Privacy Policy

Last updated: May 13, 2026

1. Who we are

Halo ("we," "us," "our") is operated by an individual based in New York, USA. We can be reached at hello@haloskin.co.

2. What this policy covers

This Privacy Policy describes how we collect, use, store, and disclose information when you use the Halo mobile application (the "App").

3. Information we collect

We aim to collect the minimum information needed to operate the App. Most of what you enter into the App stays on your device.

Stored only on your device (never transmitted to us):

• Your first name, if you enter one during onboarding
• Your stated skin concerns (e.g., "hormonal breakouts," "sensitive skin")
• Your scan history and saved products
• Your notification preferences
• Your free-tier scan count

Information transmitted when you scan a product:

• The product barcode is sent to our product database (Supabase) to look up the matching product
• When you scan an ingredient label with the camera, text is recognized on your deviceusing Apple's Vision framework — the image itself never leaves your device

Information transmitted when you contribute a product:

• The barcode, recognized ingredient text, and (optional) product name, brand, and category you provide
• Contributions may be submitted anonymously (we do not require an account)

Information transmitted when you subscribe:

• Subscription state, anonymous user identifier, receipt data, and basic device information are handled by RevenueCat and Apple for purchase processing

Anonymous in-app analytics:

• We collect anonymous event records to understand how the App is used (e.g., "onboarding completed," "paywall shown," "scan finished"). Each event includes: a random per-device identifier (generated on first launch and stored in iCloud Keychain — never linked to your name, email, or any identifiable data), the event name, your current subscription tier (free or pro), a timestamp, and a small set of non-identifying properties about the event. These events are processed by PostHog (see § 7). We do not use this data to build advertising profiles or to track you across other apps or websites.

Information we do NOT collect:

• Photos or images from your camera or photo library
• Your real name, email, address, phone number, or precise location
• Contacts, microphone audio, health records, or browsing history
• Advertising identifiers (IDFA), cross-app tracking SDKs, or any data used to profile you for ads
• "Session replay" video, screen recordings, or keystrokes

4. How we use information

We use information to:

• Look up scanned products and return their ingredient scores
• Improve our product database when you contribute a scan
• Process subscription purchases and restore prior purchases
• Comply with legal obligations

We do not sell or share your personal information to third parties for advertising, and the App contains no advertising or analytics SDKs beyond the anonymous in-app analytics described above.

5. Camera and photos

The App uses your device camera to scan barcodes and ingredient lists. Images are not transmitted to our servers or to any third party. Barcode decoding and ingredient-text recognition (OCR) both run locally on your device using Apple's AVFoundation and Vision frameworks. Only the resulting barcode digits or recognized text (if you choose to contribute) are sent to our database. The App does not access your photo library.

5a. Notifications

Notifications shown by the App (daily scan reminders, free-trial nudges) are scheduled and delivered locally on your devicevia Apple's UserNotifications framework. No push notification servers are involved, and no notification content is transmitted off-device. You can disable notifications at any time in the App's Settings or in iOS Settings.

6. Acne Trigger Score — important disclaimer

The Acne Trigger Score is informational only and is not medical advice. Scores reflect publicly available research on ingredients commonly associated with acne, weighted by our scoring methodology. Individual reactions to ingredients vary. We are not a medical provider and the App is not a substitute for diagnosis or treatment by a licensed dermatologist.

7. Service providers (sub-processors)

We rely on a small set of service providers to operate the App. The data each receives is limited to what they need for their function:

• Supabase, Inc. — hosts our product and ingredient database and stores anonymous user contributions. Receives: scanned barcodes (for lookup), and contributed scan data (barcode, recognized ingredient text, optional product/brand/category).
• RevenueCat, Inc. — processes subscription state, receipt validation, and entitlement checks. Receives: an anonymous user identifier, Apple receipt data, and basic device metadata as required for purchase verification.
• PostHog Inc. — receives anonymous in-app event records described above. Receives: anonymous device identifier, event names, subscription tier, timestamps, and small non-identifying event properties. Does not receive your name, email, location, advertising identifiers, or cross-app identifiers. PostHog is configured with session replay disabled and cross-app tracking disabled.
• Apple Inc. — processes all App Store payments, handles subscription billing, and (when iCloud Keychain is enabled by you) syncs your in-app scan quota and anonymous device identifier across your devices.

We do not share information with brand owners, advertisers, or data brokers. We may also disclose information when required by law, legal process, or to prevent harm, or in connection with a corporate transaction (merger, acquisition), in which case successor entities will be bound by this policy.

8. Data retention

Most of your data — your name, scan history, saved products, and preferences — is stored only on your device in local storage (SwiftData and UserDefaults). It is automatically removed when you delete the App.

Anonymous product contributions you submit are retained indefinitely as part of our community-maintained product database (with personally identifying information removed). Subscription records are retained by Apple and RevenueCat according to their own policies for accounting and audit purposes.

9. Your rights

Depending on your jurisdiction, you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data
• Object to or restrict processing
• Data portability
• Withdraw consent

To exercise these rights, contact hello@haloskin.co. Note that because most of your data is stored only on your device, the fastest way to exercise deletion rights is to delete the App, which removes all locally stored data. For data we do hold (anonymous contributions, subscription records via RevenueCat), email us and we will respond within 30 days.

If you are located in the EU/UK, our legal bases for processing are: (a) performance of a contract, (b) legitimate interests in operating and improving the App, and (c) consent where applicable.

If you are located in California, you have rights under the CCPA/CPRA, including the right to know, delete, and opt out of "sale" of personal information (we do not sell).

10. Children

The App is not directed at children under 13. We do not knowingly collect data from children under 13. If we learn we have, we will delete it.

11. Security

We use industry-standard safeguards (encryption in transit, access controls). No system is fully secure; we cannot guarantee absolute security.

12. International transfers

Information may be processed in countries other than your own, including the United States. Where required, we put in place appropriate safeguards (e.g., Standard Contractual Clauses).

13. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated in-app or via the email associated with your account. Continued use after changes means you accept the updated policy.

14. Contact

Questions? hello@haloskin.co