1. Introduction
Privacy Technologies LLC (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and Personal Data. This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and protect information when you use the Halo application (the “App”), including all features, content, and services offered through the App.
This Policy applies to all users worldwide, regardless of location. We comply with all Applicable Data Protection Laws, including but not limited to the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation and Data Protection Act 2018 (UK GDPR), the Brazilian Lei Geral de Proteção de Dados (LGPD), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Australian Privacy Act 1988, the Japanese Act on Protection of Personal Information (APPI), the South Korean Personal Information Protection Act (PIPA), the Singapore Personal Data Protection Act (PDPA), the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), and other applicable state, national, and international privacy laws.
By accessing or using the App, you acknowledge that you have read and understood this Policy. This Policy is incorporated by reference into our Terms and Conditions of Use.
2. Data Controller and Data Protection Officer
2.1 Data Controller
Privacy Technologies LLC is the data controller responsible for processing your Personal Data under this Policy.
Privacy Technologies LLC
Email: Support@gethaloapp.com
Mailing Address: Available upon request at Support@gethaloapp.com
2.2 Data Protection Officer
For data protection inquiries, exercising your privacy rights, or filing a complaint, contact our Data Protection Officer at Support@gethaloapp.com.
2.3 EU/UK Representative
If required under GDPR Article 27 or UK GDPR, our appointed representative’s contact information is available upon request at Support@gethaloapp.com.
3. Information We Collect
3.1 Information You Provide Directly
(a) Account Information: Name, email address, username, password (stored in hashed form), date of birth, and profile preferences.
(b) Health and Fitness Data: Physical activity data, exercise logs, fitness goals, body measurements, sleep data, and other health-related information you choose to input. This constitutes Sensitive Data and is processed only with your explicit consent.
(c) Dietary Information: Dietary preferences, meal logs, nutritional goals, allergies, and food restrictions.
(d) Financial Information: Budget data, financial goals, spending categories, and financial planning information you input into the App. We do not store complete credit card numbers or bank account credentials.
(e) AI Interaction Data: Text inputs, prompts, and queries submitted to the App’s AI features.
(f) Communications: Messages sent to customer support, feedback, and survey responses.
3.2 Information Collected Automatically
(a) Device Information: Device type, operating system, browser type, unique device identifiers, and mobile network information.
(b) Usage Data: Feature usage patterns, session duration, interaction data, and crash/error logs.
(c) Log Data: IP address (anonymized where required by law), access times, pages viewed, and referring URLs.
3.3 Information from Third Parties
(a) Authentication Providers: If you sign in through a third-party service (e.g., Apple, Google), we receive basic profile information as authorized by you.
(b) Payment Processors: Transaction confirmations, subscription status, and billing identifiers from payment providers (e.g., Stripe, Apple, Google). We do not receive or store your full payment card details.
3.4 Sensitive Data
We collect and process the following categories of Sensitive Data only with your explicit, informed consent:
- Health and fitness data
- Dietary and nutritional data
- Biometric data (if applicable)
- Financial planning data
You may withdraw consent for Sensitive Data processing at any time through your account settings or by contacting Support@gethaloapp.com.
4. How We Use Your Information
We use your information for the following purposes:
4.1 Providing and Improving the Services
(a) Delivering AI-powered personal assistant features, fitness guidance, dietary recommendations, and financial assistance.
(b) Personalizing your experience and content within the App.
(c) Processing transactions and managing your subscription.
(d) Improving, developing, and optimizing the App’s features and performance.
4.2 Safety and Security
(a) Detecting, preventing, and addressing fraud, abuse, and security threats.
(b) Monitoring for violations of our Terms and Conditions of Use.
(c) Protecting the rights, property, and safety of our users and the public.
4.3 Communications
(a) Sending service-related notifications (e.g., account verification, security alerts, subscription updates).
(b) Responding to your inquiries and support requests.
(c) Sending promotional communications (only with your opt-in consent; you may unsubscribe at any time).
4.4 Legal Compliance
(a) Complying with applicable laws, regulations, and legal processes.
(b) Responding to lawful requests from public authorities.
(c) Establishing, exercising, or defending legal claims.
4.5 AI Model Improvement
We may use anonymized and aggregated data to improve our AI models. No individually identifiable information will be used for AI training without your explicit opt-in consent. You may opt out of anonymized data usage at any time through your account settings.
