Privacy Policy

This policy explains what personal data HaloTrack ("we", "us") collects, why we collect it, and the rights you have over it. We've tried to write it in plain English; if anything is unclear, email privacy@halotrack.ai.

1. Who we are

HaloTrack is the data controller for the personal data described in this policy. We operate the website at halotrack.ai and the HaloTrack dashboard service.

Contact: privacy@halotrack.ai

2. What we collect

2.1 Information you give us

• Waitlist applications: name, work email address, business type, approximate ad spend band, marketplace(s), and anything you choose to write in the notes field.
• Account information: when you become a user — name, email, business name, and login credentials for the HaloTrack dashboard (we never see or store your Amazon password).
• Correspondence: emails and messages you send us.

2.2 Amazon data you authorise

When you connect your account, you authorise read-only access via Amazon's official APIs. We then collect, on your behalf:

• Search Query Performance data (Selling Partner API): your brand's share of impressions, clicks and purchases per search term.
• Advertising data (Amazon Ads API): spend, clicks and attributed sales per campaign and search term.

This data relates to your business's commercial performance. We store it to build the historical record that is the core of the service. You can revoke our API access at any time from Seller Central.

2.3 Information collected automatically

• Usage data: pages visited, features used, approximate timestamps — used to improve the product.
• Technical data: IP address, browser type, device type — used for security and debugging.

3. Why we use it (and the legal bases)

• To provide the service — storing your SQP history, joining it to spend data, generating audits and alerts. Legal basis: performance of a contract.
• To process your waitlist application and contact you about it. Legal basis: legitimate interests / steps prior to a contract.
• To improve the product using aggregated usage patterns. Legal basis: legitimate interests.
• To send service emails (alerts, weekly audits, account notices). Legal basis: performance of a contract. Marketing emails are sent only with your consent and always have an unsubscribe link.
• To meet legal obligations such as accounting and tax record-keeping. Legal basis: legal obligation.

4. What we never do

• We never sell your data.
• We never share your account data with other HaloTrack users.
• We never make changes to your Amazon account — our access is read-only by design.
• Any future category benchmarks will use only aggregated, anonymised data from accounts that have explicitly opted in, in a form from which no individual business can be identified.

5. Who we share it with

Only with service providers (processors) we need to run HaloTrack — for example cloud hosting, database infrastructure, email delivery and payment processing (when paid tiers launch). Each is bound by a data processing agreement and processes data only on our instructions. We will publish a current list of subprocessors on request.

We may also disclose data if required by law, or as part of a business transfer (in which case this policy continues to apply to your data).

6. International transfers

We aim to host data in the UK/EEA. Where a provider processes data outside the UK/EEA, we rely on UK adequacy regulations or the appropriate standard contractual clauses.

7. How long we keep it

• Waitlist data: until your application is resolved, then up to 12 months in case capacity opens, unless you ask us to delete it sooner.
• Account and Amazon data: for as long as your account is active. If you disconnect or close your account, you can export your history first; we delete or anonymise your data within 90 days of a deletion request, except where law requires longer retention.
• Correspondence: up to 24 months.

8. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict, or object to our processing of your personal data, the right to portability, and the right to withdraw consent where consent is the basis. To exercise any of these, email privacy@halotrack.ai — we respond within one month.

You also have the right to complain to the Information Commissioner's Office (ico.org.uk), though we'd appreciate the chance to resolve any concern first.

9. Cookies

The marketing site uses only essential cookies and privacy-respecting analytics. The dashboard uses cookies necessary for login sessions. We do not use advertising cookies or cross-site tracking.

10. Security

Data is encrypted in transit and at rest. API credentials are stored encrypted, with access restricted and logged. No system is perfectly secure, but read-only scopes mean the worst-case exposure of our access is inherently limited — we cannot act on your Amazon account, and neither can anyone who compromised us.

11. Changes to this policy

If we make material changes we'll email account holders and update the date at the top of this page. Continued use after changes take effect constitutes acceptance.

12. Contact

Questions, requests, complaints: privacy@halotrack.ai