Halio – Privacy Policy

1. Scope and Who We Are

This Privacy Policy explains how Plus M3 Ltd (trading as Halio, “we”, “us”, “our”) collects, uses, and protects personal data across the Halio platform (the “Platform”).

This Policy applies to all users of our services, including those accessing Halio directly or through a white-labelled version provided by a Licensee.

By using the Halio Platform, either directly or through a Licensee, you agree to this Privacy Policy.

2. Information We Collect

2.1 Log and Device Data

We collect log data automatically from your device when you access the Platform, which may include:

• Internet Protocol (IP) address
  
• Browser type and version
  
• Pages visited, features used, and time of access
  
• Device type, operating system, and unique identifiers
  
• Geo-location data (depending on device settings)
  

2.2 Account and Billing Data

When you register or subscribe, we may collect:

• Name
  
• Email address
  
• Company name
  
• Telephone number
  
• Billing address
  
• Payment information
  

2.3 Business and Operational Data

We collect information generated through your use of the Platform, such as:

• Uploaded or stored files
  
• Generated content and scheduled posts
  
• Comments and metadata
  
• Analytics, user profiles, and usage statistics
  

2.4 Support Data

If you contact us for support, we may collect communications, chat logs, and related metadata.

3. Legal Bases for Processing

We process your personal data under the following legal bases:

• Contract performance: To provide and maintain the Platform and services you request.
  
• Legitimate interests: To improve our services, secure the Platform, and manage operations.
  
• Consent: Where you specifically agree (e.g., to receive marketing).
  
• Legal obligations: To comply with UK legal and regulatory requirements.
  

4. How We Use Your Data

We collect, store, and process data to:

• Provide access to and operate the Halio Platform
  
• Process payments and manage accounts
  
• Communicate with you regarding your account or service
  
• Analyse usage to improve features and performance
  
• Provide marketing where lawful consent exists
  
• Comply with applicable laws and regulations
  

5. Disclosure of Personal Data

We may share personal data with third parties such as:

• IT and hosting providers (e.g., cloud storage, data centres)
  
• Payment processors
  
• Analytics and AI providers (for example, OpenAI for Halio’s AI features)
  
• Support tools (e.g., Gleap, Hotjar)
  
• Regulators or law enforcement, if required by law
  

White-Label Licensees: If you access Halio through a Licensee, the Licensee may also act as a Data Controller. Your personal data may be processed by both Halio (as Processor) and the Licensee (as Controller).

6. International Transfers

Personal data may be transferred outside the UK or EEA. Where this occurs, we ensure compliance with UK GDPR through safeguards such as:

• Standard Contractual Clauses (SCCs)
  
• Binding Corporate Rules
  
• Equivalent legal mechanisms
  

7. Roles and Responsibilities

• Direct Users: If you subscribe directly, Halio acts as the Data Controller.
  
• Licensees: If you access via a Licensee, the Licensee is your Data Controller and Halio acts as a Data Processor.
  
• End Users of White-Label: This Policy applies in addition to the Licensee’s own terms and privacy documentation.
  

8. Your Rights

Under UK GDPR, you may:

• Access your personal data
  
• Request correction of inaccurate or incomplete data
  
• Request erasure of data (“right to be forgotten”)
  
• Restrict processing
  
• Object to processing based on legitimate interests
  
• Request portability (data transfer to another controller)
  

To exercise these rights, contact us at support@halio.ai.

9. Data Security and Breaches

We implement industry-standard technical and organisational measures, including:

• Data encryption (in transit and at rest)
  
• Access controls and authentication
  
• Regular security audits and testing
  

In the event of a personal data breach, we will notify affected users and relevant authorities in accordance with legal requirements.

10. Cookies

We use cookies and similar technologies to collect usage data and enhance user experience. Please see our Cookie Policy for details.

11. Business Transfers

If Halio undergoes a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring party. Such use will remain consistent with this Privacy Policy.

12. Children’s Data

Our services are not intended for individuals under 18. We do not knowingly collect children’s personal data. If we become aware we have collected such data, we will delete it promptly.

13. Retention

We retain data for as long as necessary to fulfil the purposes outlined above, or to comply with legal obligations.

• On account closure: User Data is retained for 30 days to allow export.
  
• Backups: May persist for up to 90 days, then are overwritten.
  
• Data may be retained longer if required by law.
  

14. Compliance Checker and AI Features

Where you use Halio’s AI features or compliance checker, your inputs are processed for generating outputs or compliance suggestions. Results are indicative only.

You remain solely responsible for ensuring compliance with regulatory, legal, and company requirements. Neither AI features nor the compliance checker guarantee accuracy or compliance.

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated in-app or by email. Continued use of the Platform constitutes acceptance.

16. Contact

For questions about this Policy or your rights, contact: 📧 support@halio.ai