Hallon AI

Privacy Policy

Last updated: January 1, 2026

Data Controller

Hallon.AI

22 Swindon Road, Horsham, West Sussex, RH12 2HD

United Kingdom

Data Protection Contact: legal@hallon.ai

1. Introduction

Hallon.AI ("we," "our," or "us") is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered retail merchandising platform.

2. Information We Collect

2.1 Account Information

When you register for our service, we collect:

  • Name: Your full name for account identification
  • Email address: For account access, notifications, and communication
  • Company name: To associate your account with your organization
  • Job title: To understand your role and customize the experience

2.2 Business Data

To provide our AI-powered services, you may upload business data including:

  • Transaction and sales data
  • Inventory and product information
  • Pricing and cost data
  • Competitor pricing information
  • Strategic documents and policies

2.3 Technical Data

We automatically collect:

  • HTTP-only cookies: Essential for session management and security
  • Usage analytics: Via Google Analytics to understand how you use our service
  • Log data: IP addresses, browser type, and access times for security and troubleshooting

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI-powered services
  • Train AI models specific to your organization (not shared with other customers)
  • Generate personalized pricing, forecasting, and merchandising recommendations
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage patterns to improve the service
  • Protect against fraud, unauthorized access, and abuse

4. Data Storage and Security

4.1 Data Location

Your data is stored on Google Cloud Platform (GCP) infrastructure in the europe-west2 (London) region, ensuring your data remains within the UK/EU jurisdiction.

4.2 Database

We use Google Cloud SQL PostgreSQL as our primary database, providing enterprise-grade reliability, automated backups, and high availability.

4.3 Encryption

We implement comprehensive encryption:

  • Data in transit: TLS 1.3 for all API calls and data transfers
  • Data at rest: AES-256 encryption for all stored data
  • Database: Encrypted at the storage layer
  • Backups: AES-256 encryption for all backup data

4.4 Access Controls

We implement role-based access controls, multi-factor authentication, and regular security audits to protect your data.

5. AI Processing and Data Use

5.1 Customer-Specific Models

When we train AI models on your data, those models are specific to your organization. Your data is never used to train models for other customers.

5.2 Data Isolation

Your data is strictly isolated from other customers through technical and organizational measures. Each customer environment is logically separated with dedicated encryption keys.

5.3 Third-Party AI Services

We may use third-party AI services (such as OpenAI or Anthropic) to power certain features. When doing so:

  • We send only the minimum data necessary for the specific request
  • Data is transmitted securely and processed according to our data processing agreements
  • These providers are contractually prohibited from using your data for their own purposes

6. Data Retention

We retain your information according to the following schedule:

  • Active accounts: Data retained for the duration of your subscription, up to 3 years of historical data
  • After termination: Data deleted within 30 days of contract termination
  • Legal requirements: Certain data may be retained longer if required by law
  • Anonymized data: May be retained indefinitely for statistical analysis

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your consent: When you explicitly authorize sharing
  • Service providers: Third parties who assist in operating our service (under strict data processing agreements)
  • Legal obligations: When required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

8. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Request your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: Request human review of automated decisions

To exercise any of these rights, please contact us at legal@hallon.ai. We will respond within 30 days.

9. Cookies

9.1 Essential Cookies

We use HTTP-only session cookies that are strictly necessary for the operation of our service. These cookies:

  • Maintain your login session
  • Ensure security of your account
  • Cannot be disabled as they are essential for service functionality

9.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our website and service. These cookies help us improve the user experience. You can opt out of analytics cookies through your browser settings or by using the Google Analytics opt-out browser add-on.

10. International Data Transfers

Your data is primarily stored in the UK (europe-west2). If data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Adequacy decisions where applicable
  • Binding Corporate Rules for service providers

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Sending email notification for significant changes
  • Updating the "Last updated" date

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: legal@hallon.ai
Address: 22 Swindon Road, Horsham, West Sussex, RH12 2HD, United Kingdom

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.