Privacy Policy

Last updated April 17, 2026

---

title: Privacy Policy version: 1.0.0-draft effectiveDate: 2026-05-01 lastUpdated: 2026-04-17 status: draft

1. Who we are

Halvy is a shared-finance application for couples, operated by Halvy (the "Service"). The controller of the personal data described in this policy is Halvy, represented by its founder, Iqbal Adrianto. You can reach our data protection officer at dpo@halvy.app for any question regarding this policy, your rights, or how your data is handled.

If you are contacting us from the European Union, the United Kingdom, or the United States, the same address applies. We will publish a registered legal entity and address before Halvy's public launch on the App Store.

2. What we collect

To run a shared-finance app, we collect the minimum data required to identify you, sync your household, and deliver the service. This includes account information (your email address, display name, chosen language, and an opaque household identifier), household content (expense entries, savings goals, split preferences, and receipt metadata such as merchant, total, and date that you or your partner type or confirm), and technical device information (device model, iOS version, a pseudonymous device identifier for push routing, and crash logs scrubbed of personal content).

We do not collect the Apple advertising identifier (IDFA), an advertising ID of any other kind, or any signal used to profile you across apps or the web. Halvy contains no ad networks, no SDK-based analytics, and no third-party tracking pixels.

3. What we never collect

Halvy never asks for and never stores your Social Security number, tax identification number, passport number, or other government identifiers. We never collect bank account credentials, online banking passwords, card primary account numbers, CVVs, or any data that would let us move money on your behalf — the app does not connect to your bank.

We do not collect your precise or background location, access your contacts, read your calendar, or ingest your photo library. The camera is invoked only for receipt capture, and only while you are actively pointing it at a receipt.

4. How we use it

We use the data we collect to provide the Service: authenticate you, sync your household across both partners' devices, run receipt OCR locally on your iPhone, compute your monthly surplus, and deliver the push notifications you have enabled. We process this data under the legal basis of performance of a contract (GDPR art. 6(1)(b)) — without it, the app cannot function.

We will also send you occasional product emails (for example, a single email when Halvy is available to download) only if you opt in explicitly at signup. You may withdraw that consent at any time from the app settings or via a single-click unsubscribe link in every such email. We do not sell personal data, we do not rent mailing lists, and we do not use your household data to train models of any kind.

5. Where it lives

Household data for European-based households is stored in Fly.io's Amsterdam (ams) region inside the European Economic Area. US-based households may be stored in a US region; the region is chosen at signup based on your account settings and does not move afterwards without your action. All data is encrypted at rest using provider-managed AES-256 encryption, and transport between your device and our servers uses TLS 1.3 with modern cipher suites and HSTS.

Database backups are encrypted with the same standards, retained for 30 days, and stored in the same region as the primary database. Access to production systems is restricted to named operators, gated by hardware security keys, and fully audited.

6. On-device processing

Receipt OCR runs entirely on your iPhone using Apple's Vision framework. The raw image is processed locally; Halvy extracts the merchant name, total, and date on device. Only after you explicitly confirm the extracted fields do we upload an encrypted copy of the receipt image and the parsed fields to our servers — and only so your partner can see it and so you can restore it when you change devices.

If you choose not to confirm, the image stays on your device and can be discarded from the capture screen. There is no background upload and no silent processing of your camera roll.

7. Partner data and shared records

Because Halvy is shared between two partners, many records are co-owned: a single expense belongs to the household, not to an individual. When one partner exercises the right to erasure (see §8), we honour that request by anonymizing the departing partner's personal attribution on the shared records while preserving the records themselves for the remaining partner. The departed partner's personal profile data (name, email, device identifiers) is deleted; their authored expenses are reattributed to "Former member" and stripped of any identifying metadata.

We believe this is the most balanced approach between the data subject's right to erasure and the remaining partner's need to keep their own financial history intact, and we document it here so both partners understand the outcome before they sign up.

