Privacy policy.

• Run the core features — impulse score, hours-of-life conversion, history, savings.
• Authenticate you and keep you signed in across devices.
• Process Pro subscription payments and reflect billing status in the app.
• Send the transactional emails you opt into (cooling-off reminders + monthly summary).
• Enforce rate limits to keep the service available and our API bills predictable.

We use a small number of vendors strictly as data processors. Each only sees what it needs to do its job.

• We do not sell, rent, or share your data with advertisers, data brokers, or marketing partners.
• We do not train AI models on your purchase history.
• We do not run third-party analytics, ad pixels, or cross-site tracking.
• We do not look at your purchases unless you ask for support and reference them.

We send two kinds of emails to signed-in users who have them enabled:

• Cooling-off reminders— sent ~24 hours after you mark a purchase "thinking about it," asking if the impulse has passed.
• Monthly summary — sent on the first of each month with your prior-month totals (saved, skipped count, worst impulse score).

You can disable either at any time in Settings → Email preferences, or by clicking the unsubscribe link in any email. Unsubscribe links are cryptographically signed and valid for 90 days. Authentication emails (sign-up confirmation, password reset, email change confirmation) are required for account security and cannot be opted out of while you have an account.

If you are in the EU/UK (GDPR) or California (CCPA/CPRA), you have specific rights over your data. Halt honors these for all users regardless of location:

• Right to access — request a copy of the data we hold about you.
• Right to correction — fix anything inaccurate, directly in Settings or by emailing us.
• Right to deletion— see "Deleting your account" below.
• Right to portability — request your data in a machine-readable format.
• Right to object — opt out of email communications at any time.
• Right to non-discrimination— we won't charge you more or degrade your service for exercising any of these rights.

We do not "sell" or "share" personal information as those terms are defined under the CCPA/CPRA. To exercise any right above, email us at support@halt.money and we'll respond within 30 days.

You can delete your account from Settings → Danger zone. When you do:

• Your profile, purchase history, watchlist, and savings entries are deleted from our database.
• Your Supabase auth record is removed.
• Any active Pro subscription is canceled immediately via Stripe.
• Stripe retains your billing history per its own retention rules and applicable tax/financial regulations — we cannot delete that on your behalf.
• The deletion is irreversible.

Pro subscriptions are billed monthly ($2.99) or annually ($24.99) in USD via Stripe. You can cancel anytime from Settings → Manage subscription — this opens the Stripe customer portal. After cancellation, you retain Pro access until the end of your current billing period, then automatically revert to the free tier with all your data intact. We do not issue prorated refunds for cancellations mid-period.

We keep your account data for as long as you have an account. If you delete your account, your data is removed from our active database immediately. Backups are rotated and overwritten within 30 days. Rate-limit counters and request logs are kept for up to 90 days for security and operational debugging.

Data in transit is encrypted via TLS. Data at rest in Supabase is encrypted at the disk level. Row-Level Security policies ensure your data is only accessible to your own authenticated session — even our application servers cannot read another user's rows via the standard client. The Stripe webhook validates signatures to prevent forged billing events. Unsubscribe and cron-job tokens use HMAC-SHA256 with constant-time comparison. We cannot guarantee absolute security — no system can — but we follow industry-standard practices.

Halt is not directed at children under 13 (or 16 in the EU), and we do not knowingly collect data from anyone in that age range. If you believe a minor has signed up, contact us and we'll delete the account.

If we make material changes, we'll update the "last updated" date at the top of this page and — for changes that meaningfully expand how we use your data — send an email notice to active accounts. Continued use after a change means you accept the revised policy.