PRIVACY POLICY

Halo — Privacy Policy

Your meetings never leave your device.

Last updated: July 2026

Halo (“Halo,” “we,” “us”) is a Windows desktop application that detects AI face-swap deepfakes in your video meetings. This policy explains what data Halo handles, where it stays, and the few cases where something leaves your computer.

Our guiding principle: your meetings never leave your device. Halo analyzes video locally, on your own machine. The only data that leaves your computer is (1) what's required to sign you in and (2) anything you deliberately send us (like a bug report).

1. The short version

WhatWhere it livesLeaves your device?
Meeting video / snapshots / facesIn memory, briefly, on your deviceNo — analyzed then discarded
Detection results & historyLocal disk (%LOCALAPPDATA%\Halo\)No
Evidence frames (if saved)Local diskNo
Meeting recordings (if enabled)Local diskNo
Sign-in identity (email, provider, session tokens)Local Windows Credential Manager + our identity backendYes — to sign you in
Bug reports you submitOur support databaseYes

We do not collect analytics or usage telemetry. We do not sell or share personal data. There is no advertising in Halo.

2. What Halo does on your device (and never sends)

To detect deepfakes, Halo takes a snapshot of your meeting window every couple of seconds and checks each face on your device's processor (the on-device NPU on Snapdragon hardware, or the CPU otherwise). This all happens locally:

  • Video and snapshots are transient. A snapshot is held in memory only long enough to analyze it, then discarded. It is never written to disk and never uploaded.
  • Faces and biometric data are not stored or transmitted. Halo does not build a face database, does not perform cross-session face recognition, and does not send any facial image or embedding off the device.
  • Detection results stay local. When a call runs, Halo records session metadata on your disk — when the call started, how long it lasted, and what it flagged — so you can review it later under History. This lives in %LOCALAPPDATA%\Halo\ (including a local halo.db database) and is never uploaded.

If you uninstall Halo or delete the %LOCALAPPDATA%\Halo\ folder, this local data is gone.

3. Sign-in and identity (data that does leave your device)

Halo requires you to sign in. Sign-in is handled by our identity backend at dek.halo.scam.ai, which verifies your chosen provider and issues Halo a session token. Depending on how you sign in, we receive and store:

  • Your email address and the sign-in provider (e.g. Google, GitHub, or email/password).
  • Whether your email is verified.
  • A password hash (only if you register with email + password; we never store your raw password).
  • Session and refresh tokens, so you stay signed in. These are stored on your device in Windows Credential Manager (under Halo.Auth.*) and referenced by our backend.

We use this only to authenticate you and to authorize the app to run its on-device detection models. We do not use it for advertising or profiling. Server logs record only a one-way HMAC of your identifier, never your raw email.

4. Bug reports you submit

If you use Help → Report a bug (in the app) or the bug-report form on our website, the details you submit are sent to and stored in our support database so we can investigate. A bug report includes:

  • The category, summary, and description you type. Please don't paste sensitive personal information into these fields.
  • Any files you choose to attach — screenshots, logs, or short clips. These are uploaded to our private support storage. Only attach what you're comfortable sharing; a screenshot you add may itself contain personal information. Nothing is attached automatically — you pick each file.
  • Environment diagnostics the app attaches: Halo version, Windows version, device architecture, and whether protection was running. This never includes meeting video, audio, images, or face data.
  • Your email — your account email when you're signed in, or the email you enter on the website form — so we can follow up.

We use bug reports solely for support and product improvement. This (and the files you attach) is the one place where content you provide is transmitted to us, and only when you click submit.

5. What we do NOT collect

  • No usage analytics or telemetry. Earlier builds included an optional “share anonymized usage data” toggle; it has been removed. Halo does not phone home with usage events, feature interactions, or detection statistics.
  • No meeting content. No video, audio, screenshots, or face images ever leave your device.
  • No advertising identifiers, no third-party trackers, no data sales.

If crash reporting is offered in a future version, it will be off by default and described here before it is enabled.

6. Data retention

  • On-device data (history, evidence, recordings) persists until you delete it or uninstall Halo. You are in control of it.
  • Identity data is retained while your account is active.
  • Bug reports are retained for as long as needed to resolve the issue and improve the product.

Account deletion and a full data-export tool are planned for a future version. Until then, you can remove all on-device data by uninstalling Halo and deleting %LOCALAPPDATA%\Halo\, and you can contact us at support@scam.ai to request deletion of identity and support-record data.

7. Children

Halo is not directed to children under 13 (or the minimum age in your jurisdiction) and we do not knowingly collect their data.

8. Changes to this policy

We may update this policy as Halo evolves. Material changes will be reflected by the “Last updated” date, and where appropriate surfaced in the app.

9. Contact

support@scam.ai · Reality Inc.

Questions about privacy?

We're here to help. Contact our support team for any questions or concerns.

Contact Support