Privacy Policy
Last updated: May 25, 2026
Halo Guest ("we", "us", "our") is a mobile application that turns a QR code into a hospitality concierge for the venue you're visiting. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have.
By using Halo Guest, you agree to the practices described here. If you do not agree, please do not use the app.
1. Information we collect
1.1 Information you provide directly
- Display name (optional). When you start a session, we may ask what to call you. You can skip this. If you provide it, we use it only to personalise greetings and chat messages.
- Chat messages. Text you send to the Halo AI assistant or to venue staff is transmitted to our backend and the venue you're visiting so they can respond.
- Feedback. If you send feedback through the app, we store it to improve the service.
- Payment details. If you pay through the app, card details are entered directly into our payment processor's secure form (Stripe) — we do not see or store your card number. We receive only a confirmation token and the transaction amount.
1.2 Information collected automatically
- Session token. When you scan a QR, we create a short-lived session tied to your visit. It expires when your visit ends.
- Device identifier (for push notifications). If you allow push notifications, we register an anonymous device token with Firebase Cloud Messaging so the venue can notify you when your order is ready or staff replies.
- Approximate or precise location. Only when you request a feature that needs it (such as room delivery or verifying you're at the venue). We do not track your location in the background.
- Diagnostic data. If the app crashes or hits a performance issue, the operating system may send Apple or Google a crash report that helps us fix bugs. This is anonymous and standard for mobile apps.
- Order and request history. Items you order, service requests you make, and Q&A interactions are stored against your session so the venue staff can fulfil them and so you can see your history during the visit.
1.3 What we do NOT collect
- We do not collect your email address, phone number, or postal address.
- We do not collect your contacts, calendar, photos, or microphone unless you explicitly grant permission for a feature that needs it.
- We do not use third-party analytics or advertising SDKs.
- We do not track you across other apps or websites.
- We do not sell your data to anyone.
2. How we use your information
We use the information described above to:
- Provide the core features of the app — showing the menu, taking orders, processing payments, routing chat to AI or staff, and delivering push notifications.
- Maintain a secure session for the duration of your visit.
- Improve the service by analysing aggregate usage patterns and fixing bugs.
- Comply with legal obligations.
3. Who we share your information with
We share information only with the parties needed to deliver the service:
- The venue you're visiting. Your orders, requests, chat messages, and any name you provide are shared with the hotel, restaurant, or other venue so staff can serve you.
- Stripe — to process payments. Stripe's privacy policy is available at stripe.com/privacy.
- Firebase / Google Cloud — to deliver push notifications. Google's privacy policy is available at policies.google.com/privacy.
- Apple — to deliver push notifications on iOS and to receive standard crash reports.
- Law enforcement — if we are legally required to disclose information by a valid order from a competent authority.
We do not share your information with advertisers or data brokers.
4. How long we keep your information
- Session data is kept while your visit is active and for a short retention window afterwards so the venue can resolve any disputes (typically the length of your stay plus 30–90 days).
- Order and payment records are kept by the venue and by us for the period required by applicable tax and consumer-protection law.
- Chat history tied to your session is kept for as long as the session is active and may be retained in anonymised form for service improvement.
- Diagnostic and crash data is kept by Apple, Google, or us for up to 12 months.
5. Your rights
Depending on where you live, you may have the right to:
- Request a copy of the information we hold about you.
- Ask us to correct or delete that information.
- Object to certain processing or withdraw consent (where processing is based on consent).
- Lodge a complaint with your local data-protection authority.
To exercise these rights, contact us using the details in the Contact section. We will respond within the timeframe required by applicable law.
6. Children
Halo Guest is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable age of consent). We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will delete it.
7. Security
We use industry-standard security measures to protect information in transit (TLS) and at rest. Payment details never reach our servers in plain form. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. International transfers
Our servers and the servers of our service providers (Stripe, Google, Apple) may be located outside the country where you use Halo Guest. By using the app, you consent to your information being transferred to and processed in those countries, subject to appropriate safeguards.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be flagged inside the app the next time you start a session.