Privacy Policy
How Block Apps LLC collects, uses, and protects your information when you use Halo. Includes communications-privacy disclosures required by federal and state law.
§1Who we are
Block Apps LLC (“Halo,” “we,” “us,” or “our”) provides wireless communications and complementary privacy services to consumers in the United States. Because our communications services are regulated by federal and state law, this Privacy Policy describes the additional protections that apply when you use them - including under Section 222 of the Communications Act and the FCC's rules governing Customer Proprietary Network Information.
§2Scope & eligibility
The Services are offered to residents of the United States who are at least 18 years old (19 in Alabama and Nebraska; 21 in Mississippi). You must provide a valid date of birth at signup. If you are under the required age in your jurisdiction, do not use the Services and do not provide us with personal information.
By creating an account or using the Services, you confirm that you meet these eligibility requirements and consent to the practices described in this Privacy Policy.
§3Information we collect
3.1 Account & identity information
Information you provide during signup, account management, and use of the Services:
- Contact information (name, email, mailing address)
- Date of birth (for age verification)
- Mobile telephone number assigned to or ported to your account
- Account credentials and security factors
- Government identification, when required for identity verification or fraud prevention
- Payment information (processed by our payment provider; we do not store full card numbers)
3.2 Communications data
When you use the Services to make or receive voice calls, send or receive messages, or consume mobile data, we receive technical and routing information about those communications - referred to under federal law as Customer Proprietary Network Information (CPNI). This is generally limited to metadata necessary to deliver the Service (such as the numbers involved in a call or message, time, duration, and amount of data used) and technical configuration of your line.
We do not read or store the content of your voice calls or messages on your primary line, except (a) automated processing by privacy features you enable, (b) where briefly necessary to deliver a message to its recipient, or (c) where required by lawful process.
Secondary phone numbers: Messages sent and received on secondary numbers are routed through and stored on our servers so you can access your conversation history. We retain this content for the duration specified in Section 11. Voice calls placed through secondary numbers are routed in real time and are not recorded or stored.
3.3 Device, network, and usage information
- Device identifiers and technical attributes (model, OS version, eSIM identifiers)
- IP address when you interact with our apps and websites
- Product usage and diagnostic logs
- Approximate location derived from device or network signals, when needed for features you use (such as emergency services or region-based features)
3.4 Sensitive personal information
The following may qualify as “sensitive personal information” under California's CPRA and similar state laws:
- Precise geolocation, when used by features that need it
- Contents of communications, only when processed by an enabled feature
- Account login credentials
- Government identifiers used for verification
You have the right to limit our use of sensitive personal information to what is necessary to provide the Services. See Section 8.
3.5 Information from third parties
We may receive limited information from independent identity-verification, fraud-prevention, and privacy-service providers we engage to help operate and protect the Services.
3.6 Roles
For purposes of US state privacy laws and the GDPR, Block Apps LLC is the business and data controller for personal information collected through the Services. The categories of providers listed in Section 7 act as service providers or processors under written agreements that restrict their use of your information to providing services to us.
§4Communications privacy (CPNI)
Communications-related information is protected under federal law. This section summarizes how we handle it and your rights with respect to it.
4.1 Permitted uses without separate approval
Federal law permits a carrier to use CPNI without separate approval to provide the service you have purchased, bill and collect for it, protect against fraud and abuse, respond to your requests, and market service offerings of the same category that you already buy from us.
4.2 Marketing uses requiring your approval
We will not use, disclose, or grant access to your CPNI to market services outside the category of service you already buy without your opt-in approval. You may grant, withhold, or revoke approval at any time by emailing support@switchtohalo.com or via account settings.
4.3 Authentication when you contact us
To protect your account, we authenticate you before discussing account details or releasing call records. Acceptable authentication may include logging in to your account, responding to a security code sent to a registered contact method, or presenting government identification. We will not release call records by phone based on answers to readily available personal questions alone.
You will receive prompt notification to your registered contact methods of any account changes that could affect access to communications information, including password, address, or contact-information changes.
4.4 Compliance certification
We file the annual CPNI compliance certification required by federal law. A copy is available on request to support@switchtohalo.com.
4.5 CPNI breach notification
If a breach of CPNI occurs, we will notify the appropriate federal law-enforcement agencies within the timelines required by federal law, and we will notify affected customers as required. See also Section 12.
