Privacy Policy
What we keep, honestly.
Halo is built so that privacy isn't a promise. It's an architectural constraint. This page sets out who we are, what we collect, why, the legal basis for it, who we share it with, how long we keep it, and the rights you have. Last updated 2026-06-29.
Prefer plain language? See how privacy worksWho we are
Halo is made by Silver Commerce, based at Rruga Bill Clinton, Tirana 1031, Albania (the "data controller" for the purposes of the GDPR and UK GDPR). For anything about your data, reach us at privacy@heyhalo.app.
The short version
Halo's brain runs on your Mac by default. The things people worry about most, your screen, your audio, your conversations, never leave your device, so they're never ours to hold. The only personal data we hold is what an account and the optional paid features genuinely need. We don't track you, we don't profile you, and we never sell or rent your data.
What stays on your Mac
Perception is local. Every screen capture is deleted after exactly one downstream read. Audio buffers are dropped once a transcript is produced. Memories are stored as structured summaries on your Mac, never as images or screenshots, and you set their lifetime in Settings (Never, 30, 90, or 365 days). This is enforced in code, in modules whose only job is enforcement, and the source is open. None of it reaches our servers, so none of it is covered by the rest of this policy.
What we collect, why, and our legal basis
We only process the data below, and only for the purpose stated. "Legal basis" is the GDPR ground we rely on.
-
Account email and name
To create your account and let you sign in.
Legal basis: performance of a contract
-
Sign-in session (a session cookie, IP address, browser/device user-agent)
To keep you securely signed in and to prevent abuse.
Legal basis: performance of a contract and our legitimate interest in security
-
Subscription, license, and billing records
To provide and bill the paid plans. Card details are handled by Stripe; we never see or store them.
Legal basis: performance of a contract and legal obligation (tax)
-
Usage counts (messages and token totals on paid cloud plans)
To enforce fair-use limits and show you your own usage. Counts only, never prompt or reply content.
Legal basis: performance of a contract
-
Device records (a device name and a non-reversible fingerprint)
To enforce the limit of two Macs per plan.
Legal basis: performance of a contract
-
Newsletter email
To send the updates you signed up for. Every email has a one-click unsubscribe.
Legal basis: consent (withdraw any time)
-
Donation name and email (if you donate)
To process the donation and, only if you ask, credit you on our supporters list.
Legal basis: performance of a contract and consent
-
Connected services (Slack, Gmail, Microsoft, Linear, GitHub, Notion, Discord)
Access tokens stored only to run the integrations you switch on. Disconnect any time and the token is deleted.
Legal basis: consent
-
Halo Cloud requests (only if you turn cloud on)
Your message is sent over an encrypted connection and processed in memory to write a reply. We don't store your prompts or replies. Cloud is optional and off by default.
Legal basis: performance of a contract
App download counts are aggregate and anonymous (a tally by day, version, and a coarse source label, with no identifier, IP, or fingerprint), so they aren't personal data and fall outside this policy.
What we never collect
- No screen contents, no captured frames, no application names. None of it leaves your Mac.
- No audio. Halo transcribes locally and never persists raw audio.
- No behavioral telemetry. We don't track launches, sessions, feature usage, or model performance.
- No third-party advertising or analytics trackers, no fingerprinting, no cross-site cookies.
Who we share it with (sub-processors)
We don't sell or rent your data. We use a small set of vetted providers to run the service, each bound by a data-processing agreement that limits them to acting on our instructions:
- Stripe: payments and billing.
- Cloudflare: hosting, database, file storage, and content delivery.
- Resend: transactional email (sign-in links) and the newsletter.
- Our cloud AI provider (OpenRouter and the model providers it routes to): used only when you enable Halo Cloud, to generate replies.
When you connect an outside service (Slack, Gmail, Microsoft, Linear, GitHub, Notion, Discord), data flows to that provider under its own terms, only for the integration you enabled.
International transfers
We're based in Albania, which is outside the EEA and the UK, and some of our providers process data elsewhere too. Where personal data is transferred out of the EEA or the UK, the transfer relies on Standard Contractual Clauses (with the UK and Swiss addenda where relevant), in our own terms or in each provider's data-processing agreement.
How long we keep it
- Account, devices, usage counts, connected services: until you delete your account.
- Billing and license records: kept for as long as tax law requires (typically up to 7 years), even after you delete your account.
- Newsletter email: until you unsubscribe.
- Halo Cloud prompts and replies: not stored by us. They're processed in memory and discarded.
- Server access logs (Cloudflare, with truncated IP): short-lived, per Cloudflare's defaults.
- On-device memories: the lifetime you choose in Settings (Never, 30, 90, or 365 days).
Cookies
We set one cookie: the session that keeps you signed in. It's strictly necessary for the service, so it needs no consent banner. We use no advertising or analytics cookies and no cross-site trackers, which is why you see a short privacy notice instead of a cookie wall.
Your rights
If you're in the EU, the UK, or a similar regime, you have the right to access your data, correct it, delete it, export it (data portability), restrict or object to our processing, and withdraw any consent you gave.
You can do the two most common ones yourself: sign in and open Account → Your data to download a copy of your data or delete your account. For anything else, email privacy@heyhalo.app and we'll respond within 30 days. You also have the right to complain to your local data protection authority (in the UK, the ICO; in the EU, your national supervisory authority).
Children
Halo isn't directed at children, and we don't knowingly collect data from anyone under 16. If you believe a child has given us personal data, email us and we'll delete it.
Changes & contact
If we change this policy, we'll update this page and the date at the top. Questions, requests, or takedowns: privacy@heyhalo.app.