Privacy Policy

Last updated: February 10, 2026

1. Introduction

Halo Protocol ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our decentralized lending circle platform, website, smart contracts, APIs, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

Information You Provide

  • Wallet Address: When you connect your Solana wallet, we receive your public wallet address. This serves as your identity on the platform.
  • Profile Information: If you choose to set a display name or avatar, this information is stored in our database.
  • Contact Information: If you contact us via email or our contact form, we collect your name, email address, and message content.

Information Collected Automatically

  • Usage Data: We may collect information about how you interact with the Service, including pages visited, features used, and time spent on the platform.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • IP Address: Your IP address may be collected for rate limiting, security monitoring, and abuse prevention.
  • Cookies: We use essential cookies only. See our Cookie Policy for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your wallet connection and manage your session
  • Display your trust score, circle participation, and activity history
  • Process and record on-chain transactions (contributions, payouts, trust score updates)
  • Send notifications about circle deadlines and payouts
  • Monitor for fraudulent activity, abuse, and violations of our Terms of Service
  • Respond to your inquiries and support requests
  • Analyze usage patterns to improve the user experience and protocol performance
  • Comply with legal obligations

4. Blockchain Data

Halo Protocol operates on the Solana blockchain, which is a public, decentralized ledger. You acknowledge and understand that:

  • All transactions, including contributions, payouts, trust score updates, and governance votes, are recorded permanently on the Solana blockchain
  • Your wallet address, transaction history, and trust score are publicly visible to anyone inspecting the blockchain
  • On-chain data cannot be modified or deleted once confirmed by the network
  • We have no ability to remove or alter data recorded on the blockchain
  • Third parties may independently index, analyze, or display on-chain data associated with your wallet address

This is an inherent property of blockchain technology and is not specific to Halo Protocol. We encourage you to use a dedicated wallet for the Service if you wish to separate your Halo activity from other blockchain interactions.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase: Database hosting for off-chain metadata and user profiles
  • Vercel: Frontend hosting and serverless API infrastructure
  • Helius: Solana RPC and webhook services for on-chain event processing
  • Upstash Redis: Caching and rate limiting
  • Sentry: Error monitoring and performance tracking

Each of these services has its own privacy policy. We encourage you to review the privacy policies of these third-party providers. We share only the minimum data necessary for each service to function.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • HMAC-signed session tokens with timing-safe verification
  • Security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy) on all API responses
  • Rate limiting on API endpoints to prevent abuse
  • Webhook signature verification for all inbound webhooks
  • Encrypted data transmission via HTTPS/TLS
  • Wallet address verification on all authenticated API endpoints

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your off-chain data (note: on-chain data cannot be deleted)
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to certain processing of your data

To exercise any of these rights, contact us at privacy@haloprotocol.io. We will respond to your request within 30 days.

8. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verifiable parental consent, we will take steps to delete that information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

Additionally, because the Service operates on the Solana blockchain, which is a globally distributed network, on-chain data is replicated across validator nodes worldwide. This is inherent to blockchain technology.

10. Data Retention

We retain your off-chain data for as long as your account is active or as needed to provide the Service. If you request deletion of your account, we will delete your off-chain data within 30 days, except where retention is required by law.

On-chain data (transactions, trust scores, circle participation) is permanently stored on the Solana blockchain and cannot be deleted by us or any other party.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last updated" date.

Your continued use of the Service after any changes to this Privacy Policy constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Effective Date: February 10, 2026