Privacy Policy
We believe privacy is a fundamental right. Our systems are built from the ground up with a "privacy-by-design" architecture to ensure your organizational data remains yours alone.
1. Information We Collect
Hala AI collects only the minimum necessary information required to provide our enterprise AI services. This includes:
- Account Information: Name, professional email, and organizational role.
- Interaction Data: Transcripts of AI-driven voice or text interactions.
- Metadata: IP addresses and device identifiers for security logging.
2. How We Use Your Data
“Your data is used exclusively to refine the performance of your specific organizational AI instance. We never sell, rent, or lease your private data to third-party advertisers.”
Usage is limited to processing requests, improving model accuracy for your specific use-case, and providing technical support upon request.
3. Data Storage & Security
Encrypted at Rest & In Transit
All call recordings and transcriptions are encrypted using AES-256 standards. Keys are managed through HSM-backed services to ensure maximum isolation.
4. HIPAA Compliance
Hala AI is fully HIPAA compliant. For healthcare providers, we enter into Business Associate Agreements (BAA) to ensure PHI (Protected Health Information) is handled with the highest regulatory rigor.
5. Regional Compliance (KVKK & PDPL)
KVKK (Turkey)
Local data residency options are available in Istanbul for Turkish institutions needing strictly local storage.
PDPL (KSA)
Compliant with the Saudi Personal Data Protection Law, ensuring data localization for critical infrastructure.
6. Your Rights
Right to Access
You may request a copy of all data we hold regarding your organization.
Right to Erasure
Request permanent deletion of interaction logs and account metadata.
Right to Object
Opt-out of specific data processing activities that are not core to service delivery.
Need a Data Processing Agreement?
Our legal team can provide standard DPAs for enterprise clients.