Halt — Privacy Policy

Introduction

Halt is a privacy-first, offline-first tracking app designed to help you manage body-focused repetitive behaviors such as skin picking. This Privacy Policy explains how Halt handles information when you use the app.

Who we are

• Developer: BlueSparrow Labs (solo developer based in India)
• Website: https://bluesparrow.dev

Contact Information

• Privacy inquiries: privacy@bluesparrow.dev
• General inquiries: info@bluesparrow.dev

Quick Summary (Plain Language)

• Your health data (logs, photos, body map entries, notes) is stored on your device by default.
• Backups are optional. If you enable Google Drive backup, Halt encrypts backups before they leave your device.
• Halt does not sell your personal information.
• Halt does not use third-party analytics, advertising, or behavioral tracking SDKs.
• Some optional features use third-party services (Google Sign-In, Google Drive, Google Play Billing). These services may process limited information needed to provide those features.

Important: Health Data Notice

Halt helps you track health-related behaviors. The app is not a medical device, does not provide medical advice, and should not be used as a substitute for professional healthcare.

The health-related information you create in Halt (such as urge/episode logs, intensity ratings, body locations, triggers, photos, and personal notes) is sensitive. Halt is designed so that this information stays on your device unless you explicitly choose to share or back it up.

1. What Information Halt Handles

1.1 Information you create in the app (your content)

Depending on how you use Halt, your content may include:

• Urge and episode logs (timestamps, type, intensity, duration, trigger tags, body locations, notes)
• Progress photos and photo metadata (timestamps, tags, local file paths)
• Coping tool usage and custom strategies
• Baseline triggers and motivational goals set during onboarding
• App preferences and settings

By default, this content is stored locally on your device in app-private storage. We do not receive your content unless you explicitly share it outside the app (for example via PDF export) or you send it to us for support.

1.2 Account and sign-in information (optional)

Halt can work without an account (anonymous/guest mode) for core features.

If you choose to sign in (for example to enable Drive backups or premium purchases), Halt may process:

• A Google account identifier and basic profile information (such as email address and display name) provided by Google Sign-In

1.3 Subscription and purchase information (optional)

If you purchase premium features, purchase handling involves:

• Google Play Billing (for purchases made through Google Play)

Google Play may process purchase receipts, subscription status, and device/app identifiers needed to validate purchases. Halt may store minimal subscription status locally on your device (for example "Premium active") to enable offline access to premium features.

1.4 Backup information (optional)

If you enable backup features, Halt may handle:

• Encrypted backup archives created on-device
• Backup timestamps and file sizes

If you choose Google Drive backup, Halt uploads encrypted backups to your Google Drive (the app's hidden appDataFolder area). Halt does not need access to your entire Drive; it uses limited scopes to store and retrieve files created by the app.

1.5 Technical and diagnostic information

Halt aims to minimize data collection. We may handle limited technical information in these cases:

• When you contact support and include diagnostic details
• Basic app metadata needed to troubleshoot (for example app version, device model, OS version)

We do not collect your health content for diagnostics.

2. Permissions the App May Request

Halt may request the following device permissions depending on features you use:

• Camera — capturing progress photos (Digital Mirror)
• Photos/files access — importing or exporting photos and PDF reports
• Biometric authentication — optional app lock (if implemented)
• Network access — Google Sign-In, subscription validation, Google Drive backup

You can decline permissions, but some features may not work without them.

3. How We Use Information

We use information to:

• Provide the app's core functionality (urge tracking, episode logging, body mapping, photo journal, insights, coping tools)
• Generate therapist PDF reports you request
• Encrypt/decrypt local data and backups
• Perform backups and restores you request (if enabled)
• Provide optional sign-in and subscription management (if enabled)
• Respond to your support requests
• Improve stability and performance

4. Where Information Is Stored

• On your device (default): Your health content, logs, photos, and settings are stored locally on your device.
• In your Google Drive (optional): If you enable Drive backup, encrypted backups are stored in your own Google Drive account. The data remains encrypted and should not be readable without your recovery passphrase.
• On our servers: Halt does not upload your health content to our servers.
• With purchase providers (optional): If you purchase premium features, Google Play may process data needed to operate purchases and validate entitlements.

5. Sharing and Disclosure

We do not sell your personal information.

We may share limited information with third parties only when necessary to provide optional features you enable, such as:

• Google services (Google Sign-In, Google Drive API)
• Google Play Billing (purchase validation and fulfillment through Google Play)

These providers have their own privacy policies and terms.

We may also disclose information if required to comply with applicable legal obligations, or to protect users and the integrity of the app (while keeping disclosures as limited as possible).

6. International Users and Legal Bases (GDPR/UK GDPR and Similar Laws)

Halt is available globally. If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process information under legal bases such as:

• Your consent (for optional sign-in, Drive backups, photo capture)
• Performance of a contract (to provide requested features)
• Legitimate interests (for security and app integrity), balanced with your rights

Health data under GDPR: Halt is designed so that health-related data you create stays on your device. If you choose to enable optional features that involve limited processing (such as encrypted Drive backups), this is based on your explicit consent, which you can withdraw by disabling those features.

You may withdraw consent at any time by disabling optional features or adjusting device/app settings.

7. Your Privacy Rights

Depending on your location, you may have rights such as:

• Access to the personal information we hold about you (if any)
• Correction of inaccurate information
• Deletion of certain information
• Data portability (where applicable)
• Restriction or objection to certain processing (where applicable)
• Opt-out of certain types of processing (where applicable)

7.1 EEA/UK/Switzerland

You may have the right to contact your local data protection authority if you have concerns.

7.2 United States (including California and other states)

We do not sell personal information. Where applicable, you may have rights to know, access, delete, or correct personal information we hold about you, and to opt out of certain sharing/processing.

7.3 India and other regions

You may have rights under applicable local laws. We aim to honor reasonable requests in a consistent way globally.

To make a request, email privacy@bluesparrow.dev. To help us verify your request, we may ask for information that confirms you control the relevant account.

8. Data Retention

• Local content: Retained on your device until you delete it or uninstall the app.
• Drive backups (if enabled): Retained in your Google Drive until you delete backups or disable the feature.
• Account/subscription metadata (if enabled): Retained while you use the account features, and may remain for a reasonable period for operational purposes unless you request deletion.

9. Security

We use security measures appropriate for a health-tracking app, such as:

• AES-256 encryption for Drive backups with passphrase-based key derivation (PBKDF2)
• Encryption keys stored in OS secure storage (Android Keystore / iOS Keychain)
• Blurred photo thumbnails by default for visual privacy
• Optional app lock (biometrics/PIN)

No method of storage or transmission is 100% secure. You should protect your device, use strong device security, and keep your recovery passphrase safe.

10. Children

Halt is not intended for children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@bluesparrow.dev and we will take steps to address the situation.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in the app or legal requirements. The "Last Updated" date at the top shows when it was last revised.

12. Contact

• Website: https://bluesparrow.dev
• General: info@bluesparrow.dev
• Privacy: privacy@bluesparrow.dev

13. Consent

By using Halt, you agree to the handling of information as described in this Privacy Policy.