Halo — Privacy Policy
Last updated: May 19, 2026
Halo (“the App”) is a Home Assistant companion for iPhone, iPad, and Mac, developed by Albert Lo (“we”, “us”). This Privacy Policy explains what data the App handles and how it is stored. We do not operate a backend server. The App talks directly to your own Home Assistant installation and to Apple iCloud — nothing flows through us.
TL;DR
- We do not collect, see, or store any of your data on our servers — we don’t have any.
- Your Home Assistant URL and long-lived access token live on your device (iOS Keychain) and, if iCloud is enabled, sync between your Apple devices via your private iCloud account.
- We do not use third-party analytics, advertising, or crash-reporting SDKs.
- We do not track you across apps or websites.
What data the App handles
| Data | Where it lives | Why |
|---|---|---|
| Home Assistant server URL (local/remote) | On device + your iCloud (via Apple CloudKit) | So Halo can reach your Home Assistant |
| Home Assistant long-lived access token | iOS Keychain (encrypted at rest by Apple); if iCloud Keychain is enabled by you in Settings, Apple syncs it between your devices | To authenticate API calls to your Home Assistant |
| Dashboard layouts, tile configurations, app settings | On device + your iCloud (via Apple CloudKit) | To keep your Halo setup in sync across your iPhone, iPad, and Mac |
| Entity registry cache (the list of devices in your Home Assistant) | On device only | Offline tile rendering |
| Face ID prompt response | Handled entirely by iOS; never sent to us | Optional confirmation before arming/disarming the alarm |
| In-App Purchase receipts | Handled by Apple’s StoreKit; we never see your payment info | To unlock Halo PRO features |
Halo connects directly to:
- Your Home Assistant server (local network or remote URL you provided). All home-automation data — sensor readings, device states, camera streams — flows over that connection. We do not see this data.
- Apple iCloud / CloudKit (your private iCloud container, in your Apple ID). Apple’s privacy terms apply: https://www.apple.com/legal/privacy/.
- Apple StoreKit for in-app purchases.
No data is sent to any other server.
What we do NOT do
- No third-party analytics SDKs (no Firebase, no Sentry, no Crashlytics, no Mixpanel, no Amplitude, no Datadog, no PostHog).
- No advertising SDKs. The App contains no ads.
- No “tracking” in the App Tracking Transparency sense.
- No background location.
- No reading of your contacts, photos, calendars, microphone, or camera (beyond optionally displaying Home Assistant camera entities, which stream directly from your Home Assistant).
Children’s privacy
Halo is not directed at children under 13. We do not knowingly collect any information from anyone, including children.
Data deletion
Because we don’t hold any of your data, there is nothing for us to delete. To remove your Halo data:
- Delete the app from your device.
- In Settings → Apple ID → iCloud → Manage Account Storage, remove “Halo” from your iCloud storage. This deletes the connection profile, dashboard layouts, and settings synced via CloudKit.
- Revoke the Home Assistant long-lived access token from your Home Assistant profile page if you want to invalidate it server-side.
Changes to this policy
If the App ever starts collecting new categories of data, we will update this page and bump the “Last updated” date above. Material changes will be highlighted in the app’s release notes.
Contact
Questions or requests about privacy: hello@createhalo.app