Privacy Policy

Hallify may act as a controller for account, website, support, security, billing, and marketing data. Hallify may act as a processor for operational data entered into a venue workspace by the venue or its authorized users.

Venue-controlled data can include guest, staff, reservation, waitlist, order, payment, inventory, schedule, tip, payroll setting, audit, and analytics records.

• The venue decides why and how most workspace data is used.
• Hallify processes workspace data to provide, secure, support, and improve the service.

Hallify account data may include name, email, mobile number, password authentication records, verification events, venue memberships, roles, profile updates, support messages, and security logs.

Hallify uses this data to create accounts, authenticate users, manage access, deliver verification messages, provide support, prevent abuse, and communicate about the service.

Venue workspaces can contain rooms, tables, menu items, recipes, ingredients, suppliers, purchase orders, stock movements, kitchen stations, POS registers, receipts, analytics, and configuration settings.

This data is used to run the venue workspace, calculate operational summaries, maintain audit trails, route tasks to the right roles, and help managers understand the business.

Guest data may include names, phone numbers, email addresses, reservation history, waitlist status, table sessions, preferences, allergies, tags, notes, lifecycle status, duplicate/merge history, and consent status recorded by the venue.

Staff data may include profile details, positions, schedules, availability, time clock events, corrections, approvals, pay rates, payroll rules, tip sources, tip allocation records, payouts, and reports.

• Kitchen views are designed not to expose guest phone, email, or private CRM notes.
• Venues are responsible for using guest and staff data lawfully and for honoring employment, labor, privacy, and consumer obligations that apply to them.

Hallify records order totals, payment methods, payment status, refunds, corrections, receipts, register activity, and manager-facing history. Hallify should not store full payment card numbers in normal product fields.

Bug reports can include the reporter email, message, venue id, page URL, browser user agent, authenticated user context, hashed source IP, fingerprint, duplicate count, and status.

• Audit logs record role-sensitive actions so venue owners and managers can review operational changes.
• Bug-report abuse controls use throttling, deduplication, and hashed IP signals before records are created or grouped.

Hallify uses essential cookies for authentication, session protection, locale selection, and theme preference. Optional analytics cookies are used only after consent.

Google Analytics may help Hallify understand public page usage and improve onboarding, but it is not loaded until analytics consent is granted.

Hallify may share data with service providers that host the application, store databases, send verification messages, process analytics after consent, provide support tooling, or help operate the service.

Data may be processed in countries different from the user, venue, staff member, or guest location. Transfer mechanisms, regional notices, and provider commitments must be finalized before launch.

• Hallify does not sell venue workspace data as a data broker product in this draft model.
• A current subprocessor draft is available on the Subprocessors page.

Hallify keeps data for as long as needed to provide the service, maintain security, preserve audit integrity, comply with legal obligations, resolve disputes, and support venue operations.

Users, venue owners, staff, guests, and other data subjects may contact Hallify for access, correction, deletion, anonymization, export, objection, restriction, or privacy help. Some requests may need to be handled by the venue as the controller of workspace data.

• Guest profiles can support anonymization workflows where operational history must remain but direct identifiers should be removed.
• Requests should be sent to hello@hallify.co with enough context to identify the account, venue, and data subject.