Security First. Always.

We process millions of tokens daily. Our commitment to your data privacy and security is absolute.

Zero Training
We explicitly opt-out of model training. Your data never improves public models.
Encryption
AES-256 at rest. TLS 1.3 in transit. Keys rotated daily.
Isolation
Logical separation of tenant data with strict access controls.

Data Handling Practices

Data Privacy

  • No data is sold to third parties
  • Staff access is restricted and logged
  • Data retention is configurable (30-365 days)
  • Automated PII redaction available

Compliance

  • SOC 2 Type II Certified (In Progress)
  • GDPR & CCPA Compliant
  • HIPAA BAA Available (Enterprise)
  • Regular 3rd-party Pen Tests

Subprocessors

NamePurposeLocation
VercelHosting & Edge FunctionsGlobal
SupabaseDatabase & AuthUS East (AWS)
OpenAILLM ProviderUS
AnthropicLLM ProviderUS
StripePayment ProcessingGlobal

Security Contacts

If you believe you have found a security vulnerability in halltoo, please report it to our security team.

security@halltoo.com
PGP Key ID: 0x4A2B9C