Mindful Media Network LLC, doing business as Mindful Media ("Mindful Media," "we," "us," or "our"), operates Halo, a developer tool for children's privacy compliance analysis, available at runhalo.dev. This Privacy Policy describes how we collect, use, store, and protect information when you use Halo.

1. Information We Collect

Information You Provide:

• Account information — email address, company name, and role when you create an account or contact support.
• Payment information — when you subscribe to a paid plan. Payments are handled by a third-party payment processor. We do not store credit card numbers on our servers.
• Attestation responses — when you complete compliance attestation questionnaires within Halo.
• Team information — member email addresses and roles when you create or join an organization.

Information Generated Through Use:

• CLI telemetry (opt-in only) — CLI version, runtime version, and operating system.
• Scan metadata (paid tiers) — compliance scores, finding counts, scan timestamps, and repository identifiers.
• Website usage data — we use analytics services that may use cookies. See Section 6.

2. Information We Do NOT Collect

3. How We Use Your Information

• Provide and operate Halo's services.
• Process payments and manage subscriptions.
• Send transactional and, where opted in, marketing communications.
• Improve accuracy through anonymized, aggregated scan data. All training data is de-identified.
• Respond to support requests and comply with legal obligations.

4. AI Processing

Halo's AI Review processes scan findings using third-party AI services. When you initiate AI Review:

• Finding descriptions, rule metadata, and truncated code context are sent to a third-party AI service.
• Source code is never sent to AI providers.
• The specific service may vary by plan tier and may change over time.

5. Third-Party Services

We use the following categories of third-party service providers:

• Cloud infrastructure and database hosting
• Payment processing
• AI service providers
• Email delivery
• Website hosting and content delivery
• Application monitoring
• Website analytics

We do not use advertising networks, behavioral advertising, or data brokers.

6. Cookies

• Essential: Session cookies for authentication. Strictly necessary; cannot be disabled.
• Analytics: Used to understand website usage. Opt out via browser settings.

We do not use cookies for advertising or cross-site tracking.

7. Data Storage and Security

Data is stored using cloud infrastructure with encryption at rest and in transit. Data is stored in the United States. Additional protections include anonymization of training data, file path truncation, cryptographic hashing of API keys, and row-level security on user-scoped database tables.

8. Data Retention

• Account data: retained until account closure; deleted within 30 days of request.
• Scan metadata: retained for subscription duration plus 90 days.
• Attestation responses: retained while account is active.
• CLI telemetry: up to 12 months.
• Anonymized training data: may be retained indefinitely. Cannot be traced to you.

9. International Data Transfers

Our infrastructure is in the United States. If you access Halo from outside the US, your information will be transferred to and processed in the US. For EEA, UK, or Swiss users, transfers are conducted pursuant to standard contractual clauses or other lawful mechanisms.

10. Your Rights

Depending on your location, you may have rights including: access, correction, deletion, portability, restriction, objection, and opt-out of marketing or analytics. To exercise these rights, email [email protected]. We will respond within 30 days.

California residents have additional rights under the CCPA. We do not sell personal information.

11. Children's Privacy

Halo is a developer tool for software professionals. It is not directed at children. We do not knowingly collect information from individuals under 16. Contact [email protected] if you believe a minor has provided information.

12. Data Breach Notification

In the event of a breach compromising personal information, we will notify affected users within 72 hours, consistent with applicable law.

13. Changes to This Policy

Material changes will be communicated via runhalo.dev and email to registered users. Continued use after changes constitutes acceptance.

14. Contact

Mindful Media Network LLC — [email protected]