Privacy Policy

This Privacy Policy explains how Golden Hour Group, LLC ("Golden Hour," "Haylo," "we," "us," or "our") collects, uses, shares, and otherwise handles personal information in connection with HayloFriend.com and the related websites, applications, public thank-you pages, creator tools, payment and payout features, embedded experiences, emails, and services we make available (collectively, the "Service").

This policy applies when you visit the Service, create or use an account, publish a public page, send or receive gratitude, connect payout details, contact us, or otherwise interact with Haylo. It does not govern third-party services that have their own privacy notices, including Stripe, Google, or other providers when you interact with them directly.

The information you provide depends on how you use the Service. We may collect the following categories of information when you submit them to us or through the Service:

• Account and profile information, such as your email address, display name, first name, handle or slug, avatar or profile image metadata, and related account details.
• Creator and public-page information, such as links, creator items, notes, pricing or cadence information, public profile content, and other content you choose to publish or submit.
• Payment and gifting inputs, such as recipient email address, and where enabled recipient phone number, gift amount, sender note, claim token, creator slug, and other transaction-related information you enter.
• Haylo Guide application and review information, such as social links, audience description, follower count, published proof URL, phone number, review acknowledgments, application status, approval tier, extension requests, and founder review decisions.
• Payout and onboarding information provided through Stripe Connect Express, such as legal name, date of birth, address, tax information, payout method details, and other verification or compliance information collected by Stripe or shared with us as needed to support the Service.
• Support and feedback information, such as your name, email address, message content, support category, and any information you include in communications with us.
• Other information you choose to provide in emails, support tickets, replies, surveys, product feedback, or other direct interactions.

We also receive information from third parties that help us operate the Service. Depending on your use of Haylo, this may include:

• Authentication providers. If you use Google sign-in, we receive account data needed to authenticate you and create or maintain your Haylo account, such as your email address and profile metadata made available through that login flow.
• Stripe and financial providers. We receive payment, payout, connected-account, verification, fee, balance, dispute, and transaction-status information from Stripe and related financial institutions to process payments, support payouts, reconcile ledgers, operate Connect Express features, and manage risk and compliance.
• Service providers and infrastructure partners. We use providers for authentication, application database functions, hosting, email delivery, and related operations. Examples in the current stack include Stripe, Google sign-in if you choose Google auth, Supabase for authentication and application data infrastructure, and email delivery providers we use for transactional mail and support acknowledgments.
• Public or linked sources. If you publish a public page, embed a Haylo experience, or otherwise make content publicly accessible, we may receive access, referral, and interaction information associated with those surfaces.
• Retailer and affiliate-network reporting. If an affiliate or recommendation link leads to a qualifying purchase, we may receive reporting from the retailer or network needed to reconcile commissions. We do not receive full card numbers or bank details from those retailers.

When you use the Service, we automatically collect or generate certain information to run, secure, and improve the Service.

• Session and authentication data, including secure session cookies and related authentication signals needed to keep you signed in and to protect account access.
• Short-lived flow data, including claim-flow cookies, paid-giver continuation cookies, Guide session cookies, redirect state, and similar state used to support redirects, gift claims, non-Google email sign-in, Guide activation, and post-checkout experiences.
• Device, browser, request, and network information, such as IP address, user agent, host, origin, referrer, request identifiers, and similar technical data.
• Operational logs, fraud-prevention, abuse-prevention, and rate-limit information used to detect misuse, secure the Service, investigate issues, and enforce rules.
• Limited telemetry and diagnostics, such as event stream or action names, timestamps, and sanitized metadata used for product operations, reliability, and debugging.

We use personal information to provide, secure, operate, and improve the Service. In particular, we may use information to:

• Create, authenticate, maintain, and secure accounts and public profiles.
• Operate public creator pages, thank-you links, embedded experiences, claim flows, and related product features.
• Process payments, support payouts, onboard connected accounts, reconcile balances and ledgers, attribute eligible Guide conversions, reconcile affiliate reports, and communicate about payment, payout, application, or program status.
• Send transactional emails, claim emails, support acknowledgments, security notifications, legal notices, and service updates.
• Provide customer support, respond to feedback, and troubleshoot product, payment, or account issues.
• Detect, prevent, investigate, and respond to fraud, abuse, security incidents, suspicious activity, disputes, chargebacks, and violations of our terms or policies.
• Comply with legal obligations, court orders, tax requirements, payment-network rules, and provider requirements.
• Analyze product usage, improve the Service, and develop or test features, including through limited telemetry and internal operational analytics.
• Create internal aliases, hashes, or derived identifiers from account, contact, checkout, or public-surface data when needed to support claims, identity matching, Guide conversion verification, affiliate reconciliation, fraud prevention, or ledger integrity.

We share personal information only as needed to operate the Service, comply with law, protect people and the Service, or as otherwise described in this policy.

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising.

• With payment and payout providers, including Stripe, banks, and related financial institutions, to process payments, payouts, connected-account onboarding, identity verification, risk review, disputes, and compliance obligations.
• With service providers that help us operate the Service, such as providers for authentication, hosting, database functions, security, customer support, and email delivery.
• With other users or the public when the product requires it. For example, creator names, handles, public page content, and embedded thank-you experiences may be public; transaction participants may also see limited transaction details depending on the product flow; and approved Guide or affiliate-related public links may include program-specific routing or attribution metadata.
• With regulators, law enforcement, courts, payment networks, or other third parties when required by law, subpoena, legal process, sanctions rules, fraud-prevention needs, or to protect rights, safety, property, or the integrity of the Service.
• In connection with a merger, financing, reorganization, asset sale, bankruptcy, or similar corporate transaction, subject to appropriate confidentiality and legal protections.

