Privacy Policy

Last updated: April 18, 2026

HALO ("we," "us," or "our") is a reputation management software service operated by Shermar Trades LLC ("the Company"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our web application (the "Service") available at halocrm.app.

We are committed to protecting your privacy and complying with applicable data protection laws including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

1. Information We Collect

Information you provide directly

Account information: name, email address, business name, phone number, billing address
Payment information: processed through Stripe; we do not store full credit card numbers on our servers
Communications: messages you send us through support channels

Information collected via Google OAuth

When you connect your Google Business Profile to HALO, you authorize us via OAuth 2.0 to access specific data from your Google account. The scopes we request and the data we access are:

business.manage — required to read your Google Business Profile location data, fetch customer reviews, and post owner responses you approve

We only access Google Business Profiles that you explicitly connect and have verified ownership of through Google. We do not access data from any other Google product (Gmail, Drive, Calendar, etc.).

Information collected automatically

Log data (IP address, browser type, timestamps, pages viewed)
Cookies and similar tracking technologies for essential functionality

2. How We Use Your Information

Provide, maintain, and operate the Service
Fetch and display your Google Business Profile reviews in the HALO dashboard
Generate AI-assisted draft responses to reviews (you retain full control and approval before any response is posted)
Post owner responses to your Google Business Profile only after you review and approve them
Process billing and subscription payments via Stripe
Send service announcements and transactional emails
Respond to support inquiries
Detect, prevent, and address fraud or abuse

We do not sell your personal information. We do not share review data or Business Profile information with third parties for their marketing purposes.

3. How We Share Information

We share information only in these limited circumstances:

With Google: to fulfill the actions you authorize through the Google Business Profile API (e.g., posting a response you approved)
Service providers: Stripe (billing), Netlify (hosting), OpenAI/Anthropic (AI response generation — only the review text is shared, never your account credentials), email delivery services. These parties are bound by contractual confidentiality obligations.
Legal compliance: if required by law, subpoena, or valid legal process
Business transfers: in connection with a merger, acquisition, or sale of assets, with continued protection of your data

4. Google API Services User Data Policy Compliance

HALO's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We use Google user data only to provide or improve user-facing features that are prominent in HALO
We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale with notice to users
We do not use Google user data for serving advertisements
We do not allow humans to read Google user data unless you give us explicit consent for specific data, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and used for internal operations

5. Data Retention

We retain your account information and review data for as long as your account is active. If you close your account, we delete your data within 90 days, except where retention is required by law (e.g., financial records) or necessary to resolve disputes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you
Correct inaccurate or incomplete information
Request deletion of your personal information
Export your data in a portable format
Revoke HALO's access to your Google account at any time via your Google Account permissions page
Opt out of marketing communications
Lodge a complaint with a data protection authority

To exercise any of these rights, email us at privacy@halocrm.app.

7. Data Security

We use industry-standard security measures including HTTPS/TLS encryption for data in transit, encrypted database storage, OAuth 2.0 for Google authentication, and access controls for our team. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

HALO is a B2B service intended for business owners. We do not knowingly collect information from children under 13.

9. International Users

HALO is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 7 days before taking effect.

11. Contact Us

Questions about this Privacy Policy can be sent to:

Shermar Trades LLC
Attn: Privacy
1828 Ashley Rd
Philadelphia, PA 19126
United States
Email: privacy@halocrm.app