipient contact information is shared with WhatsApp/Meta for delivery.
  • Legal Requirements: When required by law, court order, or government authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • With Your Consent: When you explicitly authorize sharing.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Secure authentication with password hashing
  • Regular security audits and vulnerability assessments
  • Access controls and employee training
  • Infrastructure hosted on SOC 2 compliant cloud providers

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes described in this policy. Specifically:

  • Account Data: Retained while your account is active and for 30 days after deletion request.
  • Message History: Retained according to your workspace settings (default: 1 year).
  • Billing Records: Retained for 7 years as required by law.
  • Analytics Data: Aggregated data may be retained indefinitely.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data ("right to be forgotten").
  • Portability: Request export of your data in a machine-readable format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing for direct marketing purposes.
  • Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@halaflow.io. We will respond within 30 days.

8. GDPR Compliance

For users in the European Economic Area (EEA), we process your data under the following legal bases:

  • Contract Performance: Processing necessary to provide our Service.
  • Legitimate Interests: Improving our Service, marketing (with opt-out), and security.
  • Consent: For optional features and marketing communications.
  • Legal Obligation: Compliance with applicable laws.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data during transfer.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

HalaFlow

United Arab Emirates

General: contact@halaflow.io