Privacy Policy

1. Controller and scope

The controller responsible for processing personal data on these public pages is Haluande, reachable at [email protected].

This privacy policy covers the public Haluande website, public Shiftpilot product pages, the demo entry page, and the public contact and support messaging flow. It is not intended to be the final privacy notice for authenticated app usage or purely internal platform administration.

2. What data we process on the public site

2.1 Technical access data

When you open our pages, technically necessary connection and access data are processed. This may include IP address, date and time of access, requested URL, referrer, browser type, operating system, and HTTP metadata. These data are needed to deliver the website, maintain stability, and detect misuse.

2.2 Contact and support request data

If you use our public messaging form, we process the information you submit. This may include your name, email address, company name, employee count, topic, subject, message text, and optionally an existing ticket reference.

2.3 Browser storage for public and demo-related functions

Our public pages use technical browser storage, for example to remember the state of the cookie notice. In demo and preview contexts we may also use local or session storage for technical UI state, preferences, or synthetic demo state.

2.4 Accessing login pages

If you open the public Shiftpilot login page, external Google resources may be loaded to render the sign-in page or prepare Google-based sign-in. Productive app usage itself is described in a separate privacy notice.

3. Purposes and legal bases

We process personal data on our public pages for the following purposes:

• Providing the website and maintaining IT security under Art. 6(1)(f) GDPR.
• Handling contact, demo, and support requests under Art. 6(1)(b) GDPR where the request relates to pre-contractual communication or requested services, and additionally Art. 6(1)(f) GDPR.
• Technically storing browser preferences and notice states under Art. 6(1)(f) GDPR.

We do not use data collected through the public messaging flow for hidden advertising profiling, and we do not sell personal data.

4. Public contact and ticket handling

If you contact us through the public messaging flow, your request is not handled only as a plain email. It may also be processed as a ticket or ticket message inside our support workflow. Your submitted details may be stored in a database so we can track, answer, and connect follow-up communication to the same request.

This can include in particular:

• Saving the submitted form fields in the ticket system.
• Assigning your request to a new or existing ticket number.
• Sending internal email notifications to authorized recipients so the request can be handled.
• Documenting later follow-up messages if you contact us again about the same ticket.

Please do not send highly sensitive information through the public form unless it is strictly necessary for your request.

5. Cookies, local storage, and similar technologies

We do not currently use analytics, remarketing, or advertising cookies on the public site.

• Essential session cookies: may be used to maintain technically necessary session state.
• Local storage: we store the state of the public cookie notice in the browser so it does not need to be shown again on every page load.
• Demo and UI storage: public demo or preview areas may use additional local or session storage values for purely technical display state.

6. Recipients and external services

We only share personal data to the extent necessary to operate the public site or handle your request.

• Hosting and infrastructure providers: our public pages run on technical infrastructure operated on our behalf.
• Internal authorized recipients: public contact and support requests may be forwarded to internal inboxes or responsible team members so your message can be processed.
• Google services on login pages: when the Shiftpilot login page is opened, resources from Google may be loaded, especially for sign-in related functions. Google's own privacy information also applies at policies.google.com/privacy.

We do not currently embed advertising networks or traditional third-party analytics on the public site.

7. Retention periods

We do not keep personal data longer than necessary for the relevant purpose.

• Technical access data and sessions: are retained only as long as necessary for operation, stability, and security.
• Contact and ticket data: are kept as long as needed to handle the request and to maintain an appropriate support, evidence, or compliance record.
• Browser storage: remains on your device until removed through browser settings, manual deletion, or normal expiry behavior.
• Synthetic demo data: exist only for preview purposes and may be overwritten, reset, or removed at any time.

8. Security and development status

We use reasonable technical and organizational measures to protect public web and inquiry processes against unauthorized access, loss, or misuse. This includes transport encryption, access restrictions, and operational safeguards appropriate to the current development stage.

9. Your rights

Subject to the legal requirements, you have the following rights in particular:

• Right of access to personal data processed about you
• Right to rectification of inaccurate data
• Right to erasure or restriction of processing
• Right to data portability where applicable
• Right to object to processing based on legitimate interests
• Right to lodge a complaint with a competent data protection authority

To exercise your rights, contact us at [email protected].

10. Changes to this privacy policy

We may update this privacy policy if our public offering, legal requirements, or technical implementation changes in a material way. The current version published on this page applies.

11. Contact

Questions about privacy or this privacy policy can be sent to [email protected].

General product or support requests can be sent to [email protected] or through our public messaging page.