8. Your rights

If you are in the European Union or the United Kingdom, you have the rights guaranteed by the GDPR and the UK GDPR: access, rectification, erasure, restriction of processing, portability, and objection. If you are in California, you have the rights granted by the CCPA and CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of the "sale" or "sharing" of personal information — none of which Halvy performs.

You can exercise most rights directly in the app: Settings → Export for portability, Settings → Delete account for erasure. For access, rectification, or any request we cannot fulfil in-app, email dpo@halvy.app and we will respond within the statutory deadlines (30 days under the GDPR, 45 days under the CCPA). You have the right to lodge a complaint with your local supervisory authority.

9. Retention

Account data is retained for as long as your account exists and is deleted on account closure, with the anonymization caveat described in §7 for co-owned records. Authentication audit logs (login timestamps, IP address, device fingerprint) are retained for one year for security and fraud investigation, then purged. Support tickets, including any content you send us by email, are retained for two years to allow follow-up and then deleted.

Anonymized co-owned records have no scheduled deletion because, by design, they no longer identify the departed individual. Backups follow their own schedule and roll off automatically within 30 days of the underlying data being deleted.

10. Sub-processors

We use a small set of sub-processors to deliver the Service. At the time of this draft: Fly.io (application hosting and managed Postgres, EU and US regions), Cloudflare (edge caching, DNS, and cookieless analytics), Formspree (the marketing waitlist form on our website), Apple (APNs for silent push notifications), and Postmark (transactional email — final provider to be confirmed before launch).

We publish the full list with contractual safeguards at halvy.app/privacy/subprocessors (to be live at launch). Before adding a new sub-processor, we update this policy and — for material changes — notify account holders by email.

11. Cookies and tracking

Our website uses Cloudflare's cookieless analytics, which counts page views server-side without storing any identifier in your browser. We set a single functional cookie, halvy-lang, to remember your chosen interface language across visits; it contains only the two-letter locale code, is not shared with any third party, and can be deleted from your browser at any time without breaking the site.

We do not embed third-party trackers, social media widgets, or advertising pixels. The iOS app uses no web cookies and has no in-app browser.

12. Children

Halvy is not intended for children. We do not knowingly collect personal data from anyone under 16 in the European Union or the United Kingdom, or from anyone under 13 in the United States. If you believe a child has created an account, contact us at dpo@halvy.app and we will delete the account and any associated data.

The minimum age of use is stated in our Terms of Service and enforced at signup.

13. International transfers

For EU and UK households, all personal data and backups are stored inside the European Economic Area. Where a sub-processor is based outside the EEA or UK (for example, Apple for APNs delivery), transfers are protected by the European Commission's Standard Contractual Clauses (SCCs) in their most recent form, together with a transfer impact assessment and any supplementary measures the assessment identifies.

For US households, data is stored in the United States and transfers follow the relevant US framework at the time of processing.

14. Breach notification

If we ever identify a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it, as required by GDPR art. 33. Where the breach is likely to result in a high risk, we will also notify the affected users directly, without undue delay, via the email address on file.

We maintain an incident response plan, conduct post-mortems for every material incident, and publish a summary of significant incidents in our public changelog.

15. Changes to this policy

When we update this policy, we add a dated entry to the public changelog at halvy.app/changelog and increment the version listed in the frontmatter of this page. For material changes — for example, a new purpose of processing or a new sub-processor that handles sensitive data — we also notify account holders by email before the change takes effect, with at least 30 days' notice where the law allows.

Minor, non-material edits (typos, clarifications that do not alter your rights or our practices) are published without notice and noted in the changelog.

16. Contact

For anything related to this policy, your data, or a request to exercise your rights, write to privacy@halvy.app. For urgent security or abuse matters, write to security@halvy.app. Both addresses are monitored by our team during European business hours, and we aim to acknowledge within one business day.

A postal address will be added here before public launch once the registered entity is finalised.