PRIVACY POLICY
Effective Date: 24 July 2025
Last Updated: 24 July 2025
HaloShift LLC ("Figment," "we") is the data controller for personal information collected through Figment.
1. What We Collect & Why
| Category | Examples | Legal Basis (GDPR) | Purpose |
|---|---|---|---|
| Account Data | Name, email, Google ID | Contract (Art 6(1)(b)) | Create & manage your account |
| Payment Data | Billing name, ZIP; processed by Stripe | Contract; Legitimate Interest | Billing and fraud prevention |
| User Content | Prompts, uploads, generated media | Contract | Provide the Service |
| Usage Data | IP, device, browser, pages, cookies | Legitimate Interest | Analytics, security |
| Communications | Support emails, feedback | Consent / Legitimate Interest | Customer support, improve Service |
2. How We Use Data
- Operate, maintain, and improve Figment
- Process payments and fulfil transactions
- Send transactional messages and, with consent, marketing emails (opt‑out anytime)
- Personalize and develop new features
- Detect, investigate, and mitigate fraud, abuse, or security incidents
3. Cookies & Analytics
We use first‑party cookies and Google Analytics 4. You can reject non‑essential cookies via the cookie banner or browser settings; essential cookies are required for core functionality.
4. Sharing & Disclosure
We do not sell personal data. We disclose data only to:
- Service Providers (Stripe, Google Cloud, Amazon SES, analytics vendors) under data‑processing agreements;
- Law enforcement or regulators when legally required or to protect rights, property, or safety;
- A successor entity in connection with a merger, acquisition, or sale (notice will be provided).
5. International Transfers
Data is stored in the United States. We rely on Standard Contractual Clauses for transfers from the EEA/UK.
6. Data Retention
We retain personal data as long as (i) you have an active account, and (ii) required to comply with legal obligations or resolve disputes, then delete or anonymize it.
7. Security
We employ industry‑standard technical and organizational measures (encryption at rest & in transit, least‑privilege access, regular penetration testing). No system is 100% secure.
8. Your Rights
Depending on where you live, you may have rights to access, rectify, erase, port, or restrict processing of your personal data, and to object to certain processing. To exercise any right, email team@figment.video. We will respond within 30 days.
9. California Privacy Notice (CCPA)
We do not sell or share personal information as defined by the CCPA. California residents may request disclosure or deletion of their personal information using the methods above.
10. Children
The Service is intended for adults 18+. We do not knowingly collect data from children. Parents who believe we have inadvertently collected such data should contact us immediately.