5. Legal Basis for Processing
Under the GDPR, UK GDPR, and similar data protection laws, we rely on the following legal bases for processing your Personal Data:
| Legal Basis | Processing Activity |
|---|---|
| Consent (Art. 6(1)(a) GDPR) | Processing Sensitive Data (health, fitness, dietary, financial); sending marketing communications; AI training on anonymized data (opt-in); cookies and tracking (where required) |
| Contract Performance (Art. 6(1)(b) GDPR) | Providing the App’s Services; managing your account; processing subscription payments; delivering AI-generated content and recommendations |
| Legal Obligation (Art. 6(1)(c) GDPR) | Tax and financial record-keeping; responding to lawful government requests; compliance with data protection laws; age verification requirements |
| Vital Interests (Art. 6(1)(d) GDPR) | Emergency situations involving user safety (e.g., if health data indicates a critical condition) |
| Legitimate Interests (Art. 6(1)(f) GDPR) | Fraud prevention and security; improving and optimizing the App; analytics and performance monitoring; enforcing our Terms and Conditions |
For Sensitive Data (health, fitness, dietary, biometric, and financial data), we rely exclusively on explicit consent (Art. 9(2)(a) GDPR) as the legal basis for processing.
6. Cookies and Tracking Technologies
6.1 Our Approach
We minimize the use of cookies and tracking technologies. On our website (gethaloapp.com), we use Plausible Analytics, which is a privacy-friendly, cookie-free analytics solution that does not collect Personal Data or track individual users.
6.2 Essential Cookies
We may use strictly necessary cookies for core functionality such as authentication, security, and user preferences (e.g., theme selection). These cookies do not require consent under most privacy laws.
6.3 No Third-Party Tracking
We do not use third-party advertising cookies, tracking pixels, social media plugins that track users, or any technology that creates behavioral profiles for advertising purposes.
6.4 Your Choices
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the App.
7. Third-Party Service Providers (Sub-Processors)
We engage the following categories of third-party service providers to help us deliver the Services. Each provider is bound by data processing agreements that meet the requirements of applicable data protection law:
- Cloud Infrastructure: Hosting and data storage providers.
- AI Service Providers: Third-party AI models and APIs used to power AI features (e.g., Anthropic). When cloud AI is used, only the text of your query is transmitted. No Personal Data, conversation history, or identifying information is sent. We have opted out of AI model training with our providers.
- Payment Processors: Stripe and app store payment platforms for subscription billing.
- Analytics: Plausible Analytics (privacy-friendly, cookie-free, no Personal Data collected).
- Email Communications: Transactional and service email delivery providers (e.g., Resend).
- Customer Support: Tools used to manage support inquiries.
A current list of sub-processors is available upon request at Support@gethaloapp.com. We will notify users of material changes to our sub-processor list.
8. Data Sharing and Disclosure
8.1 We Do Not Sell Your Data
We do not sell, rent, lease, or trade your Personal Data to third parties for monetary or other valuable consideration. This applies to all users worldwide, including under the CCPA/CPRA definition of “sale” and “sharing.”
8.2 Limited Sharing
We may share your information only in the following circumstances:
(a) Service Providers: With sub-processors as described in Section 7, solely to provide the Services.
(b) Legal Requirements: When required by law, regulation, legal process, or enforceable governmental request.
(c) Safety and Rights: To protect the safety, rights, or property of Privacy Technologies LLC, our users, or the public.
(d) Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice and protections for your data.
(e) With Your Consent: When you have given explicit consent to share specific information.
8.3 Anonymized and Aggregated Data
We may share anonymized, aggregated, or de-identified data that cannot reasonably be used to identify you.
9. Data Security
9.1 Security Measures
We implement appropriate technical and organizational measures to protect your Personal Data, including:
- Encryption of data at rest and in transit (TLS 1.2+/AES-256)
- Secure authentication and access controls
- Regular security assessments and vulnerability testing
- Employee access controls and security training
- Incident response procedures
- Row-level security on database infrastructure
9.2 No Guarantee
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
9.3 Your Responsibilities
You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.
10. Data Breach Notification
10.1 Notification to Authorities
In the event of a Personal Data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, as required by the GDPR and other applicable laws.
10.2 Notification to Users
If a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, providing:
(a) A description of the nature of the breach;
(b) The categories and approximate number of individuals affected;
(c) The likely consequences of the breach;
(d) The measures taken or proposed to address the breach.
10.3 Documentation
We maintain records of all data breaches, including facts, effects, and remedial actions taken.
11. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
11.1 Universal Rights
(a) Right of Access: Request a copy of the Personal Data we hold about you.
