Privacy Policy
Halia is built so that we never hold your customers. This policy explains what we process, the little we store, the lawful bases we rely on, and the rights you have. It applies to our website, our application, and the scoring service we provide to retailers.
1. Who we are and how to contact us
Halia ("Halia", "we", "us", "our") provides hidden-VIC scoring software for retailers. Halia is a product of Midnight Lantern Technologies Ltd, a company registered in England and Wales (company number [company number]) with its registered office at [registered office address]. For any privacy question, request, or complaint, contact us at hello@haliascore.com. If you represent a merchant, your fastest route for any request relating to your own customers is usually through your own systems, since we do not hold a copy of them; see section 17.
2. Scope of this policy
This policy covers: (a) personal data of a merchant's customers that we process on the merchant's behalf to provide the service; (b) personal data of the merchants, their staff and account holders who use Halia; and (c) personal data of visitors to our website who request a demo, subscribe to updates, or contact us. It does not cover third-party sites or services that you connect to Halia or link out to, which have their own policies.
3. Our two roles: processor and controller
We act in two distinct capacities, and which one applies changes who is responsible:
- As a processor. For a merchant's customer data, the merchant is the data controller and Halia is a data processor. We process that data only to provide the service and only on the merchant's documented instructions, under the terms of our agreement and any applicable data processing terms.
- As a controller. For merchant account data, for the personal data of the people who administer a Halia account, and for website visitor and marketing data, we are the controller and this policy sets out how we handle it.
4. Customer data we process for merchants (and do not store)
To score a merchant's customers we read, in memory only, fields that may include name, email address, telephone number, billing and shipping address (including postcode and country), order totals, order counts and dates, currency, and payment method. We may also read or derive non-sensitive signals from this data, such as whether an email is a work or free address, or whether a postcode falls in a recognised high-value area.
This data is processed transiently to produce a score. It is held in volatile memory for the duration of a scoring run, typically a few minutes, and is then discarded. It is not written to any Halia database, data warehouse, log of personal data, or long-term store. We do not build a standing profile of any individual on our systems. For real-time order alerts, a single incoming order is scored in memory and the alert is sent, after which the order data is discarded in the same way.
5. Special category data
Halia does not seek to process special category data (such as data revealing health, racial or ethnic origin, religion, or sexual orientation) and is not designed to infer it. We process ordinary commercial and contact data. Merchants should not configure the service in a way that introduces special category data, and remain responsible as controller for the data they make available.
6. Account and business data we store
- The merchant's store URL and an encrypted, read-only API key or platform token.
- Merchant settings, such as the VIC threshold, latent-value benchmarks, email templates, and a sign-off name.
- A one-way hash of the private dashboard-link token used to authenticate access (we do not store the token itself).
- Web-push subscription endpoints, if a merchant opts in to browser notifications.
- Basic business contact details a merchant provides, such as a work email address and name.
- Billing and subscription records needed to operate the account.
This is business and account data, not a merchant's customer database. Secrets are encrypted at rest.
7. Website visitors, demos and marketing
If you request a demo, subscribe to updates, or email us, we process the details you provide, such as your name, work email, company, and message. We use these to respond to you, to provide the demo or updates you asked for, and to keep records of our communications. Our public marketing site is designed to run without advertising or cross-site tracking cookies; see Appendix A: Cookie Policy.
8. How we collect personal data
- Directly from you, when you contact us, request a demo, subscribe, or set up an account.
- From a connected platform, when a merchant authorises Halia to read their store through a read-only connection (for example their e-commerce or marketing platform).
- Automatically, in limited technical logs needed to run and secure the service, such as request metadata and error logs, which are not used to build customer profiles.
9. Why we use data and our legal bases
Where the UK GDPR or EU GDPR applies and we are the controller, we rely on the following bases:
| Purpose | Legal basis |
|---|---|
| Providing, operating and securing the service for merchants | Performance of a contract; legitimate interests in running a secure service |
| Authenticating access to a dashboard | Performance of a contract; legitimate interests in security |
| Responding to demo requests, enquiries and support | Legitimate interests; steps to enter into a contract |
| Sending product updates to subscribers | Consent, or legitimate interests for existing business contacts |
| Billing, accounting and tax | Performance of a contract; legal obligation |
| Preventing fraud, abuse and protecting our rights | Legitimate interests; legal obligation |
For customer data processed on a merchant's behalf, the merchant determines the legal basis as controller, and we act under a processor relationship and only on the merchant's instructions.
