Privacy Policy

1. Information We Collect

2. How We Collect Information

• --Directly from you -- when you create an account, fill out your profile, enter deal information, or subscribe to our mailing list
• --From content you paste or upload -- when you submit text from brand messages or upload screenshots for AI extraction
• --Automatically -- analytics events, device information, and IP address are collected automatically when you use the Service

3. How We Use Your Information

• --Service operation -- to provide, maintain, and improve the platform
• --AI processing -- to extract deal details from text and images and to score deals across six factors
• --Push notifications -- to send deadline reminders, deal status updates, and NIL Go compliance alerts
• --Compliance export -- to format your deal data for disclosure to platforms such as Opendorse, INFLCR, and NIL Go
• --Analytics -- to understand feature usage and improve the Service using anonymized, aggregated data
• --Marketing emails -- to send NIL tips and product updates to subscribers who have opted in
• --Support -- to respond to your questions and troubleshoot issues
• --Legal compliance -- to meet legal obligations, enforce our terms, and protect the rights and safety of our users

4. AI & Automated Processing

When you paste text or upload a screenshot, the content is sent to the Anthropic Claude API for processing. The AI extracts structured deal details (brand name, amount, deliverables, deadline) from unstructured messages. Deals are also scored across six weighted factors: Payment Fairness, Deliverable Clarity, Timeline Realism, VBP Risk, Red Flags, and RoC Risk.

All AI-generated results are fully editable. You can modify any extracted field or override any score. No fully automated decisions with material effect are made without your review and action.

Per Anthropic's data usage policy, inputs sent to the Claude API are not used to train their models.

5. Third-Party Services

We use the following third-party services to operate the platform. Each service processes only the data necessary for its purpose:

6. Data Security

We take the security of your data seriously and implement multiple layers of protection:

• --Encryption at rest -- source content (pasted text from DMs/emails) is encrypted using AES-256-GCM before storage
• --Password hashing -- passwords are hashed with bcrypt and never stored in plain text
• --Row-Level Security -- database access controls ensure users can only access their own data
• --HTTPS/TLS -- all data in transit is encrypted via TLS
• --Security headers -- HSTS, X-Frame-Options, Content-Type-Options, XSS Protection, and restrictive Referrer and Permissions policies
• --Rate limiting -- sliding-window rate limits protect against abuse on login, signup, AI processing, and public tool endpoints
• --Signed URLs -- file access uses signed URLs with 24-hour expiry
• --JWT security -- mobile authentication tokens are invalidated when passwords are changed

7. Data Sharing -- What We Don't Do

We do not sell your personal information. We do not share your data with advertisers. We do not use your data for ad targeting. We do not provide your data to data brokers.

The only third parties that receive your data are the service providers listed in Section 5 above, and only to the extent necessary to operate the Service. We do not share your deal data, personal information, or usage patterns with any other party unless required by law.

8. Data Retention & Deletion

To delete your account, visit the Profile page in the app or email support@hauldin.com.

9. Your Privacy Rights

10. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. Users between the ages of 13 and 17 may use the Service only with verifiable parental or guardian consent. If you are a parent or guardian and believe your child has provided us with personal information without your consent, contact us at privacy@hauldin.com.

11. Cookies & Local Storage

We use minimal cookies and local storage, limited to what is necessary for the Service to function:

• --Authentication session cookie -- essential for keeping you logged in (strictly necessary, not optional)
• --Theme preference -- stored in localStorage to remember your light/dark mode choice
• --Onboarding flag -- stored in localStorage to track whether you have completed the onboarding flow
• --Vercel Analytics -- anonymized, privacy-friendly analytics with no PII tracking

We do not use third-party tracking cookies, advertising cookies, or cross-site tracking of any kind.

12. Do Not Sell My Personal Information

HAUL'D does not sell your personal information as defined under the California Consumer Privacy Act (CCPA) or any other applicable state privacy law. We have never sold personal information, and we have no plans to do so. If this ever changes, we will provide you with an opt-out mechanism before any sale of personal information occurs and will update this policy accordingly.

13. Changes to This Policy

For material changes to this Privacy Policy, we will provide at least 30 days' notice via the email address associated with your account before the changes take effect. Non-material changes (such as formatting corrections or clarifications) may be made without prior notice. The "Effective date" at the top of this page will always reflect the date of the most recent version. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact

For privacy-related inquiries, data requests, or to exercise your privacy rights, contact us at privacy@hauldin.com.

For general support, contact us at support@hauldin.com.