§5How we use information
5.1 Provide and operate the Services
- Provision your line, assign or port your number, and route your communications
- Bill you and process payments
- Provide customer support and respond to your requests
- Operate the privacy features included with your account
5.2 Privacy features
We process information as needed to operate the privacy features included with the Services. In each case, we use and share only the information necessary to deliver the feature, and only with the categories of providers listed in Section 7. We do not use the content of your communications for product improvement, marketing, or any purpose beyond providing the feature you enabled.
5.3 VPN
We operate a no-activity-logs VPN. We do not log browsing activity, traffic content, DNS queries, or the IP addresses of the sites you visit. We do retain minimal connection metadata (connection timestamps and server-region selection) for up to 24 hours for capacity planning and abuse prevention, after which it is deleted.
5.4 Safety, security, and fraud
We process information to detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms; to protect our and others' rights, property, and safety; and to comply with legal obligations.
5.5 Service improvement
We use aggregated and de-identified data to understand how the Services are used and improve them.
5.6 Marketing
With your consent where required, we may send you marketing emails or messages about Halo. You can opt out at any time using the unsubscribe link in any email, replying STOP to any marketing message, or emailing support@switchtohalo.com.
§6Automated decision-making
Some Service features use automated systems, including third-party artificial intelligence and large-language-model services, to filter unwanted communications, detect fraud, enrich phone-number lookups, and assess account risk. Communications metadata and, where you have enabled a content-processing feature, message content may be sent to these AI service providers for real-time classification. These providers are contractually prohibited from using your data for their own training or purposes. These systems are not perfect and may misclassify communications or accounts. You have the right to:
- Disable automated filtering for your line
- Override an automated decision by marking an item as not spam or by appealing
- Request human review of an automated decision that significantly affects you
- Request information about the logic of an automated decision, where required by law
To exercise these rights, email support@switchtohalo.com.
§7How we share information
We do not sell your personal information for money.
We also do not share personal information for cross-context behavioral advertising under California's CPRA. To exercise your opt-out right, email support@switchtohalo.com.
7.1 Categories of recipients
We engage independent service providers under written agreements that restrict their use of your information. The categories include:
- Network operators and communications infrastructure providers
- Identity-verification and fraud-prevention providers
- Payment processors
- Cloud and backend infrastructure providers
- Analytics and product-diagnostics providers
- Privacy-service partners (including those that help submit data-removal requests on your behalf and notify you of data exposures)
- Phone-number lookup and enrichment providers
- Artificial intelligence and machine-learning service providers used for spam detection, fraud prevention, and content classification
- Customer-communications and support providers
We may also share information with our professional advisors (such as auditors, accountants, and counsel) and, if necessary, with parties to a corporate transaction.
7.2 Authorized-agent data removal
When you enable data-removal services, we act as your authorized agent under CCPA/CPRA and similar state laws. In this capacity, we transmit the personal information you provide (name, email, phone number, mailing address) directly to data brokers for the sole purpose of submitting opt-out and deletion requests on your behalf. This transmission is made at your direction and under your authorized-agent consent.
7.3 Government and lawful process
We are subject to lawful-process obligations applicable to communications carriers. We may disclose information - including communications metadata, account information, location data, and (where required) content - in response to valid subpoenas, court orders, warrants, regulatory requests, and national-security demands. Where permitted, we will notify you before responding to a government demand for your information.
7.4 Corporate transactions
If Block Apps LLC is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may transfer to the successor. We will notify you before your information becomes subject to a different privacy policy.
§8Your privacy rights
8.1 California (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, the sources, purposes, and categories of recipients
- Access a copy of your personal information
- Correct inaccurate personal information
- Delete personal information we have collected, subject to legal exceptions
- Opt out of the sale or sharing of personal information
- Limit our use and disclosure of sensitive personal information to what is necessary to provide the Services
- Opt out of automated decision-making that has legal or similarly significant effects
- Designate an authorized agent to exercise these rights on your behalf
- Not be retaliated against for exercising these rights
We respond to verified requests within 45 days. To submit a request, email support@switchtohalo.com or use the privacy controls in your account settings.