10. Scoring, automated processing and profiling
Halia scores customers using a heuristic engine. This is a form of profiling carried out on behalf of, and under the control of, the merchant. Scores are estimates and prompts for human attention; they are presented to a merchant's team to inform their own judgement and outreach. Halia does not use these scores to make decisions that produce legal or similarly significant effects on individuals on our own account. Merchants are responsible for how they act on scores and for meeting any transparency obligations to their customers.
The logic of the scoring. The score is built from wealth, work, and address facts: how much and how often a customer has bought, a recognised prime postcode or neighbourhood, and professional or company tells such as a work email domain. By default the engine does not use a customer's nationality, ethnicity, name, or the origin of their name as a scoring signal; those origin-proxy signals are switched off unless a merchant has documented its own lawful basis and asked us to enable them. The engine sorts by wealth facts, not by where someone is from.
A human always decides, and the effect only elevates. A score never makes an automatic decision about a customer, never sets a price, an offer, or eligibility, and never withholds a product or service. At most it leads a person at the merchant to offer more personal attention. Because a human is always in the loop and there is no legal or similarly significant effect, this profiling is intended to fall outside Article 22 of the UK GDPR. For merchants we provide a Data Processing Agreement, the profiling logic to include in their own privacy notice, and a DPIA and Legitimate Interests Assessment; see our Responsible profiling page.
11. Marketing and your choices
We only send marketing or product updates to people who have asked for them or who are existing business contacts, and every message includes a way to unsubscribe. You can opt out at any time by using that link or by emailing us. Opting out of marketing does not stop essential service messages, such as billing or security notices, to account holders.
12. Who we share data with
We do not sell personal data and we do not share a merchant's customer data with other brands or merchants. We disclose data only:
- to the subprocessors listed in section 13, who help us run the service under contract;
- to the tools a merchant explicitly connects, such as their own marketing platform, to which we push the scores and segments the merchant asks us to;
- to professional advisers, auditors, or a potential buyer in connection with a corporate transaction, under appropriate confidentiality and protection;
- where required by law, regulation, or valid legal process, or to protect our rights, users, or the public.
13. Subprocessors
We use a small number of providers to run Halia. Because we do not store customer data, our subprocessors do not receive a standing copy of it.
| Sub-processor | Purpose | Data processed | Region |
|---|---|---|---|
| Render (Render Services, Inc.) |
Cloud hosting and managed PostgreSQL: runs the Halia application and stores merchant account data and encrypted secrets. No merchant customer data is stored here. | Account & operational data; encrypted read-only credentials | UK/EU , region to be confirmed at launch |
| Stripe (Stripe Payments Europe, Ltd.) |
Subscription billing and payment processing for merchant accounts. | Merchant billing details (name, email, card handled by Stripe). Not shopper data. | EU / UK , entity & region to be confirmed |
| Brevo (Sendinblue SAS) |
Transactional and alert email: sign-in links, “your results are ready”, and order alerts. | Recipient email address and message content (no shopper profiles). | EU (France) |
| Platforms you connect (e.g. Shopify, BigCommerce, WooCommerce, Klaviyo, Mailchimp, HubSpot, Slack) |
Read your store at your instruction and, where you choose, receive the scores, segments, or alerts Halia sends. These operate under your account and their own terms. | As determined by you and the provider | Per the provider you choose |
We require appropriate confidentiality and security commitments from our sub-processors, and limit what each one receives to what it needs. The platforms in the final row are tools you choose to connect and control; they are your sub-processors, listed here for transparency.
How we handle changes to sub-processors
Before we add a new sub-processor, or materially change the category of data shared with an existing one, we will post the change here at least 30 days in advance and note it in the change history below. Merchants with a data processing agreement in place may object to a new sub-processor on reasonable data-protection grounds by writing to privacy@haliascore.com; if we cannot resolve the objection, you may terminate the affected service as set out in your agreement. To be notified of changes, email privacy@haliascore.com and ask to be added to the sub-processor notification list.
Sub-processor change history
| Date | Change |
|---|---|
| 3 July 2026 | Initial publication (Render, Stripe, Brevo, and connected platforms). |
Specific corporate entities, regions and data-residency arrangements are being finalised with our providers and counsel ahead of launch; cells marked to be confirmed will be completed then.
