HaloScape

Privacy Policy

Last updated: 2025-05-18

Our Privacy Policy

This Privacy Policy describes how HaloScape ("we", "us", or "our") collects, uses, stores, discloses, and protects your personal data, including sensitive health information, when you access or use our mobile application, websites or other digital services (collectively, the "Services"). As a company committed to user privacy, we ensure that the processing of your data is conducted in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) and related U.S. state privacy laws, as well as other relevant international regulations. This policy reflects our dedication to transparency, data security, and your individual rights as a data subject or user of our health platform.

Our Services are designed to help users access digital healthcare, including personalized wellness assessments, symptom checkers, health tracking features, and other tools that may involve the processing of special categories of personal data such as health data, biometric information, contact and identification details, financial data, and user-uploaded content (including photographs). As such, we take special care to apply high standards of privacy and security by design and by default across all our operations.

1.2 Scope

This Privacy Policy applies to all individuals who interact with our Services, including mobile app users, website visitors, registered users, healthcare professionals, and any other individuals whose personal data is collected or processed by us. This includes individuals located in the European Economic Area (EEA), the United Kingdom, the United States, and other jurisdictions in which we operate or from which our Services are accessed.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, you should not use our Services.

1.3 Updates to the Policy

We may revise this Privacy Policy from time to time to reflect changes in our operations, technology, or legal obligations. When we make material changes, we will notify you by sending an email to your registered address (if available), or by posting a prominent notice on our application or website. Unless otherwise stated, changes will become effective immediately after such notification. We encourage you to review this Privacy Policy periodically to stay informed about how we collect and protect your personal data.

2. Information We Collect

In the course of delivering digital health services through our platform, HaloScape collects and processes a range of personal data, including health-related information, financial identifiers, and usage-based technical data. We only collect data that is necessary for the specific purposes outlined in this Privacy Policy and in compliance with applicable legal frameworks such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and other relevant laws.

2.1 Personal Data (as defined under the GDPR)

We may collect the following categories of personal data from users located in the European Economic Area (EEA), the United Kingdom, and other applicable jurisdictions:

  • Identification and contact details, such as your full name, region, email address, phone number and date of birth;
  • Health-related information that you voluntarily provide to us with your explicit consent, including but not limited to symptoms, self-reported conditions, physical measurements, lifestyle data, and wellness goals;
  • Financial and transactional data, such as payment method information (processed through secure third-party payment processors);
  • User-uploaded content, including photographs or images submitted as part of your health profile or consultation.

This data is processed in accordance with Article 6 and, where applicable, Article 9 of the GDPR, with lawful bases including your consent, the performance of a contract, or our legitimate interest in providing and improving our health services.

2.2 Protected Health Information (PHI) (as defined under HIPAA)

If you are a U.S.-based user, we may collect and process Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). This may include, but is not limited to:

  • Medical records, diagnoses, lab results, or clinical history shared with us or generated through your use of HaloScape's services;
  • Information related to billing, and reimbursement;
  • Any other individually identifiable health information that is created, received, stored, or transmitted in the context of providing healthcare or health-related support services.

All PHI is handled in accordance with HIPAA rules and secured through administrative, physical, and technical safeguards, as further outlined in Section 5 of this Policy.

2.3 Non-Personal and Pseudonymized Information

We may also collect and generate certain data that does not, on its own, identify you as an individual ("Non-Personal Information"). This includes:

  • Technical identifiers such as device type, browser version, operating system, language preference, or IP address;
  • Behavioral data such as usage statistics, interaction with app features, crash reports, and system diagnostics;
  • Aggregated or anonymized health analytics used for statistical modeling, service optimization, and research purposes;
  • Pseudonymized data derived from your account, whereby direct identifiers are removed but information remains linkable under secure conditions.

This information is used in a manner that does not re-identify individuals and may be processed to enhance our platform functionality, ensure security, and support algorithmic improvements.

2.4 Sources of Information

We collect personal data from the following sources:

  • Directly from you, when you create an account, complete forms, interact with features, upload content, or otherwise use the HaloScape app and services;
  • Automatically, through cookies, device identifiers, and similar tracking technologies deployed on our website and mobile application, in accordance with your preferences and our Cookie Policy;
  • From third parties, including healthcare providers, diagnostic laboratories, wellness platforms, or advertising networks, but only with your prior consent or where legally permitted.

We ensure transparency regarding the categories and sources of personal data we process, and we offer mechanisms for you to manage your data preferences in accordance with applicable laws.