(b) Right to Rectification: Request correction of inaccurate or incomplete data.
(c) Right to Erasure (Right to be Forgotten): Request deletion of your Personal Data, subject to legal retention requirements.
(d) Right to Restriction: Request that we limit processing of your data in certain circumstances.
(e) Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
(f) Right to Object: Object to processing based on legitimate interests or for direct marketing.
(g) Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of prior processing.
(h) Right Not to Be Subject to Automated Decision-Making: See Section 16.
11.2 Exercising Your Rights
To exercise any of these rights, contact us at Support@gethaloapp.com. We will respond within thirty (30) days (or within the timeframe required by applicable law). We may request verification of your identity before processing your request. We will not charge a fee for reasonable requests unless the request is manifestly unfounded or excessive.
11.3 Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.
12. Children’s Privacy
12.1 Age of Digital Consent
The age at which a minor may independently consent to data processing varies by jurisdiction: 13 in the United States (COPPA), 16 in most EU member states (GDPR Article 8, though individual member states may lower this to 13), 13 in the United Kingdom, 13 in Canada, 13 in Australia, 16 in South Korea, and as otherwise defined by local law.
12.2 Parental Consent
Users below the applicable age of digital consent (“Child Users”) must have verifiable parental or legal guardian consent before creating an account or using the App. We implement age verification mechanisms and obtain verifiable parental consent as required by COPPA, GDPR, and other applicable laws.
12.3 Data Minimization for Minors
We minimize the data collected from minors and do not use children’s data for targeted advertising, profiling, or AI training purposes.
12.4 Parental Rights
Parents and guardians may: (a) review their child’s Personal Data; (b) request deletion of their child’s data; (c) refuse further collection; and (d) manage privacy settings through parental controls.
12.5 Contact
If you believe we have collected data from a child without proper consent, contact Support@gethaloapp.com immediately.
13. International Data Transfers
13.1 Transfer Mechanisms
If your Personal Data is transferred outside your country of residence, we ensure appropriate safeguards are in place, including:
(a) Standard Contractual Clauses (SCCs) approved by the European Commission (for EU data transfers).
(b) International Data Transfer Agreement (IDTA) or UK Addendum (for UK data transfers).
(c) Adequacy decisions where available.
(d) Other lawful transfer mechanisms as recognized by applicable data protection authorities.
13.2 Data Localization
Where required by local law, we will process and store data within the required jurisdiction.
13.3 Your Rights Regarding Transfers
You may request information about the safeguards in place for international transfers of your data by contacting Support@gethaloapp.com.
14. Data Retention
14.1 Retention Periods
We retain your Personal Data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
- Account Data: Retained while your account is active, plus thirty (30) days after deletion request.
- Health and Fitness Data: Retained while your account is active; deleted within thirty (30) days of account deletion or withdrawal of consent.
- Financial Data: Retained as required by tax and financial regulations (typically up to seven (7) years for transaction records).
- Usage and Analytics Data: Retained in anonymized form; identifiable data deleted within twelve (12) months.
- Support Communications: Retained for up to twenty-four (24) months after resolution.
14.2 Deletion
You may request deletion of your data at any time. Upon receiving a valid deletion request, we will delete your Personal Data within thirty (30) days, except where retention is required by law.
14.3 Backup Systems
Data in backup systems will be deleted in accordance with our backup rotation schedule, which does not exceed ninety (90) days.
15. Do Not Sell or Share My Personal Information
Privacy Technologies LLC does not sell or share your Personal Data as defined under the CCPA/CPRA, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, or any other applicable privacy law.
We do not:
- Sell Personal Data for monetary consideration
- Share Personal Data for cross-context behavioral advertising
- Use or disclose Sensitive Personal Information for purposes beyond those permitted by the CCPA/CPRA
No opt-out mechanism is required because we do not engage in these practices. If our practices change, we will implement appropriate opt-out mechanisms and provide notice.
16. Automated Decision-Making and Profiling
16.1 AI-Powered Features
The App uses artificial intelligence to generate personalized recommendations for fitness, diet, and financial planning. These features use automated processing of your data.
16.2 No Legal or Significant Effects
Our AI features provide informational recommendations only. They do not make decisions that produce legal effects or similarly significant effects on you.
16.3 Your Rights
Under the GDPR and similar laws, you have the right to: (a) obtain human intervention in automated processing; (b) express your point of view; (c) contest decisions based solely on automated processing. Contact Support@gethaloapp.com to exercise these rights.
