Skip to main content

Privacy Policy

Last updated: July 2026

Halo Aware ("we", "us", "our") is committed to protecting the privacy and safety of families who use our services. This Privacy Policy explains how we collect, use, store, and protect personal data when parents use the Halo Aware app and related services.

Halo Aware is designed for parents or legal guardians. Children do not create accounts themselves.

1. Who We Are

Halo Aware is a parental safety tool that provides insights into a child's use of AI chat platforms. Our service helps parents identify potential risks and safeguard their children online.

Data Controller:

Halo Aware Ltd

Registered in England and Wales, company no. 17065814

Registered office: 23 Broadway, North Hykeham, Lincoln, LN6 8DP

Contact: hello@haloaware.com

2. Who This Policy Applies To

This policy applies to:

  • Parents or legal guardians who create a Halo Aware account
  • Children whose AI interactions are monitored through a parent-managed account

3. Information We Collect

3.1 Parent Information

We may collect the following information about parents:

  • Email address
  • Display name
  • Profile photo (if signing in via Google)
  • Timezone
  • Last login timestamp

3.2 Child Profile Information

Parents choose what information to provide. This may include:

  • Child display name (real or pseudonym)
  • Age range
  • Avatar colour (UI preference)

We do not require real names or identifying details for children.

3.3 Payment Information

If you subscribe to a paid plan, your payment is processed by Stripe. We receive limited billing details such as your name, billing address, card type, and the last four digits of your card, which we use to manage your subscription. We never see or store your full card number. Stripe handles your card details directly.

4. AI Message Processing

Halo Aware monitors activity on supported AI chat platforms only.

What happens to messages?

  • Messages are processed temporarily in memory only
  • Messages are analysed using automated AI classification
  • Messages are not stored unless a safety risk is detected

Stored alert data (limited cases only)

If a medium or high risk is identified:

  • 2-3 messages surrounding the flagged content may be stored as context
  • An AI-generated summary
  • Risk level (none / low / medium / high)
  • Topic categories
  • Platform and timestamps

Raw messages outside these limited alert snippets are discarded.

5. Information We Do NOT Collect

Halo Aware does not collect:

  • Full chat logs
  • General browsing history
  • Keystroke data
  • Screenshots
  • Child email addresses or passwords
  • Login credentials for third-party services
  • Messages outside supported AI platforms

6. Why We Process Data (Lawful Basis)

We process personal data because it is:

  • Necessary for safeguarding children
  • Required to provide safety alerts and insights to parents
  • Based on parental consent

Parents provide consent when setting up the account and enabling monitoring features.

7. Consent and Control

  • Parents control all monitoring settings
  • Consent can be withdrawn at any time by:
    • Disabling monitoring
    • Deleting the account
    • Contacting support

Once consent is withdrawn, data will be deleted in line with our retention policy.

8. Automated Decision-Making

Halo Aware uses automated systems to:

  • Classify AI messages
  • Identify potential safety risks

No automated decisions significantly affect a child without parental review and control. Any content restrictions are configured by the parent.

9. Data Security

We take appropriate technical and organisational measures to protect data, including:

  • Access controls
  • Encryption where appropriate
  • Monitoring and logging
  • Regular security reviews

10. Data Retention

Data is removed automatically once it has done its job. The current limits:

  • Non-flagged message data is never stored
  • The words inside an alert (the conversation snippet and the written summary) are removed once the alert has served its purpose: within a day of you dismissing it, 30 days after you first read it, or 90 days after it was raised, whichever comes first
  • The alert record itself (what kind of risk, how serious, and when it happened) is kept for 12 months, along with any notes you added, then deleted. No alert outlives a year, whether you opened it or not
  • Conversation summaries and usage statistics follow your plan's insights window, from two weeks on the free plan up to 12 months on Premium. Usage counters may be kept up to six weeks on shorter plans, since pattern notices need a few weeks of history to spot a change. Nothing is kept past 12 months
  • Behavioural pattern notices are deleted after 30 days to 6 months, depending on whether you have read them
  • Parents may delete any of this sooner, at any time

These limits are enforced by an automated daily process, and the same numbers are shown in the Data Inventory in your Settings. Data removed by that process also leaves our encrypted backups within 30 days.

Closing your account doesn't wait for any of these windows: your children's profiles, conversation data and alerts are deleted immediately, along with your own account details. The one thing that lasts longer is billing. Invoices and payment records are kept by Stripe, our payment processor, for up to six years after your membership ends, because UK tax law requires it. We don't keep a copy ourselves.

11. Children's Rights & Safeguards

Halo Aware follows UK GDPR and the Age Appropriate Design Code (Children's Code) principles, including:

  • Data minimisation
  • Transparency
  • Purpose limitation
  • Safeguarding-first design

12. International Users

Where applicable, Halo Aware also considers COPPA requirements for US users.

13. Your Rights

Parents have the right to:

  • Access their data
  • Request correction or deletion
  • Withdraw consent
  • Raise concerns with the ICO

14. Who We Share Data With

We do not sell your data. We share personal data only with the providers that help us run Halo Aware:

  • Stripe for payment processing
  • Amazon Web Services for hosting, in the UK and EU
  • Google for account sign-in, and for analytics only if you accept analytics cookies
  • Plausible Analytics for privacy-friendly website analytics. Plausible is cookieless, collects only aggregate, anonymous usage data that cannot identify you, and is hosted in the EU
  • Our email provider, for account, billing, and safety notifications

Some providers, such as Stripe, may process data outside the UK. Where they do, the transfer is protected by appropriate safeguards such as Standard Contractual Clauses. We may also disclose data where required by law.

15. Cookies

We use a small number of cookies to keep you signed in and, only with your consent, to understand how the site is used. You can read the full details and change your choice at any time in our Cookie Policy.

16. Contact Us

If you have questions or concerns about this policy, please contact:

hello@haloaware.com

17. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated clearly within the app.