Privacy Policy

1. Local-first design

Halo is designed so that uploaded school data, direct student identifiers, local pseudonym mappings, and workspace content are primarily processed and stored locally on the user's device. In normal use, direct student names and identifiers are intended to remain on the device rather than being centrally stored by us.

2. Information processed locally on the user's device

The following may be stored locally in the browser or local device storage:

• Uploaded CSV, XLSX, PDF, and similar files
• Direct student identifiers from those files
• Local mappings between real identity and anonymous labels
• Student records, notes, draft outputs, and workspace layouts
• Dashboard configuration, role selection, branding, and preferences

Users remain responsible for securing their own devices and browsers.

3. Information we may receive

When certain online features are used, we may receive limited information, including:

• De-identified or pseudonymised evidence packets used for AI-assisted generation
• Aggregate metrics and summary information
• Schema and column-profile information for file-mapping workflows
• Account information if a user signs in
• Support correspondence
• Service and security metadata such as request logs, rate-limit signals, and operational diagnostics

We do not intend to receive direct student names or direct student identifiers through normal AI workflows.

4. Important clarification

Halo is designed to minimise disclosure of student information, but some AI features involve network transmission of de-identified, pseudonymised, or aggregate data to Halo infrastructure and approved subprocessors. We do not describe these workflows as “offline” or “no network transfer” when AI features are used.

5. Purposes of processing

We process information to:

• Provide and operate the service
• Authenticate users where sign-in is enabled
• Deliver AI-assisted workflows
• Protect the service from abuse and security threats
• Provide support and troubleshoot issues
• Comply with legal obligations
• Improve service reliability, safety, and performance

We do not use customer data to train our own models unless we expressly state otherwise and obtain any permissions required by law.

6. AI-assisted features

Halo uses AI to generate draft analyses and documents such as interventions, Individual Education Plan drafts, parent summaries, referrals, and other education workflows. When AI features are used, Halo may transmit de-identified, pseudonymised, or aggregate information to our infrastructure and approved subprocessors for processing. AI outputs are assistive only and are intended for human review, editing, and approval. They should not be treated as fully automated final decisions. See our AI Transparency Notice for details.

7. Children and student information

Halo is intended for use by authorised schools, educators, parents, and providers. Users must only upload or process student information where they are authorised to do so and where they have a valid legal basis under applicable law and policy.

Our local-first design reduces privacy exposure, but it does not remove the legal responsibilities of schools, educators, or parents under applicable privacy, education, child-protection, or records-management laws.

8. Sensitive information

Some education records may include information that is sensitive or subject to enhanced legal protections, including disability, wellbeing, behavioural, pastoral, health-related, or support-related information. Users should only process such information where permitted by applicable law and institutional policy.

9. Sign-in and account information

Some parts of the service may offer optional sign-in. Where enabled, we may receive and hold information such as name, email address, authentication provider information, account identifiers, and limited workspace metadata needed to support the relevant account feature. Where possible, student-level local data remains separate from account-level service data.

10. International disclosures and subprocessors

Halo may use service providers located in Australia, the United States, and other jurisdictions relevant to our approved subprocessors. Where account, service, authentication, hosting, support, or AI-processing information is disclosed overseas, those disclosures occur in connection with providing the service. See our Subprocessor Notice for the current list of providers and their functions.

11. Storage and retention

We retain Halo-held information only for as long as reasonably necessary for the purposes described in this policy, for security and operational needs, and to comply with legal obligations. Locally stored information remains under the control of the user unless removed by the user or cleared by the browser.

12. Security

We use technical and organisational measures appropriate to the nature of the service, including minimisation, access controls, rate limiting, service protections, and separation between local identity mappings and transmitted evidence packets. No system can guarantee absolute security, and users should also protect their own devices, browsers, and credentials.

13. Access, correction, deletion, and complaints

Depending on applicable law, individuals may have rights to request access to, correction of, deletion of, or information about personal data held by us. Requests may be sent to privacy@haloeducation.app. If you believe we have mishandled personal information, you may make a complaint using the same address. We aim to respond within 30 days. If you remain unsatisfied, you may complain to the applicable regulator, including the Office of the Australian Information Commissioner (OAIC) in Australia or the relevant data protection authority in your jurisdiction.

14. Australian users

For Australian users, we aim to handle personal information consistently with applicable Australian privacy obligations, including the Australian Privacy Principles (APPs) where they apply. From 10 December 2026 we will disclose AI-assisted automated decision-making in line with the transparency obligations introduced by the Privacy and Other Legislation Amendment Act 2024. Australian public-sector schools may also be subject to separate state or territory privacy and records laws, including the Western Australian Privacy and Information Sharing Act 2024 which commences on 1 July 2026.

15. Latin American users

For users in Latin America, additional local requirements may apply, including rules relating to children's data, sensitive data, international transfers, and privacy notices. This includes the Colombian Ley 1581 (Habeas Data) and SIC guidance on minors' personal data, Brazilian Lei Geral de Proteção de Dados (LGPD) Article 14 and ANPD Resolution 19/2024 on international transfers, and the Mexican Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP). Schools and users remain responsible for ensuring they are authorised to use the service under local law and policy.

16. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be published here with an updated effective date. Material changes will be flagged at the top of the page.

17. Contact

Dataclysm Pty Ltd (ABN 84 683 822 415)
South Perth, Western Australia
Privacy enquiries: privacy@haloeducation.app
General enquiries: hello@haloeducation.app