YOUR T1D COMPANION

Privacy Policy

⚠️ Draft only — Halia is in private testing and not yet publicly available. This policy has not been reviewed by a solicitor and will be updated before public launch.

Halia is in private testing and not yet publicly available. This is a draft policy that explains how we aim to handle your information.

Our intention is to be clear and careful with your data. This draft will be reviewed by a qualified solicitor before public launch.

1. Who we are

Halia is built by Ardela Labs Ltd, a company registered in England and Wales (company number [COMPANY NUMBER]).

Data controller: Ardela Labs Ltd.

2. What Halia is

Halia is an AI wellness companion — an automated system, not a human. Conversations are processed by AI systems (see sub-processors below).

3. What data we collect

We collect the following categories of data:

  • Account data: name, email, date of birth, phone number.
  • Health data (special category under UK GDPR Article 9): T1D diagnosis confirmation, insulin management type, CGM device type, CGM readings, meal logs, injection records.
  • Wearable data (if connected): sleep, activity, readiness, heart rate.
  • WhatsApp conversation content.

4. Lawful basis

  • Health data: explicit consent, Article 9(2)(a) UK GDPR, captured at registration.
  • Other personal data: contract performance and legitimate interests.
  • Anonymised research: separate explicit consent (optional, captured at registration).

5. Sub-processors and data transfers

We use the following sub-processors to operate Halia. For US-based processors, international transfers rely on the EU-US Data Privacy Framework and the UK GDPR Data Transfer Addendum:

  • Supabase Inc. — database (EU region, London).
  • Railway Corporation — API server hosting.
  • Meta (WhatsApp LLC / Meta Platforms Inc.) — message delivery; Meta is also an independent controller for its own purposes.
  • Anthropic — AI conversation processing (Claude).
  • Google — meal and food analysis (Gemini).
  • Oura Ring / Ouraring Inc. — wearable data (if connected).

6. Retention

You can ask us to delete your data at any time — contact [privacy@halia.health] or send "delete my data" to Halia on WhatsApp. Our retention periods are:

  • Conversation logs: deleted after 90 days (automated).
  • CGM readings: retained while your account is active.
  • Account data: retained until you request deletion.

7. Your rights

You have the right to access, rectification, erasure, portability, objection, and withdrawal of consent (UK GDPR Articles 15–21).

If you have concerns, you can contact the supervisory authority: the Information Commissioner's Office (ICO), ico.org.uk.

8. AI disclosure

Halia discloses that she is an AI at account creation, at the start of any new conversation, and whenever you ask directly.

AI model providers: Anthropic (Claude) and Google (Gemini).

9. Contact

For any privacy question, contact us at [privacy@halia.health].

See also our Terms of Service.