Your contacts. Your data. Your call.
Plain English. Last updated 14 May 2026.
1. Who we are
This notice describes how Haloop Pte. Ltd. (“Haloop”, “we”, “us”) handles personal data when you use the Haloop mobile app, our site at haloop.ai, or interact with us directly.
Haloop Pte. Ltd.
UEN: 202620083C
23-02 152 Beach Road
Singapore 189721
We are a Singapore-incorporated company. We process personal data under the Personal Data Protection Act 2012 (PDPA) and, where applicable, the EU/UK GDPR.
2. What we collect
Information you give us
- Account information — name, email, phone number, profile photo when you sign up.
- Contacts you add — names, phone numbers, email, photos, birthdays, notes, conversation history, tags and preferences you record about people in your network.
- Messages and drafts — the messages Lumo helps you draft and any conversation history you choose to save.
- Form responses — waitlist signups, contact form messages, beta feedback.
Information we collect automatically
- Device and usage data — device model, OS version, app version, crash logs, feature usage, IP address.
- Location — only when you actively use “near you” features. We ask permission first; you can revoke it anytime in device settings.
- Cookies and similar — see Section 10.
Information from third parties
- Sign-in providers — if you sign in with Google or Apple, we receive your email and basic profile per your authorization.
3. Why we collect it
We use your personal data only for purposes you’d reasonably expect:
- Provide the service — sign you in, store your contacts, send you reminders, draft messages.
- Personalize the experience — surface relevant cultural moments, suggest the right language for a draft.
- Communicate with you — beta invites, service announcements, replies to your support requests.
- Improve the product — diagnose crashes, understand which features matter, make Lumo better at his job.
- Security and fraud prevention — detect abuse, comply with legal obligations.
We do not use your personal data, your contacts, or your conversations to train general-purpose AI models for anyone else.
4. About the contacts you upload
When you add someone to Haloop, you are sharing their personal data with us. You must have a reasonable basis to do so — typically your personal or family relationship with that person, or their consent.
We handle uploaded contacts on your behalf. We treat that information as confidential, do not sell or share it for marketing, and delete it when you delete the contact or close your account.
5. Who we share it with
We do not sell, rent, broker, or syndicate your personal data. Ever.
We do work with carefully chosen service providers (“data intermediaries” under PDPA) who process data on our behalf under written contracts:
| Provider | Purpose | Region |
|---|---|---|
| Google Cloud / Firebase | Authentication, app infrastructure | Singapore |
| Supabase | Database hosting | Singapore |
| Cloudflare | CDN, image storage, anti-abuse | Global (configured for Asia-Pacific) |
| OpenAI | Drafting messages, language understanding | United States |
| Resend | Transactional email (invites, notifications) | United States |
| PostHog | Privacy-respecting product analytics | United States |
We require each provider to maintain protections at least equivalent to PDPA standards.
We may also disclose personal data when required by law, court order, or a valid request from a competent authority.
6. International transfers
Most of your data stays in Singapore. Some processing (drafting via OpenAI, transactional email via Resend, analytics via PostHog) happens in the United States. We rely on standard contractual safeguards to ensure protections travel with the data.
7. How long we keep it
| Data | Retention |
|---|---|
| Account, contacts, messages | While your account is active, plus up to 30 days after deletion to allow recovery |
| Crash logs and aggregated usage | Up to 12 months, then anonymised |
| Marketing site signups (waitlist, contact form) | Until you ask us to delete, or 24 months of inactivity |
| Backups | Rolling 30-day window, then overwritten |
When you delete your account, all personal data is removed from active systems within 30 days and from backups within the rolling backup window above.
8. How we protect it
- All data encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Database row-level security — users can only access their own data.
- Strict role-based access for staff, audited regularly.
- Hosted in Singapore data centres with industry-standard physical security.
- Independent security review before public launch.
No system is perfectly secure. If we ever experience a breach affecting your personal data, we will notify you and the PDPC promptly, as required by law.
9. Your rights and choices
Under PDPA you have the right to:
- Access the personal data we hold about you.
- Correct anything that’s inaccurate.
- Withdraw consent for any specific use (note: this may limit what Haloop can do for you).
- Delete your account and personal data — in-app, no email required.
To exercise any of these, email support@haloop.ai. We’ll respond within 30 days.
If you’re in the EU/UK and GDPR applies to you, you additionally have the right to data portability and to lodge a complaint with your national supervisory authority.
If you’re in Singapore and we don’t resolve a concern to your satisfaction, you may contact the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.
10. Cookies and analytics
The marketing site uses minimal cookies for essential function (language preference) and PostHog for privacy-respecting analytics (page views, no cross-site tracking, no ad-network sharing). We don’t run ad-network trackers.
The Haloop mobile app does not use cookies. It does collect crash and performance diagnostics, which you can opt out of in app settings.
11. Children
Haloop is intended for users 13 years and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us personal data, email support@haloop.ai and we will delete it.
12. Changes to this notice
We’ll update this notice as Haloop evolves or as laws change. Material changes will be announced in-app or by email. The “Last updated” date at the top always reflects the most recent revision.
13. Contact us
Data Protection Officer
Haloop Pte. Ltd.
Email: support@haloop.ai
Post: 23-02 152 Beach Road, Singapore 189721