Data Protection Impact Assessment

This Data Protection Impact Assessment has been prepared by Khejan, LLC, d/b/a HALO, in accordance with Article 35 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"). It assesses the risks to the rights and freedoms of individuals arising from the processing of personal data within the HALO application.

1. Assessment Overview

Project name	HALO (Holistic Ascension Life Optimization)
Date	23 February 2026
Assessor	HALO Data Protection Team
Review date	23 August 2026 (6-month review cycle)
Status	Approved

2. Description of Processing

2.1 What data is processed?

Category	Data Types	Special Category?
Account data	Name, email, hashed password	No
Health & wellbeing	Hydration, fitness, mood, sleep, pain, nutrition, energy, medications, triggers	Yes (Article 9 GDPR)
Financial data	Accounts, transactions, budgets, recurring expenses, debt	No (but sensitive)
Goals & habits	Goal details, habit tracking, streak data	No
Tasks	Task details, priorities, time tracking, subtasks	No
Family	Member names, events, meals, recipes, activities, memories	No
Home	Maintenance, projects, cleaning, documents, utilities, service providers	No
Technical	Session cookies, IP addresses, browser type, access timestamps	No

2.2 Why is data processed?

To provide a personal life management platform that helps users track and improve various aspects of their lives
To authenticate and secure user accounts
To deliver notifications and reminders configured by users
To enable optional integrations (Google Calendar, Stripe payments)

2.3 How is data collected?

Directly from users — all personal data is voluntarily entered by the user through the application interface
Automatically — limited technical data (session cookies, server logs) collected for security purposes
From third parties — calendar events from Google Calendar (only when the user explicitly connects their account)

2.4 Who has access to the data?

Role	Access Level
Data subject (user)	Full access to their own data
Team members (if shared)	Access governed by role: Admin, Member, or Viewer
System administrators	Restricted to operational necessity
Sub-processors	Limited to their specific function (see Section 5)

2.5 Data retention

Active data retained while account is active
All personal data permanently deleted within 30 days of account deletion
Server logs retained for a limited period for security, then auto-deleted
Encrypted backups purged per rotation schedule, no later than 30 days after deletion

3. Necessity and Proportionality Assessment

3.1 Lawful basis

Data Category	Lawful Basis	GDPR Article
Account data	Contract performance	Article 6(1)(b)
Health data	Explicit consent	Article 6(1)(a) + Article 9(2)(a)
Financial data	Contract performance	Article 6(1)(b)
Other module data	Contract performance	Article 6(1)(b)
Technical data	Legitimate interest	Article 6(1)(f)

3.2 Is the processing necessary?

Yes. Each category of data is directly necessary for providing the specific feature the user has chosen to use. Users select which modules to enable and voluntarily enter data into each module. No data is collected beyond what is required for the features in use.

3.3 Is the processing proportionate?

Yes. The following measures ensure proportionality:

Data minimisation — Only data directly relevant to each feature is collected
Module opt-in — Users enable only the modules they want; disabled modules collect no data
No profiling — No automated decision-making or profiling (Article 22)
No advertising — Data is never used for advertising, marketing profiling, or sold to third parties
No third-party tracking — No analytics tracking, advertising networks, or social media pixels

4. Risk Assessment

4.1 Risk Matrix

Risk	Likelihood	Severity	Overall	Mitigation
Unauthorised access to health data	Low	High	Medium	Encryption at rest and in transit, role-based access, strong authentication
Data breach exposing financial data	Low	High	Medium	Encryption, Cloudflare DDoS protection, security monitoring, 72hr breach notification
Unauthorised access via stolen credentials	Medium	High	Medium	Password hashing, session management, CSRF protection
Data loss	Low	Medium	Low	Encrypted backups, database redundancy
Cross-team data leakage	Low	Medium	Low	Team-scoped queries, role-based policies on all models
Third-party sub-processor breach	Low	Medium	Low	DPA with all sub-processors, limited data sharing, encrypted tokens
Excessive data collection	Very Low	Medium	Low	Module opt-in design, data minimisation principle
Re-identification of anonymised data	Very Low	Low	Very Low	Aggregated analytics only, no individual tracking

4.2 Special Category Data Risks (Health Data)

Health data poses elevated risk due to its sensitive nature under Article 9 of the GDPR.

Specific risks:

Disclosure of health conditions could lead to discrimination
Mood and mental health data is particularly sensitive
Medication tracking reveals medical conditions

Specific mitigations:

Explicit consent obtained when users voluntarily enter health data
Health module is opt-in (users can disable it)
Medical disclaimer displayed prominently: "HALO is not a medical device"
No health data shared with any third party
Health data encrypted at rest alongside all other data
Users can delete individual health records or entire health data at any time

5. Third-Party Sub-processor Assessment

5.1 Stripe (Payment Processing)

Data shared	Billing information, payment method details
Risk level	Low — Stripe is PCI DSS Level 1 certified
Safeguards	HALO never stores full card numbers; Stripe handles payment data directly
Transfer mechanism	EU-US Data Privacy Framework

5.2 Cloudflare (Security & CDN)

Data shared	IP addresses, request metadata (as part of web traffic)
Risk level	Low — limited data exposure, security-focused processing
Safeguards	Standard Contractual Clauses in place
Transfer mechanism	SCCs + supplementary measures

5.3 Google (Calendar Sync — Optional)

Data shared	Calendar event titles, dates, times, descriptions; OAuth tokens
Risk level	Low — optional integration, user-controlled
Safeguards	OAuth tokens encrypted at rest, user can disconnect at any time
Transfer mechanism	EU-US Data Privacy Framework

6. Measures to Mitigate Risks

6.1 Technical Measures

Encryption in transit — TLS/HTTPS on all connections
Encryption at rest — All stored data encrypted
Password security — Strong one-way hashing (bcrypt)
Session security — CSRF tokens, secure session cookies
Access control — Role-based team permissions (Admin/Member/Viewer)
DDoS protection — Cloudflare protection layer
Input validation — Server-side validation on all inputs
SQL injection prevention — Parameterised queries via Eloquent ORM
XSS prevention — Vue.js automatic output escaping

6.2 Organisational Measures

Access restricted to authorised personnel on need-to-know basis
Regular security reviews and updates
Incident response procedures documented
Data processing agreements with all sub-processors
Privacy policy and terms of service publicly available
Data protection impact assessment reviewed every 6 months

6.3 User Controls

Module opt-in/opt-out at any time
Data export in CSV/ZIP format
Account deletion with full data erasure within 30 days
Disconnect external integrations at any time
Notification preferences configurable
Consent withdrawal for health data processing

7. Conclusion

This assessment concludes that the processing of personal data within HALO can proceed, subject to the implementation and maintenance of the technical and organisational measures described in Section 6.

The residual risk to data subjects is acceptable given:

Data minimisation is embedded in the application design
Special category data (health) is processed only with explicit consent and additional safeguards
Strong technical security measures are in place
No data is used for advertising, profiling, or sold to third parties
Users have full control over their data, including export and deletion

Review Schedule

This DPIA will be reviewed:

Every 6 months as a scheduled review
When there is a significant change to the nature, scope, context, or purposes of processing
When a new sub-processor is engaged
Following any data breach incident

8. Contact

For questions about this assessment:

Email: privacy@halo.fit