8.2 Other US state privacy laws
Residents of states with applicable consumer-privacy laws - including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Iowa, Delaware, Indiana, New Hampshire, New Jersey, Maryland, and Minnesota - have similar rights to access, correct, delete, and opt out. The specific scope of these rights varies by state. Submit requests to support@switchtohalo.com.
8.3 Nevada
Nevada residents have the right under NRS 603A.340 to opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada law, but you may still submit a request to support@switchtohalo.com.
8.4 California “Shine the Light”
Under California Civil Code § 1798.83, California residents may request information about disclosures of personal information to third parties for those third parties' direct-marketing purposes. We do not currently share for those purposes. Requests: support@switchtohalo.com.
8.5 EU / UK
The Services are offered to US residents only and we do not knowingly serve customers in the EU or UK. If you are an EU/UK resident and have inadvertently provided personal information, contact us to delete it. To the extent the GDPR or UK GDPR applies to you, you have the rights of access, rectification, erasure, restriction, portability, and objection, plus the right to lodge a complaint with your supervisory authority.
§9Sensitive personal information: your right to limit
You may limit our use of sensitive personal information (defined in Section 3.4) to what is necessary to provide the Services. Doing so may, among other things, disable optional location-based features and limit certain personalization. To exercise this right, email support@switchtohalo.com.
§10Cookies & tracking
On our website and in our apps we use cookies, SDKs, and similar technologies for authentication, analytics, fraud prevention, and limited marketing measurement (where consented). The specific technologies include product analytics (such as Mixpanel), crash and performance diagnostics (such as Firebase Analytics and Vercel Analytics), marketing measurement (such as Meta Pixel), customer-communication tools (such as Customer.io), and session-replay tools that record page interactions to help us diagnose usability issues. Session replay does not capture passwords or payment details.
You can manage preferences via our consent banner, your browser, and your device's tracking-permission controls. We honor the Global Privacy Control (GPC) signal.
§11Data retention
We retain personal information only for as long as needed for the purposes described in this Policy, to comply with legal obligations (including records-retention rules that apply to communications carriers), to resolve disputes, and to enforce our agreements. General retention periods:
- Account information - retained for the duration of your account plus 90 days after closure, unless longer retention is required by law.
- Call detail records and messaging metadata - retained for up to 18 months, consistent with FCC record-keeping guidance and carrier obligations.
- Secondary-number message content - retained while your secondary number is active and for 30 days after the number is released.
- VPN connection metadata - deleted within 24 hours.
- Analytics and diagnostic logs - retained for up to 12 months in identifiable form, then aggregated or deleted.
- Payment records - retained as required by tax and financial-reporting law (typically 7 years).
Where data is no longer needed and we are not required to retain it, we delete, anonymize, or aggregate it. Specific retention details for your account are available on request.
§12Security & breach notification
We use technical, administrative, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. No system is perfectly secure. We will notify affected customers and applicable authorities of personal-information breaches in accordance with the CPNI breach process in Section 4.5 and each state's data-breach notification law.
§13International transfers
We process information in the United States. Some service providers may process limited information outside the United States. Where required, we rely on the Standard Contractual Clauses or equivalent transfer mechanisms.
§14Children
The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it. If you believe a child has provided us with personal information, contact support@switchtohalo.com.
Persons aged 13 to 17 may not create an account. The Services require account holders to be at least 18 (19 in Alabama and Nebraska; 21 in Mississippi).
§15Accessibility
Block Apps LLC is committed to making the Services accessible to people with disabilities in compliance with applicable law. To request reasonable accommodations or report an accessibility issue, email support@switchtohalo.com or write to the address in Section 17.
§16Changes to this policy
We may update this Policy. Material changes will be communicated by email and in-app notice at least 30 days before they take effect. The “Last updated” date and version number at the top of this Policy reflect the current version. Prior versions are available on request.
§17Contact
For privacy questions or to exercise your rights:
- Email - support@switchtohalo.com
- Support - support@switchtohalo.com
- Accessibility - support@switchtohalo.com
- Mailing address - Block Apps LLC, Nashville, TN, United States
- Registered agent for service of process - Republic Registered Agent LLC, 5830 E 2nd St Ste 7000, Casper, WY 82609
To file a complaint about our privacy practices, you may contact your state Attorney General. California residents may contact the California Privacy Protection Agency at cppa.ca.gov.