3. How We Use Your Information

3.1 Lawful Basis for Processing (GDPR)

HaloScape processes your personal data in accordance with the principles and lawful bases set out under the General Data Protection Regulation (GDPR). Depending on the nature of the data and the context in which it is collected, we rely on one or more of the following legal bases:

  • Your explicit consent, particularly in relation to the processing of special categories of data such as health information, biometric data, and your preferences for receiving marketing communications;
  • The performance of a contract, including where processing is necessary to provide you with access to digital health consultations, personalized assessments, or other services offered through the HaloScape platform;
  • Compliance with legal obligations, such as the retention of medical records or disclosures required by applicable health, consumer protection, or data protection laws;
  • Our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms.

3.2 Primary Purposes

We process your personal and health data in order to provide the core functionalities of the HaloScape platform. These include:

  • Delivering digital healthcare services, including real-time consultations, AI-generated insights, wellness scores, and symptom assessments;
  • Creating and maintaining your user account, managing access credentials, and facilitating secure authentication mechanisms;
  • Processing payments and billing details in relation to subscription services, premium features, or reimbursable consultations;
  • Sending you transactional or operational communications relating to your activity, such as appointment confirmations, service updates, or responses to customer support inquiries.

3.3 Secondary Purposes

With your prior and explicit consent, we may also use your personal data for the following secondary purposes:

  • Scientific and algorithmic research, including the development and refinement of AI-driven tools designed to detect patterns in health-related data;
  • Health education and outreach, including sending optional communications such as health tips, product updates, reminders, or promotional offers related to our services;
  • Participation in surveys or user experience studies, where we seek feedback on our services or proposed features.

You have the right to refuse or withdraw your consent for these activities at any time without affecting your access to essential features or care services offered through HaloScape.

4. How We Share Your Information

We understand that the confidentiality of your personal and health information is critical. HaloScape shares your data only when necessary to deliver our Services, meet our legal obligations, or improve user experience and always in accordance with applicable data protection laws and contractual safeguards.

4.1 With Service Providers

We engage a range of carefully selected third-party service providers who assist us in the operation, maintenance, and enhancement of the HaloScape platform. These providers may have access to personal data solely for the purposes of delivering specific services on our behalf, under strict contractual and confidentiality obligations.

Examples of such third parties include:

  • Cloud hosting and storage providers (e.g., Google Cloud) that securely host our infrastructure and encrypted databases;
  • Analytics and performance monitoring tools (e.g., Google Analytics, Meta, TikTok) that help us understand how users interact with our services;
  • Natural language processing and AI support services (e.g., OpenAI, Anthropic) used to enhance automated features — strictly limited to anonymized or pseudonymized data when applicable;
  • Payment processors and financial compliance vendors (e.g., Stripe, Apple, Google) for secure billing, refunds, and subscription management;
  • Customer support and ticketing systems (e.g., Gmail, Mailchimp) for handling user inquiries and technical support.

All such vendors are bound by GDPR-compliant Data Processing Agreements (DPAs).

5. Data Security

HaloScape is committed to ensuring the confidentiality, integrity, and availability of your personal and health data. We implement robust technical and organizational measures to protect against unauthorized access, loss, misuse, alteration, or destruction of data.

5.1 Security Measures

  • Encryption: All personal and health data is encrypted both in transit (e.g., HTTPS/TLS protocols) and at rest (e.g., AES-256 encryption) to prevent unauthorized interception or access.
  • Access Controls: We enforce strict role-based access permissions, ensuring that only authorized personnel with a legitimate business need can access your data.
  • Authentication & Identity Management: Internal systems are secured by multi-factor authentication (MFA), and user-facing systems may offer optional 2FA to enhance account security.
  • Monitoring & Testing: Our infrastructure is routinely tested through penetration testing, vulnerability scanning, and third-party audits.
  • Data Minimization & Segregation: We ensure that data is only stored for as long as necessary, is separated where appropriate, and is pseudonymized or anonymized when used for research or analytics.

5.2 Breach Notification

In the unlikely event of a data breach involving your personal or health information, HaloScape will act swiftly and transparently:

  • Notify affected individuals without undue delay if there is a reasonable likelihood that the breach may result in harm or risk to your rights or freedoms;
  • Report the breach to the appropriate data protection authority within 72 hours of becoming aware of the incident, where required by law;
  • Notify U.S. authorities, including the U.S. Department of Health and Human Services (HHS), in accordance with HIPAA and applicable state breach notification laws where PHI is involved;
  • Document all breach investigations, response measures, and remedial actions in a secure internal register.

