Privacy Policy

Last updated: 10 May 2026

This Privacy Policy explains what data haluguard ("we", "us") collects, how we use it, and what rights you have. We have designed the Service to minimize the personal data we hold.

1. Data we collect

What	Why	Retention
Email address	Provided during Stripe checkout. Used to send you your API token and billing receipts.	Until subscription deletion + 12 months for tax records
Stripe customer / subscription IDs	To map your account to your billing record.	Until subscription deletion + 12 months
API token + last-used timestamp	To authenticate your API requests and detect unused tokens.	Until you cancel; revoked immediately on cancellation
API request metadata (timestamp, latency, verifier outcomes)	To monitor service health and bill against your quota.	30 days rolling
Text submitted to /v1/check	Verified in-process. Not stored beyond the request unless you have explicitly opted into a debug feature.	Not retained

2. Data we do NOT collect

• We do not store the text you submit to the API. Each request is processed and discarded.
• We do not store your card details. Stripe handles all payment processing.
• We do not use cookies for tracking or analytics on the API endpoints.

3. Third-party processors

To run the Service we share limited data with the following processors:

• Stripe — payment processing (your email, payment method, Stripe customer ID). See Stripe's privacy policy.
• Railway — hosting infrastructure for the API and database. See Railway's privacy policy.
• Hostinger — DNS provider for haluguard.com. They do not have access to user data.
• Public reference APIs — for verification, the Service queries public data sources (Wikidata, SEC EDGAR, World Bank, Frankfurter ECB). Only the extracted claim (not your prompt) is sent. These services do not receive personal data.

4. Your rights

You may at any time:

• Request a copy of the personal data we hold about you
• Request correction or deletion of your account data
• Cancel your subscription, which automatically revokes your tokens and stops further data collection

For any of these requests, email support@haluguard.com. We respond within 30 days.

5. Security

The Service is served over TLS. API tokens are stored in a managed Postgres database with access restricted to the Service. Tokens use 128 bits of entropy and are validated server-side on every request.

6. Children

The Service is not intended for children under 13 (or under 16 in jurisdictions that require it). We do not knowingly collect data from children.

7. International transfers

The Service is hosted in the United States (Railway US East). If you are accessing from outside the US, your data is transferred to and processed in the US.

8. Changes

If we materially change how we handle data, we will notify you by email at least 14 days before the change takes effect.

9. Contact

Privacy questions: support@haluguard.com.

← Back to haluguard.com