Privacy Policy

How Halaty handles personal and health data

This Privacy Policy explains what data Halaty collects, why it is used, who receives it, how long it is kept, and what choices you have.

Last updated: March 12, 2026
What this policy focuses on

Sensitive health records, uploaded files, AI-assisted processing, sharing links, subscription data, and account security.

Operational uses needed to provide the platform, secure accounts, process payments, and support users.

Your rights to access, correct, delete, and manage your data, subject to applicable law and operational requirements.

On this page
1. Scope of this Policy2. Data Halaty may collect3. How Halaty uses personal data4. Grounds for processing5. When data may be shared6. Sensitive health data and AI processing7. International transfers and third-party infrastructure8. Retention9. Your rights and choices10. Security11. Cookies, local storage, and similar technologies12. Privacy requests and complaints13. Changes to this Policy
Related pages
Terms & Conditions

The contractual rules for using Halaty and its subscriptions, sharing, and AI features.

Privacy questions or requests

support@halaty.com

Contact us

1. Scope of this Policy

This Privacy Policy applies to Halaty's websites, applications, hosted services, and other interactions where Halaty acts as the controller or operator of personal data.

Because Halaty is built for personal health records, some of the data you provide may include sensitive health information. Please do not upload or share data about another person unless you are authorized to do so.

In this Policy, "Halaty," "we," "us," and "our" refer to the operator making the Services available to you through the website, application, billing flow, or related notices.

2. Data Halaty may collect

  • Account and identity data, such as your name, email address, authentication identifiers, and security settings.
  • Profile and health data, such as dates of birth, medications, notes, lab information, diagnoses, imaging metadata, and family profile details that you enter or upload.
  • Files and media, including PDFs, images, DICOM files, thumbnails, and voice notes.
  • Sharing and access data, such as share links, expiration choices, password-protection status, download activity, and share access logs.
  • Billing and subscription data, such as plan selection, billing interval, subscription status, and billing-provider identifiers.
  • Support and communications data, such as messages you send to Halaty through contact forms or support channels.
  • Technical and usage data, such as device or browser details, session and authentication events, language preference, and product analytics necessary to operate and secure the Services.

3. How Halaty uses personal data

  • To create and manage accounts, authenticate users, and protect account security.
  • To store, organize, display, search, export, and share health records and related files at your direction.
  • To process uploaded documents, voice notes, and prompts using automation or AI-assisted features that you request.
  • To deliver subscriptions, process billing, detect abuse, enforce plan limits, and maintain service operations.
  • To respond to support requests, troubleshoot issues, improve reliability, and comply with legal or regulatory obligations.

5. When data may be shared

  • With service providers that help operate Halaty, such as hosting, storage, authentication, billing, analytics, support, email, or infrastructure providers. These may include providers such as Supabase, Whop, PostHog, Sentry, Resend, and approved infrastructure or AI providers.
  • With AI and automation providers or local processing infrastructure used to generate the extraction, organization, or chat features you request.
  • With people or organizations you choose to share records with, such as doctors, family members, or other viewers who receive a valid link or password.
  • When required to comply with law, protect rights, investigate abuse, or respond to lawful requests from authorities.

6. Sensitive health data and AI processing

Health records may contain sensitive personal data. When you use Halaty's AI-assisted features, parts of your files, metadata, or prompts may be processed by Halaty's AI stack or approved third-party providers to generate extraction, search, or chat responses.

You should review AI-generated outputs before relying on them. AI outputs may contain mistakes, omissions, or incorrect inferences.

7. International transfers and third-party infrastructure

Depending on how Halaty is configured, personal data may be stored or processed in multiple jurisdictions, including through cloud, billing, or AI providers. Halaty aims to use reasonable contractual, technical, and organizational safeguards for such processing.

8. Retention

Halaty may retain personal data for as long as needed to provide the Services, maintain account history, support sharing and billing records, resolve disputes, enforce agreements, secure the platform, and comply with legal obligations.

When retention is no longer necessary and deletion is permitted, Halaty may delete, anonymize, or de-identify data.

Backups, logs, security records, invoices, and audit trails may remain for a reasonable additional period where needed for restoration, fraud prevention, security, dispute resolution, or legal compliance.

9. Your rights and choices

  • Access and review the data in your account.
  • Correct or update profile details and health records that you control.
  • Delete content, close your account, or request deletion where applicable.
  • Manage share links, passwords, and sharing permissions directly inside the product.
  • Contact Halaty to ask questions, exercise applicable privacy rights, or withdraw consent where processing depends on consent.
  • Halaty may request information reasonably necessary to verify identity, authority, or account ownership before fulfilling a privacy request, and some requests may be limited by law, security needs, or the rights of others.

10. Security

Halaty uses technical and organizational measures intended to help protect personal data. However, no system is perfectly secure, and Halaty cannot guarantee absolute security.

11. Cookies, local storage, and similar technologies

Halaty may use cookies, secure session mechanisms, local storage, and similar technologies to keep you signed in, remember language preference, maintain application state, improve security, and understand service usage.

12. Privacy requests and complaints

To submit a privacy question, request, or complaint, contact Halaty at support@halaty.com and include enough detail for us to identify the relevant account or records and respond appropriately.

13. Changes to this Policy

Halaty may update this Privacy Policy from time to time. The latest version will be posted on this page with an updated effective date.