6. Your Rights and Choices

6.1 Your Rights under the GDPR (for EU/EEA and UK Residents)

If you are located in the European Union, the European Economic Area, or the United Kingdom, you have the following rights under the GDPR:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to correction (rectification): You can ask us to correct inaccurate or incomplete information.
  • Right to deletion (the "right to be forgotten"): You may request that we erase your personal data, subject to legal and contractual obligations.
  • Right to restrict processing: You may ask us to temporarily limit the processing of your data under certain conditions.
  • Right to object: You can object to processing based on legitimate interest or direct marketing.
  • Right to data portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: If processing is based on your consent, you can withdraw it at any time.

6.2 Your Rights under U.S. Law (HIPAA and CCPA/CPRA)

If you are a resident of the United States, your rights may differ depending on federal and state laws. Under HIPAA, you may request to access or amend your Protected Health Information (PHI). Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), you may request information about what personal data we collect, request deletion, opt out of the sale or sharing of your personal information, and limit the use of sensitive personal data.

6.3 How to Exercise Your Rights

You may exercise your rights by contacting us:

  • Email: privacy@haloscape.health
  • Response time: We will respond within 30 days if your rights fall under GDPR.
  • Verification: For your protection, we may need to verify your identity before fulfilling your request.

We do not discriminate against users who choose to exercise their privacy rights.

7. Data Retention

HaloScape retains personal and health data only for as long as it is necessary to fulfill the purposes for which it was collected, or to comply with our legal, regulatory, and contractual obligations.

  • Health-related data may be retained for periods mandated by health, medical, or insurance laws, including laws applicable under HIPAA, state-specific health laws, or EU/EEA national regulations.
  • Other personal data, such as account credentials, contact details, and service preferences, is retained only for as long as necessary to provide our services or until you request deletion.

When personal data is no longer necessary, we will securely delete or anonymize the data in accordance with industry-standard methods including irreversible data wiping, cryptographic erasure, or transformation into a format that no longer permits identification of any individual.

8. International Data Transfers

HaloScape operates in a global digital environment and may process or store your personal data outside of the country in which you reside. For users located in the European Union or other jurisdictions where international transfers are subject to data protection laws, we use Standard Contractual Clauses (SCCs) approved by the European Commission as the primary legal mechanism to authorize the transfer of personal data to countries outside the EEA.

9. Children's Privacy

HaloScape does not knowingly collect or process personal data from individuals under the age of 18. During account creation, users are required to confirm their date of birth, and our system automatically restricts access for anyone indicating an age below 18.

Our services are not intended for use by children under the age of 16 in the European Union (or under 13 in the United States) unless verifiable parental or legal guardian consent is obtained in advance.

To exercise rights related to a child's data, please contact us at privacy@haloscape.health.

10. Contact and Compliance Information

10.1 Data Protection Officer (DPO)

For users located in the European Union, European Economic Area (EEA), or the United Kingdom, HaloScape has appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and GDPR compliance.

  • Email: dpo@haloscape.health
  • Address: RealWorks Teknoloji A.Ş., Yildiz Mahallesi, Asariye Cami Cikmazi Sokak, No:5, Besiktas – Istanbul, 34349, Turkiye

10.2 Filing Complaints

If you are dissatisfied with how we handle your personal data, you have the right to escalate your concerns:

  • EU/EEA/UK Users: You may contact your national data protection authority or reach out directly to our DPO.
  • U.S. Users: You may contact us via the details above or file a complaint with the U.S. Department of Health and Human Services Office.
  • Turkish Users: You may file a complaint with the Kisisel Verileri Koruma Kurumu (KVKK).
  • Australian Users: You may raise a complaint with the Office of the Australian Information Commissioner (OAIC).
  • Other Jurisdictions: Please contact your relevant national or regional data protection authority.

11. Cookies and Tracking Technologies

HaloScape uses cookies and similar tracking technologies on our website and mobile application to ensure secure functionality, improve your user experience, analyze usage, and deliver personalized content where permitted by law.

For detailed information about the types of cookies we use, how long they are stored, and how you can manage your cookie preferences, please refer to our Cookie Policy.

Join the movement.

Start your 7-day free trial today.

Download for iOSDownload for Android