The safest way to protect your customers' data is to never hold it. So we don't. Halia looks at your customers only for the moment it takes to score them, and keeps no copy. There is no customer list sitting on our side to leak, lose, or be forced to hand over.


Halia connects to your store with read-only credentials. We can read orders and customers in order to score them. We cannot change, delete, refund, or place anything. The single secret we hold is that read-only key. Revoke it and Halia goes dark in the same moment.

When Halia scores your store, customers are processed in memory and never written to a Halia database. A scoring run lasts minutes, and when it ends the data is gone. Your data stays yours alone: we never pool it with other brands or reuse it as reference for anyone else.
Secrets are encrypted at rest, and every call to your store and your tools runs over encrypted, authenticated channels. The key that decrypts your store credential is held apart from the database, so a dump alone can never unlock it.
For your customer data you are the controller and Halia is your processor, acting only on your instructions.
Halia runs on Render, which is SOC 2 Type 2 and ISO 27001 certified and independently penetration-tested every year. We keep our subprocessor list short and share it on request.
Sign-in and scoring endpoints are rate-limited against abuse, our dependencies are monitored for known vulnerabilities, and customer data is kept out of our logs.
We provide a Data Processing Agreement and the profiling wording for your own privacy notice. Because no standing customer data lives with us, access and erasure requests are largely answered by the architecture itself.
Found something? Email us. We will acknowledge, work with you, and welcome good-faith research.
A walkthrough of what we hold, what we don't, and the controls in place. It runs itself, or click in and type help to poke around.
We can provide a data processing agreement and our subprocessor list on request.
Contact us →