New · 2025 Prospectuses Available
— Five strategies, up to 112% annual return ·
Capital Preserver · Balanced Growth · Real Estate Trust · Private Wealth Index · Aggressive Equity
View 2025 Prospectuses →
Security & Privacy
Your Capital and Data Are Protected by Design.
Platform security at Halofinity is not a feature layer added after the core product was built. It is integrated into every system — from account authentication to custody architecture to incident response.
This page documents what protects you, what we collect, what we never do, and how to report a security concern immediately.
OTP
All logins verified
AES
Encrypted data at rest
100%
Segregated custody
0
Security incidents disclosed
Platform Security
Six Layers of Protection
Each layer is independently relevant. Together they form a defence-in-depth architecture that protects both your capital and your personal data.
OTP Authentication on Every Login
Every login attempt — regardless of device or session age — requires a one-time password sent to your registered email or phone. There is no bypass for this. Platform staff cannot waive the OTP requirement on your behalf. If you receive an OTP you did not request, contact security immediately.
Segregated Investor Accounts
Your capital is held in accounts that are legally segregated from Halofinity's operational funds. Quarterly independent audits confirm that no investor capital is co-mingled with platform operational costs. Halofinity's bills are never paid from investor balances under any circumstance.
AES-256 Data Encryption
All personally identifiable information, KYC documents, financial data, and account credentials are encrypted at rest using AES-256 encryption. Data in transit is protected by TLS 1.3. No plaintext storage of sensitive data exists anywhere in the platform infrastructure.
Zero Staff Access to Credentials
No Halofinity staff member — in any role — can view your account password, OTP code, or wallet private keys. Passwords are hashed, not stored. Any support interaction that requires account verification uses identity-confirmation methods that do not expose your credentials.
Formal Incident Response Protocol
A documented security incident response protocol exists and is annually reviewed by an external security auditor. The protocol defines response timelines, investor notification obligations, and remediation steps. Any confirmed security breach affecting investor data triggers mandatory disclosure within 72 hours.
Withdrawal Authorisation Controls
Withdrawal requests are subject to a withdrawal authorisation workflow that includes identity re-verification and a processing window. Large withdrawal requests above threshold amounts trigger an additional manual review before release. This protects against automated or coerced withdrawal attempts.
Your Account Controls
What You Can Do to Protect Yourself
Keep Your Email Secure
Your registered email is the primary channel for OTPs, withdrawal confirmations, and security alerts. Use a strong, unique password on your email account and enable two-factor authentication on your email provider. Alert us immediately at [email protected] if your email is ever compromised.
Recognise Phishing Attempts
Official Halofinity communications only come from @halofinity.com addresses. We never ask for your password, OTP, or private keys via email, phone, or chat. If you receive such a request — from any source claiming to be Halofinity — it is fraudulent. Report it immediately.
Use Trusted Devices Only
Access your Halofinity account only from personal, trusted devices. Public computers and shared devices present credential interception risks. Always log out after each session and do not allow browsers to save your Halofinity password.
Review Your Dashboard Regularly
Review your position list, transaction history, and withdrawal records whenever you log in. Any transaction you do not recognise should be reported to support immediately via your dashboard support ticket system. Early reports significantly improve response outcomes.
Critical Security Notice
Halofinity staff will never contact you asking for your password, OTP code, or wallet private keys — under any circumstance, through any channel. This includes emails, phone calls, WhatsApp, Telegram, and live chat. Any person claiming to be Halofinity staff and requesting this information is committing fraud. Do not comply. Terminate the contact immediately and report to [email protected] with as much detail as possible.
Privacy Policy Summary
What We Collect, Why, and What We Never Do
This is a plain-language summary. The full privacy policy is available in the document linked below.
What We Collect
- Full legal name, date of birth, and nationality for KYC verification
- Email address and phone number for account authentication
- Government-issued ID documents for KYC compliance
- Bank account details or crypto wallet addresses for deposit/withdrawal processing
- IP address and device type for security logging
- Support ticket content and correspondence for service history
What We Never Do
- Sell your personal data to third parties — ever
- Share your information with marketing networks or data brokers
- Store your password in plaintext — it is hashed before storage
- Use analytics tools that capture or transmit personal financial data
- Retain KYC documents beyond the regulatory retention period
- Contact you for marketing purposes without explicit consent
Your Rights
- Request a full export of all personal data we hold about you
- Request deletion of your account and personal data (subject to regulatory retention obligations)
- Update your personal information at any time via your dashboard settings
- Opt out of non-essential communications at any time
- Submit a formal data complaint to [email protected]
Security Contacts
- [email protected] — Suspected breaches, phishing reports, fraud
- [email protected] — Data access requests, GDPR/NDPR queries
- [email protected] — Account access issues, suspicious login alerts
- Dashboard Support Tickets — Fastest route for logged-in account issues
- Response target: 2 hours for security incidents (business hours)
Your Security Is Our Infrastructure, Not an Afterthought.
If something looks wrong on your account — report it immediately. Our security team responds within 2 hours during business hours.