Last updated: March 2026 · This policy is subject to legal counsel review.
HALMAI provides runtime enforcement and governance infrastructure for AI systems. This policy describes what data we collect through our website, documentation portal, and administrative interfaces — and how we handle it.
This policy covers the HALMAI website and related web surfaces only. It does not cover customer runtime data processed through HALMAI's enforcement APIs, which is governed by separate customer agreements.
When you submit a contact form, request access, or interact with the on-site assistant, we may collect your name, work email address, company name, use case description, timeline, and a summary of the conversation. This data is stored to evaluate inquiries and follow up on access requests.
Access to certain HALMAI documentation may require authentication. We log access events to control distribution and protect pre-release material. We do not track reading behavior beyond access timestamps.
Authenticated users of HALMAI dashboards (admin, auditor, and customer consoles) generate session and access logs as part of normal platform operation. These logs support audit, security, and operational integrity.
This site uses functional cookies required for session management and authentication. We do not use third-party advertising trackers. If analytics tooling is active, it is limited to aggregate usage metrics.
Note for counsel: If third-party analytics (e.g. GA4) or session replay tools are added, a cookie consent mechanism and explicit disclosure should be implemented.
Like most websites, we collect standard technical information including IP address, browser type, referring URL, and page visit timestamps. This data supports security monitoring and basic analytics.
Lead and inquiry data submitted through the website is accessible to authorized HALMAI team members responsible for sales, support, and product evaluation. Access to this data is controlled through authenticated admin interfaces and is subject to internal access policies.
We do not sell your data. We may share information with infrastructure providers necessary to operate the platform (hosting, database, email delivery) under standard data processing terms. We may also disclose data if required by law.
Note for counsel: Specific sub-processor list, DPA terms, and cross-border transfer mechanisms should be documented here once finalized.
Lead and inquiry data is retained for as long as it is needed to evaluate and respond to your request. Platform audit logs are retained in accordance with customer contracts and applicable compliance requirements. You may request deletion of your personal data at any time.
Note for counsel: Specific retention periods and automated deletion schedules should be defined per data category.
HALMAI is built around runtime enforcement and audit integrity. We apply the same governance standards to our own infrastructure — including access controls, hash-chained audit trails, and environment isolation.
Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us using the information below.
Note for counsel: Jurisdiction-specific rights (GDPR, CCPA) should be enumerated once operational scope is confirmed.
For privacy-related inquiries, data access requests, or questions about this policy, reach us through our contact page.
This policy may be updated as HALMAI's product and operational scope evolve. Material changes will be noted with an updated revision date.