Privacy Policy

Effective date: 2026-05-17 Last updated: 2026-06-05

1. Introduction and Scope

This Privacy Policy explains how Halora ("the App", "we", "us", "our") handles information when you use the Halora iOS application. Halora is operated by:

Lennox Kornmann Germany Email: halorasupport@gmail.com

We respect your privacy and have designed Halora to collect as little information as possible. The core of the App runs entirely on your device. The only personal data we ever process is what you choose to provide by optionally signing in, and what is needed to validate your one-time Halora Pro purchase.

This Privacy Policy applies to your use of the Halora iOS App distributed via the Apple App Store. It does not apply to any third-party services or websites that may be linked from the App.

2. Data We Collect (and Do Not Collect)

Data we do NOT collect

Halora has been built around the principle of data minimisation. We do not:

Data processed on your device only

The App processes the following information locally on your iPhone, without transmitting it anywhere:

Account data (only if you choose to sign in)

Signing in is completely optional and exists solely to sync your Halora Pro unlock and your settings across your devices. You can use the entire App as a guest without providing any of the data below. If you choose Sign in with Apple or Sign in with Google, we collect:

This account data is stored on our behalf by Supabase (our authentication and database provider; see section 5), which acts as our data processor and hosts the data in the European Union. You can delete your account and all associated data at any time from Settings → Account → Delete Account.

Data processed by Apple and our purchase processor

When you buy the optional one-time Halora Pro purchase, the following limited information is processed:

This information is processed by RevenueCat, Inc. as our data processor (see section 5).

For App Store privacy-label purposes, Halora declares "Purchases" as collected because RevenueCat processes purchase transaction data on our behalf to verify your Halora Pro entitlement. For guest users this is not linked to your real identity; for signed-in users it is associated with your account ID.

Apple itself processes payment information when you make a purchase. Halora never sees or stores your payment details. Please refer to Apple's Privacy Policy for details: https://www.apple.com/legal/privacy/

3. Data We Share

We share data only as strictly necessary to operate the App:

RecipientPurposeData SharedTheir Policy
Apple Inc.App distribution and In-App Purchase processingManaged by Apple under its own policyhttps://www.apple.com/legal/privacy/
RevenueCat, Inc.One-time purchase entitlement validationApp user ID, purchase transaction eventshttps://www.revenuecat.com/privacy
Supabase, Inc.Optional account sign-in and cross-device sync (EU-hosted)Name, email, account user ID — only if you sign inhttps://supabase.com/privacy

We do not share data with advertisers, data brokers, or any other third party. We do not sell personal information.

If you have explicitly enabled crash and analytics sharing in iOS Settings (Settings > Privacy & Security > Analytics & Improvements > Share With App Developers), Apple may share aggregated, anonymised crash reports with us. This is a setting you control entirely through iOS; Halora does not contain its own crash-reporting SDK.

4. Permissions We Request

Halora requests the minimum iOS permissions needed to function:

You may revoke either permission at any time in iOS Settings > Privacy & Security. Revoking camera access will disable the App's core functionality; revoking Photos access will prevent saving captured media.

5. Third-Party Services

Supabase (optional account sign-in)

If you choose to sign in, we use Supabase to authenticate you (Sign in with Apple / Google) and to store your account record so your Halora Pro unlock and settings sync across devices. Under the GDPR, Supabase acts as our data processor (Auftragsverarbeiter). Supabase stores your name, email address and account user ID, and hosts this data in the European Union. See https://supabase.com/privacy. You can delete this data at any time via Settings → Account → Delete Account.

RevenueCat (purchase validation)

We use RevenueCat to validate Apple In-App Purchase receipts and manage your Halora Pro entitlement. Under the GDPR, RevenueCat acts as our data processor (Auftragsverarbeiter) on the basis of a written data processing agreement.

RevenueCat receives only:

RevenueCat does not receive your name, email address, payment details, photos, or videos.

RevenueCat is based in the United States. See its privacy policy at https://www.revenuecat.com/privacy and its security and compliance information at https://www.revenuecat.com/security.

Apple In-App Purchase

All payments are processed by Apple. Halora never receives or stores your payment card or Apple ID credentials. See https://www.apple.com/legal/privacy/.

6. Children's Privacy

Halora is rated 4+ in the App Store. The App is suitable for general audiences and does not contain content directed at children.

We do not knowingly collect personal information from children under the age of 16 (or the applicable age in your jurisdiction). Because Halora can be used fully without an account, most users provide no personal data at all.

In-app purchases require either the user's Apple ID password or a parent's approval through Apple's Family Sharing and Ask to Buy features. Parents are encouraged to use Apple's parental control and Screen Time settings to manage in-app purchases on a child's device.

If you believe that a child has provided personal data to us, please contact halorasupport@gmail.com and we will take reasonable steps to delete it.

7. Your Rights

Under the EU General Data Protection Regulation (GDPR) and similar laws (including the UK GDPR, the Swiss FADP, Brazil's LGPD, and the California Consumer Privacy Act/CPRA), you have the following rights regarding your personal data:

If you signed in, you can exercise your right to erasure directly in the App via Settings → Account → Delete Account, which deletes your account and associated data from Supabase. You can also email halorasupport@gmail.com for any request, including resetting or deleting the purchase app user ID held by RevenueCat.

California residents (CCPA/CPRA)

If you are a California resident, you also have the right to:

To exercise any of these rights, contact halorasupport@gmail.com. We will respond within the timeframes required by applicable law.

Supervisory authority

EU/EEA residents have the right to lodge a complaint with their local data protection supervisory authority. The competent authority for the operator is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit (or the supervisory authority of the operator's federal state in Germany)

8. International Data Transfers

Your optional account data is stored with Supabase in the European Union, so account sign-in does not, by itself, involve a transfer outside the EU/EEA.

RevenueCat, Inc. is established in the United States. When we transmit app user IDs and purchase transaction information to RevenueCat, this constitutes a transfer of data to a third country in the meaning of GDPR Articles 44 et seq. We rely on the following safeguards for this transfer:

For details, see RevenueCat's processing terms at https://www.revenuecat.com/dpa and its privacy notice at https://www.revenuecat.com/privacy.

Apple processes data globally under its own legal framework; see https://www.apple.com/legal/privacy/.

9. Retention

10. Security

We apply reasonable technical and organisational measures to protect any data we process:

No security measure can be guaranteed to be perfect; however, given how little personal data we process, the practical risk from a Halora-side breach is limited.

11. Legal Bases for Processing (GDPR)

Where the GDPR applies, our legal bases for processing are:

You may withdraw consent at any time by deleting your account, or by revoking the relevant permission in iOS Settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document indicates when the policy was last revised. Material changes will be communicated within the App or by updating the policy at https://halora-app.pages.dev/privacy.

Continued use of the App after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

13. Contact

If you have any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact:

Lennox Kornmann Email: halorasupport@gmail.com Web: https://halora-app.pages.dev

We will respond to verifiable requests within the timeframes required by applicable law (typically within one month under GDPR).