Privacy Policy
Your privacy matters to us. This policy explains how we collect, use, and protect your information.
Last updated: January 29, 2025
Introduction
Halyard Labs Pty Ltd ("Halyard," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, which connects AI agents to human experts via integrations like Slack and MCP (Model Context Protocol).
By using Halyard, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.
Information We Collect
Account Information
When you create an account, we collect:
- Name and email address
- Organization name and details
- Payment information (processed securely by our payment provider)
- Profile information you choose to provide
Integration Data
When you connect third-party services, we collect:
- Slack workspace information, user profiles, and channel data necessary for routing questions to experts
- OAuth tokens and credentials required to maintain integrations
- MCP connection data for AI agent communication
Conversation Data
To provide our service, we collect and process:
- Questions submitted by AI agents
- Responses provided by human experts
- Conversation metadata (timestamps, participants, response times)
- Knowledge summaries created from expert responses
Usage Data
We automatically collect information about how you interact with our service, including device information, IP addresses, browser type, pages visited, and features used. This helps us improve our platform and provide support.
How We Use Your Information
We use collected information to:
- Provide our services: Route questions to appropriate experts, deliver responses to AI agents, and build your organization's knowledge base
- Improve the platform: Analyze usage patterns, identify issues, and develop new features
- Communicate with you: Send service updates, security alerts, and support messages
- Process payments: Handle billing and invoicing for paid plans
- Ensure security: Detect and prevent fraud, abuse, and security threats
- Comply with legal obligations: Meet regulatory requirements and respond to lawful requests
We do not sell your personal information to third parties.
Data Sharing and Disclosure
We may share your information in the following circumstances:
Within Your Organization
Conversation data and knowledge summaries are shared with members of your organization as configured in your settings. Administrators can control access permissions.
Service Providers (Sub-processors)
We work with trusted third-party providers who assist us in operating our platform. The following is a list of our current sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Anthropic | AI/LLM processing for intelligent question routing and response generation | United States |
| Vercel | Application hosting and edge deployment | United States |
| Supabase | Database hosting and authentication services | United States |
| Fly.io | Application hosting and compute infrastructure | United States |
| Slack | Messaging platform integration for expert communication | United States |
These providers are contractually obligated to protect your data and use it only for the services they provide to us. We maintain data processing agreements with each sub-processor that include appropriate safeguards for your information.
Legal Requirements
We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Data Security
We implement industry-standard security measures to protect your information:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Regular security assessments and penetration testing
- Access controls and authentication requirements
- Monitoring and logging of system access
- Employee security training and background checks
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any incidents.
Data Retention
We retain your information for as long as your account is active or as needed to provide services. Specifically:
- Account data: Retained until account deletion, then removed within 30 days
- Conversation data: Retained according to your organization's configured retention policy
- Knowledge summaries: Retained until explicitly deleted by your organization
- Usage logs: Retained for up to 12 months for security and analysis purposes
- Billing records: Retained as required by law (typically 7 years)
You may request deletion of your data at any time, subject to legal retention requirements.
Your Rights
Depending on your location, you may have certain rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Portability: Request your data in a structured, machine-readable format
- Restriction: Request that we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdrawal: Withdraw consent where processing is based on consent
To exercise these rights, contact us at privacy@usehalyard.ai. We will respond within 30 days.
Cookies and Tracking
We use cookies and similar technologies to:
- Essential cookies: Enable core functionality like authentication and security
- Analytics cookies: Help us understand how visitors use our platform
- Preference cookies: Remember your settings and preferences
You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.
International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant authorities, to protect your data during international transfers.
Children's Privacy
Halyard is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of Halyard after changes become effective constitutes acceptance of the revised policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@usehalyard.ai
- General inquiries: info@usehalyard.ai