16.4 Transparency
We provide meaningful information about the logic involved in our AI features, as well as the significance and envisaged consequences of such processing.
17. Third-Party AI Providers
17.1 How We Use Third-Party AI
Halo may utilize third-party AI models and APIs to power certain features. When cloud AI is used:
- Only the text of your query is transmitted to the AI provider.
- No Personal Data, conversation history, or identifying information is included in the transmission.
- We have opted out of AI model training with our providers. Your queries are not used to train any third-party AI model.
17.2 Data Processing Agreements
All third-party AI providers are bound by data processing agreements that meet the requirements of applicable data protection law.
17.3 AI Content
AI-generated responses may contain errors or inaccuracies. AI Content does not constitute professional advice. See our Terms and Conditions, Section 5 for full AI disclaimers.
18. Changes to This Privacy Policy
18.1 Notification
We may update this Policy from time to time. We will provide at least fifteen (15) days advance notice for non-material changes and thirty (30) days advance notice for material changes. Notice will be provided through the App, by email, or by posting the updated Policy on our website.
18.2 Material Changes
For material changes that affect how we process your Sensitive Data, we will obtain your renewed consent where required by applicable law.
18.3 Prior Versions
Prior versions of this Policy are available upon request at Support@gethaloapp.com.
19. Jurisdiction-Specific Provisions
19.1 European Union (GDPR)
If you are located in the EU/EEA, you have the rights described in Section 11, including the right to lodge a complaint with your local supervisory authority. Our legal bases for processing are detailed in Section 5. International transfers are governed by Section 13.
19.2 United Kingdom (UK GDPR)
If you are located in the UK, the UK GDPR and Data Protection Act 2018 apply. Your rights and our obligations mirror those under the EU GDPR. Complaints may be directed to the Information Commissioner’s Office (ICO).
19.3 Brazil (LGPD)
If you are located in Brazil, the Lei Geral de Proteção de Dados applies. You have the right to: confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, information about consent refusal, and consent revocation. Complaints may be directed to the Autoridade Nacional de Proteção de Dados (ANPD).
19.4 Canada (PIPEDA/CPPA)
If you are located in Canada, PIPEDA and applicable provincial legislation apply. You have the right to access, correct, and challenge compliance. Complaints may be directed to the Office of the Privacy Commissioner of Canada.
19.5 Australia (Privacy Act 1988)
If you are located in Australia, the Privacy Act 1988 and Australian Privacy Principles (APPs) apply. You have the right to access and correction. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC).
19.6 Japan (APPI)
If you are located in Japan, the Act on Protection of Personal Information applies. We obtain consent for the handling of Personal Information and provide disclosure, correction, and cessation of use upon request.
19.7 South Korea (PIPA)
If you are located in South Korea, the Personal Information Protection Act applies. We comply with requirements for consent, purpose limitation, data minimization, and notification. Complaints may be directed to the Personal Information Protection Commission (PIPC).
19.8 Singapore (PDPA)
If you are located in Singapore, the Personal Data Protection Act applies. We comply with obligations for consent, purpose limitation, accuracy, protection, retention limitation, transfer limitation, and access and correction. Complaints may be directed to the Personal Data Protection Commission (PDPC).
19.9 California (CCPA/CPRA)
If you are a California resident, you have additional rights under the CCPA/CPRA:
(a) Right to Know: Categories and specific pieces of Personal Information collected, sources, purposes, and third parties with whom we share it.
(b) Right to Delete: Request deletion of your Personal Information.
(c) Right to Correct: Request correction of inaccurate Personal Information.
(d) Right to Opt-Out of Sale/Sharing: We do not sell or share your Personal Information (see Section 15).
(e) Right to Limit Use of Sensitive Personal Information: We do not use Sensitive Personal Information for purposes beyond those permitted.
(f) Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
Notice at Collection: We collect the categories of information described in Section 3 for the purposes described in Section 4. We retain this information as described in Section 14.
19.10 Other U.S. States
We comply with applicable state privacy laws, including the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Virginia Consumer Data Protection Act (VCDPA), Utah Consumer Privacy Act (UCPA), and other state privacy laws as enacted. Residents of these states may exercise applicable rights by contacting Support@gethaloapp.com.
20. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, contact us:
Privacy Technologies LLC
Email: Support@gethaloapp.com
Data Protection Officer: Support@gethaloapp.com
Mailing Address: Available upon request at Support@gethaloapp.com
Website: gethaloapp.com