14. International data transfers
Where personal data is processed outside the UK or EEA, we rely on appropriate safeguards, such as the UK International Data Transfer Agreement or Addendum, the EU Standard Contractual Clauses, or an adequacy decision. Because we do not store customer data, the practical transfer footprint is limited to account and operational data.
15. How we protect data
- Zero-retention by design. Customer data is scored in memory and not stored, which removes the largest source of risk: a standing database to breach.
- Read-only access. Halia connects to a store read-only and cannot change, delete, or place an order.
- Encryption. Secrets are encrypted at rest, and connections to your store and your tools use encrypted, authenticated channels in transit.
- Access control. Dashboard access is by a private link authenticated against a one-way hash, and can be revoked and reissued at any time.
- Least data. We collect and keep as little as possible, and discard what we do not need.
No method of transmission or storage is completely secure, but we work to protect personal data using measures appropriate to the risk.
16. How long we keep data
| Data | Retention |
|---|---|
| Merchant customer data used for scoring | Not retained; held in memory only and discarded within minutes |
| Merchant account data and encrypted secrets | Kept while the account is active; deleted on disconnection or request, subject to legal duties |
| Billing and tax records | Kept for the period required by law |
| Marketing and enquiry records | Kept until you unsubscribe or ask us to delete them, plus a short record of the request |
| Technical and security logs | Kept for a limited period for operation and security |
17. Your privacy rights
Subject to applicable law, individuals have rights to access their personal data, to correct inaccurate data, to erase data, to restrict or object to processing, to data portability, and to withdraw consent where we rely on it. Where we make automated decisions you may have rights in relation to those, as described in section 10.
For a merchant's customers: because Halia does not store your data, requests such as access or erasure should be directed to the merchant who controls it. As there is no customer data stored with Halia, erasure on our side is satisfied by design, and we will assist the merchant as their processor where needed. For merchants and account holders: contact us to exercise rights over your own account data.
18. Exercising your rights and complaints
To make a request, email hello@haliascore.com. We may need to verify your identity and will respond within the time required by law. You also have the right to complain to a data protection authority. In the UK this is the Information Commissioner's Office (ico.org.uk); in the EEA it is your local supervisory authority. We would welcome the chance to address your concern first.
19. US state privacy rights
If you are a resident of California or another US state with privacy laws, you may have rights to know, access, correct, and delete personal information, and to opt out of its sale or sharing. Halia does not sell personal information and does not share it for cross-context behavioural advertising. Where Halia processes a merchant's customer data, it does so as a service provider or processor on the merchant's behalf and uses it only to provide the service. To exercise rights over data we control, contact us; we will not discriminate against you for doing so.
20. Children's data
Halia is a business tool and is not directed to children. We do not knowingly collect personal data from children. Merchants are responsible for the data they make available through their store.
21. Data breaches
We maintain measures to detect and respond to security incidents. If a personal data breach occurs that is likely to result in a risk to individuals, we will notify the relevant authority and, where required, affected controllers or individuals, without undue delay and in line with our legal obligations. Where we act as processor, we will notify the affected merchant promptly so they can meet their own obligations.
22. Changes to this policy
We may update this policy from time to time. We will change the "last updated" date above and, for material changes, take reasonable steps to notify account holders. Your continued use after a change takes effect indicates acceptance of the updated policy.
23. Contact
Questions or requests: hello@haliascore.com.
Appendix A, Cookie Policy
Halia uses as few cookies as possible. We run no advertising or cross-site tracking cookies in the application, and none on our marketing site by default.
What cookies are
Cookies are small text files a site stores on your device. Some are strictly necessary to make a service work; others are optional and need your consent. This section explains the few we use.
Cookies we use
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| halia_t | Strictly necessary | Holds your private access token so you stay signed in to the dashboard as you move between pages. Not used for tracking. | Session or short-lived |
The essential cookie is required to provide the service and cannot be switched off without losing access. We do not set analytics or advertising cookies in the application.
This marketing site
Our public marketing pages load a web font from Google Fonts to render type. No analytics or advertising cookies are set on these pages by default. If we add optional analytics in future, we will ask for your consent first and update this policy.
Third-party services
When you connect a platform to Halia or follow a link to a third-party service, that service may set its own cookies under its own policy. We do not control those cookies.
Managing cookies
You can clear or block cookies in your browser settings, and most browsers let you manage them per site. Blocking the essential cookie will sign you out of the dashboard and stop it from working.