Haylo includes public and participant-facing experiences. That means some information is intentionally visible to other people or to the public when you use certain features.

If you create a public creator page, publish content, or enable an embeddable Haylo experience, the information you make public may be visible to anyone who visits, receives, links to, or embeds that experience. Public information may also be copied, screenshotted, cached, indexed, or retained by third parties outside our control.

Haylo may publish public sitemaps, structured metadata, and crawl instructions for public pages and public documentation. Private account pages, admin tools, authentication paths, APIs, and payout or ledger dashboards are not intended as public content surfaces, even if a URL is discovered by a crawler or shared outside the Service.

If you send or receive gratitude or use payment features, Haylo and Stripe process transaction information. Depending on the flow, the people involved in the transaction may see limited information such as creator identity, sender display information, gift amount, timing, or sender note. The exact visibility depends on the product flow, the information submitted, whether content is public, and whether the payment is treated as anonymous or attributable in our systems.

If a non-member later signs in or claims a gift with the same verified email or account signal used in a payment or claim flow, Haylo may use that verified identity to show participant-facing ledger or claim history according to the applicable product rules.

Haylo does not receive or store full payment card numbers or full bank account numbers. Stripe handles full card details, payout account details, and other sensitive payment credentials directly through its own infrastructure.

Some Recommendation lights on HayloFriend include affiliate links to products on Amazon and other retailers. When you click an affiliate link, you are redirected through our /go/[id] route which adds an affiliate identifier so retailers can attribute the click to HayloFriend. If you make a qualifying purchase, the retailer pays HayloFriend a commission at no extra cost to you. We do not see your payment information or your purchase details from Haylo checkout. For affiliate reconciliation, we may store click-time metadata such as destination host, URL hash, ASIN when available, timestamp, creator attribution, and split snapshot, then compare it to retailer or network reports.

As an Amazon Associate, HayloFriend earns from qualifying purchases.

Affiliate links are disclosed visually in the UI before you click. Not clicking them is always fine — no other functionality on the site depends on it. You can read more about how the redirect rail works in our public release notes (search for "HAY-86 Amazon Associates").

For questions about how we handle data on affiliate clicks, email [email protected].

Haylo uses cookies and similar technologies primarily to run and secure the Service. These technologies may include secure session cookies, short-lived claim or redirect cookies, and other server-side or client-side storage used for authentication, fraud prevention, payment-state handling, and core product flows.

We may also use limited telemetry, diagnostics, and similar technical signals to understand reliability and product behavior. At this time, the technologies we rely on are primarily service-essential. If we introduce non-essential analytics, personalization, or advertising technologies in the future, we will update this policy and any notices or controls we provide as required by law.

You can manage some browser-side storage through your browser settings, but disabling essential cookies may prevent the Service from working correctly.

We keep personal information for as long as reasonably necessary to provide the Service, maintain security, support users, keep operational and financial records, reconcile Guide or affiliate activity, comply with legal obligations, and resolve disputes or enforce agreements.

Retention periods vary by data type and purpose. For example, some cookies are short-lived, certain claim-flow cookies are designed to expire after roughly 15 minutes, and claim links for gifts may expire after about 45 days. Payment, payout, fraud, support, audit, and legal records may be kept longer where needed for accounting, security, compliance, or dispute-handling purposes.

When we no longer need information for the purposes above, we will delete it, de-identify it, or retain it only in a form permitted by applicable law.

Depending on where you live, you may have rights to access, correct, delete, or obtain a copy of certain personal information, or to object to or restrict some processing. Some information can be updated directly in your account or through the Service. For other requests, contact us using the details below.

We may need to verify your identity before acting on a request. In some cases, we may deny or limit a request where the law allows us to do so, including when we need to keep information for security, fraud-prevention, legal, accounting, tax, or payment-related reasons.

If you have a Haylo account, you may also be able to export certain ledger or transaction records from within the Service. That product-level export does not necessarily include every category of personal information we may hold.

Haylo and its providers may process and store information in the United States and other jurisdictions where we or our service providers operate. Those places may have data protection rules that differ from the rules in your home jurisdiction.

We use reasonable technical and organizational measures designed to protect personal information appropriate to the nature of the Service. Those measures include secure authentication practices, access controls, fraud and abuse protections, provider security features, and restrictions intended to limit unnecessary exposure of payment and account data.

No method of transmission, storage, or security control is perfect. We cannot guarantee absolute security.

The Service is not directed to children under 18, and we do not knowingly collect personal information from children under 18 for use of the Service. If you believe a child has provided personal information to us in violation of this policy, contact us so we can review the situation.

We may update this Privacy Policy from time to time. If we do, we will post the updated version here and update the effective date above. Your continued use of the Service after an updated policy becomes effective means the updated policy will apply going forward, to the extent permitted by law.

For privacy questions or requests, contact [email protected].

Golden Hour Group, LLC operates HayloFriend.com.