Privacy at Hally

Last updated May 12, 2026 · Policy version 2026-05-12

Hally is a SaaS for community-run nonprofits — community leagues, condo strata, faith communities, sports clubs, school councils. We hold personal information about the residents these organizations serve. This page is a plain-language description of what we collect, why, who sees it, how long we keep it, and what control you have over it. We follow Canada’s federal privacy law (PIPEDA), Alberta’s PIPA, and will follow Quebec’s Law 25 if a Quebec community ever joins.

What we collect, why, and where it lives

Hally runs eight modules. Each one collects only what it needs to do its job. The categories below are listed by the module you’d interact with as a resident or as a board member.

Board members
Name, email, phone (optional), profile photo, role. Collected when you join an organization on Hally; used to sign you in, assign tasks, and route notifications.
Memberships
Household name, address, names of household members, expiry date. Collected when a resident buys a community membership; used to issue the wallet card and run renewal reminders.
Hall bookings
Renter name, email, phone, event details, payment receipt. Collected when someone books a community venue; used to manage the booking and send a Stripe-secured payment link.
Public submissions
Idea submissions, volunteer signups, event RSVPs. Name and optional email. Collected when a resident submits through your community's public portal; used to route the submission to your board.
Newsletter
Email address only. Managed in Mailchimp under your community's account; subscribe/unsubscribe handled per CASL.
Natural-language assistant
Per-request text only. Sent to Vertex AI configured for zero retention (no training, no logging). Opt-in at the organization level; any member can opt out individually.
Membership wallet card
First name and last initial, organization name, membership type, expiry date — and an opaque verification token. Hosted on communitymembership.ca for door verification. No email, phone, or address.
Youth-protection clearances (when enabled)
Per-person records of clearances like Criminal Record Checks, Vulnerable Sector Checks, concussion training — type, completion date, expiry date, and optionally an uploaded certificate PDF. Captured by your community's admin for operational use; admin-only access. Not visible to other members, not visible to you on your own profile, never visible on the public engagement portal. The cleanest path the organization has to keep adults working with kids properly cleared. Communities can also run the module without storing any certificate PDFs at all — date tracking alone is supported.

Payment information — credit cards, bank accounts — never lives in our database. Stripe handles payments directly, and we only see the resulting receipt (amount, date, last-4 of the card).

Who else sees this

Hally uses third-party services (“sub-processors”) to run. Each one only touches the data it needs to do its specific job. The full list:

Stripe
Payment processing (Stripe Connect Standard). Handles cards, bank accounts, and payment confirmation. PCI-DSS compliant. United States.
Firebase / Google Cloud
Auth, database (Firestore), serverless functions, file storage. Encrypted at rest. Currently us-central1; can be moved to northamerica-northeast1 on request.
Resend
Transactional email (sign-in links, receipts, notifications) and per-tenant verified-domain newsletter sending. United States.
Mailchimp
Newsletter list management for each community, under that community's own Mailchimp account. CASL-compliant unsubscribe. United States.
Vertex AI / Gemini
Powers the natural-language assistant. Configured for zero retention and no training. United States.
Google Drive / Calendar
Optional integration — when an organization connects Google, meeting minutes and events sync to their own Google Workspace. Tenant-controlled.

Most of these companies operate in the United States, meaning your data crosses the Canada-US border to reach them. Each has contractual privacy commitments that meet or exceed PIPEDA’s standard. We disclose the full list (and update it when it changes) so you can decide whether you’re comfortable.

How long we keep it

We retain personal information only as long as it serves the purpose for which it was collected, plus statutory minimums. Specific windows:

  • Memberships — 3 years after expiry, then redacted to a record-of-existence (kept for reporting only)
  • Hall bookings — 2 years after the event date, then redacted
  • Finance records (transactions, expense claims, receipts) — 7 years, per CRA requirements
  • Idea submissions and volunteer signups — 1 year
  • Meeting records — kept while the organization is active; redacted personal data on closure
  • Newsletter list — handled by Mailchimp under your organization’s own opt-out controls
  • Login session data — managed by Firebase Auth, cleared per their standard policy

Your rights

Under PIPEDA and Alberta PIPA, you have the right to:

  • Access the personal information we hold about you
  • Correct anything that’s inaccurate
  • Delete your personal information, subject to legal retention requirements
  • Withdraw consent for specific uses (e.g., stop sending newsletters)
  • Lodge a complaint with us or with the Office of the Privacy Commissioner of Canada

If you’re signed in, you can exercise these from Profile → My data: download a copy of your data, request a correction, or submit a deletion request. We respond within 30 days, as PIPEDA requires.

If you don’t have an account — for example, you signed up to volunteer for an event and want your record removed — email us at privacy@hallyhelps.comand we’ll handle it manually within the same window.

If something goes wrong (data breach)

PIPEDA requires that we notify the Office of the Privacy Commissioner of Canada and the people affected “as soon as feasible” about any breach that creates a real risk of significant harm. Our procedure:

  1. Contain the breach (revoke access, rotate credentials, patch the vulnerability)
  2. Assess scope and risk (whose data, how much, how sensitive)
  3. Notify affected individuals directly, by email
  4. Report to the Privacy Commissioner
  5. Maintain an internal record for the statutory minimum of 24 months

We’ve had zero reportable breaches to date.

How to reach us

Hally’s Privacy Officer is Brian Anderson, the founder and sole developer. The dedicated address is privacy@hallyhelps.com — sent there, every inquiry gets a response within 5 business days, and a full answer within the 30-day PIPEDA window.

If our response doesn’t resolve your concern, you can file a complaint with the Office of the Privacy Commissioner of Canada or with the Alberta Information and Privacy Commissioner.

Children

Hally is built for adult board members of community organizations. We don’t knowingly collect personal information from anyone under 13. Household memberships sometimes include children’s names — those records are managed by the household’s adult contact and treated with the same protections as adult data.

Changes to this policy

When this policy changes materially, we bump the version number at the top of the page and email every organization using Hally with a summary of what changed. We don’t silently update — every change is dated and disclosed.

← Back to HallyQuestions? privacy@hallyhelps.com