HLOS Privacy Policy

Effective Date: January 2026

Version: 1.0.1

Last Updated: January 2026

1. Introduction

This Privacy Policy explains how HLOS collects, uses, discloses, and protects information when you use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account info: name, email, organization details, login method, MFA enrollment artifacts (e.g., passkey registration, TOTP enrollment state).
  • Secrets & config: secret values you store, labels/tags, access policies you configure.
  • Payments: billing info and payment method details processed by our payment processor (we do not store full card numbers).
  • Communications: support requests, feedback, surveys.
  • Agent registration: agent identifiers, public keys, permission configs.

2.2 Automatically Collected

  • Usage data: features used, timestamps, API calls and parameters (excluding secret values).
  • Device/connection: IP address, user agent, OS, browser.
  • Security events: auth attempts, session metadata, anomaly detections.
  • Cookies: session and security cookies; optional analytics cookies where enabled.

2.3 From Third Parties

  • Identity providers: if you use OAuth, we may receive basic profile details.
  • Payment processors: transaction status.
  • Partners/operators: attribution signals (e.g., that you attended or joined via a partner program), not secret values.

3. How We Use Information

We use information to operate the Service, secure accounts, prevent fraud/abuse, process payments, communicate service updates, and improve the Service (often using aggregated or de-identified data).

4. How We Handle Secrets

  • Secrets are encrypted at rest and in transit.
  • We do not use secret content for advertising.
  • We do not use secret content to train machine learning models.
  • We log access metadata (who/when/what), not secret values, in standard logs. Limited access to secret values may occur only to deliver the Service or with explicit authorization (e.g., support), and is logged.

5. How We Share Information

We do not sell personal information. We share information with:

  • Service providers/subprocessors (hosting, auth, payments, email delivery, analytics if enabled) under contract.
  • Infrastructure providers as needed to provision Marketplace resources.
  • Partners/operators only for attribution and aggregated metrics (not secrets).
  • Legal/compliance as required by law, or to protect rights and safety.
  • Business transfers in merger/acquisition contexts.

A current subprocessor list is maintained at hlos.ai/legal/subprocessors.

6. Retention

We retain data as needed for service delivery and compliance. Typical retention:

  • Account info: duration of account + a reasonable period after deletion
  • Secrets: until deleted by you (subject to backups)
  • Usage logs: limited period, then aggregated/de-identified where feasible
  • Security/audit logs: retained for security/compliance needs (which may be multi-year for enterprise/compliance customers)
  • Billing records: retained as required by law

7. Cookies and Analytics

We use essential cookies for authentication and security. We may use analytics tools to understand usage. Where required, you can control analytics cookies via cookie controls or account settings. We honor legally required opt-out signals where applicable.

8. Your Rights

Depending on location, you may request access, correction, deletion, portability, and opt-out of marketing. Contact privacy@hlos.ai.

9. California Notice (CCPA/CPRA)

We do not sell personal information or share it for cross-context behavioral advertising. California residents may exercise rights via privacy@hlos.ai.

10. European Notice (GDPR/UK)

Where applicable, we process personal data under contract performance, legitimate interests (security, fraud prevention, improvement), legal obligations, and consent (certain marketing). Transfers may occur to the U.S. using appropriate safeguards (e.g., SCCs) where required. Contact admin@hlos.ai.

11. Security

We use safeguards designed to protect your information, including encryption, access controls, and monitoring. No method of transmission/storage is 100% secure.

12. Children

The Service is not intended for children under 18.

13. Changes

We may update this Privacy Policy and will provide notice of material changes.

14. Contact

admin@hlos.ai

HLOS, Inc. | 923 Kelley Court, Lafayette, CA 94549

← Back to Home