Last updated: March 2, 2026
Welcome to HALO (Holistic Ascension Life Optimization). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the HALO application at app.halo.fit and our marketing site at halo.fit (collectively, the "Service").
We are committed to protecting your privacy and ensuring that your personal data is handled responsibly and in compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws.
Please read this Privacy Policy carefully. By creating an account or using the Service, you acknowledge that you have read and understood this policy.
Data Controller:
Khejan, LLC, d/b/a HALO
Contact: privacy@halo.fit
We collect only the data necessary to provide and improve the Service. The categories of personal data we process are set out below.
When you create an account, we collect:
If you choose to use our health tracking features, we may collect:
Important: Health data constitutes "special category data" under Article 9 of the GDPR. We process this data only with your explicit consent, which you provide when you voluntarily enter this information into the Service. You are never required to use these features, and you may stop using them at any time.
If you choose to use our wealth management features, we may collect:
Financial data receives enhanced security protections as described in Section 7.
If you choose to use family-related features, we may collect:
You are responsible for ensuring that you have the appropriate authority or consent to enter information about other individuals.
If you choose to use home management features, we may collect:
We automatically collect limited technical data necessary to operate the Service:
Under the GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:
| Data Category | Lawful Basis | GDPR Article |
|---|---|---|
| Account data (name, email, password) | Performance of a contract — necessary to provide the Service you have signed up for | Article 6(1)(b) |
| Health and wellbeing data | Explicit consent — you voluntarily provide this special category data by entering it into the Service | Article 6(1)(a) and Article 9(2)(a) |
| Financial data | Performance of a contract — necessary to provide the wealth management features you use | Article 6(1)(b) |
| Goals, habits, tasks, family, and home data | Performance of a contract — necessary to provide the Service features you use | Article 6(1)(b) |
| Technical and security data | Legitimate interest — necessary to maintain the security and integrity of the Service | Article 6(1)(f) |
Where we rely on consent, you have the right to withdraw that consent at any time (see Section 9). Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
We use your personal data exclusively for the following purposes:
We do not use your data for:
We share data with a limited number of third-party service providers, strictly as necessary to operate the Service. We do not sell, rent, or trade your personal data.
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Payment method details, billing information (processed directly by Stripe; we do not store full payment card numbers) |
| Calendar synchronisation (optional) | Calendar event titles, dates, times, and descriptions are exchanged via the Google Calendar API when you connect your Google account. OAuth tokens are stored encrypted. | |
| Cloudflare | Security, DDoS protection, and content delivery | IP addresses and request metadata (processed by Cloudflare as part of web traffic routing) |
Each third-party provider processes data under their own privacy policy and in accordance with their obligations as data processors. We have data processing agreements in place with these providers as required by Article 28 of the GDPR.
Google Calendar integration is entirely optional. If you connect your Google Calendar, you may disconnect at any time from Settings, which revokes our access.
We do not use:
We use only essential session cookies that are strictly necessary for the Service to function. These cookies:
Because these cookies are strictly necessary for the operation of the Service, they do not require consent under the ePrivacy Directive.
We take the security of your data seriously, particularly given the sensitive nature of health and financial information.
Despite our efforts, no method of transmission or storage is 100% secure. If you become aware of any security issue, please contact us immediately at privacy@halo.fit.
We retain your personal data in accordance with the following principles:
We do not retain data longer than necessary for the purposes described in this policy.
All users of the Service have the right to:
If you are located in the European Union, the European Economic Area, or the United Kingdom, you have the following rights under the GDPR:
You can exercise most of these rights directly through the Service:
For any other requests, or if you need assistance, contact us at privacy@halo.fit. We will respond to your request within 30 days as required by the GDPR.
If you believe that we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection supervisory authority.
If your data is transferred outside of the EU/EEA, we ensure appropriate safeguards are in place, such as:
Our third-party providers (Stripe and Cloudflare) maintain appropriate data transfer mechanisms as required by the GDPR.
We do not engage in automated decision-making or profiling as defined under Article 22 of the GDPR. No decisions with legal or similarly significant effects are made about you based solely on automated processing.
Any statistics, charts, or summaries displayed within the Service (such as streak counts, progress bars, or health correlations) are purely informational tools for your personal use and do not constitute profiling or automated decision-making.
The Service is intended for users aged 16 years and older, in accordance with Article 8 of the GDPR. We do not knowingly collect personal data from individuals under 16.
If we become aware that we have collected personal data from a person under 16 without appropriate parental or guardian consent, we will take steps to delete that data promptly. If you believe that a child under 16 has provided us with personal data, please contact us at privacy@halo.fit.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@halo.fit
We aim to respond to all enquiries within 30 days.
| Topic | Summary |
|---|---|
| What we collect | Account info, plus health, financial, goals, habits, tasks, family, and home data you choose to provide |
| Why we collect it | To provide the Service, manage your account, and maintain security |
| Special category data | Health data processed only with your explicit consent |
| Third parties | Stripe (payments) and Cloudflare (security/CDN) only; no data sold |
| Cookies | Essential session cookies only; no tracking cookies |
| Security | Encrypted at rest and in transit; hosted on secure servers |
| Your rights | Access, rectify, erase, restrict, port, object, withdraw consent, export, delete account |
| Retention | Kept while account active; deleted within 30 days of account deletion |
| Age requirement | 16 years and older |
| Automated decisions | None |