Privacy policy
Last updated: 17 April 2026
Hailo B.V. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Hailo's services.
Who we are
Controller: Hailo B.V.
Address: Prinsengracht 769 A, 1017 JZ Amsterdam, Netherlands
KvK registration: 96483482
Date incorporated: 19 February 2025
Privacy contact: Gijs van Dam, privacy@hailo.health
What we do
Hailo is an intelligent lab testing platform that supports preventive health. We deliver guided ordering of preventive biomarker tests, clear evidence-led interpretation of lab results, and secure tracking of results and health trends over time.
Important: Hailo is an informational and educational wellness platform. Our service is not medical advice, not a diagnosis, and not a treatment. We do not provide clinical care. For medical concerns, consult a qualified healthcare provider.
Service classification
Hailo is an informational wellness platform, not a healthcare provider (zorgaanbieder) under Dutch law (Wkkgz). No treatment agreement (behandelovereenkomst) exists under the Dutch Medical Treatment Agreement Act (Wgbo).
What personal data we collect
Account and identity data
Full name, email address, password (bcrypt hashed)
User ID (UUID), date of birth, sex at birth
Phone number (optional), address (postal code, house number, street, city)
Mollie customer ID, account timestamps, security data
Health questionnaire data
All encrypted with AES-256-GCM. Approximately 80 data points across 9 sections:
Demographics (ethnicity)
Vitals (weight, height)
Health goals
Women's health (cycle, pregnancy, breastfeeding)
Diet and nutrition
Medical history (conditions, family history, medications, allergies, supplements)
Sleep and lifestyle (alcohol, smoking)
Quality of life (PSS-4 stress scale, WHO-QOL-BREF)
Physical activity
Biomarker and lab result data
All encrypted with AES-256-GCM. Raw XML lab results from ZorgMail, test count, lab result status, result timestamps, individual biomarker values (field key, numeric/string value, unit, measurement date), and error tracking.
AI-generated interpretation data
All encrypted with AES-256-GCM. Personalised text interpretations, risk indicators, and educational recommendations generated from your biomarker and lifestyle data ("Smart Wellbeing Reports").
Interpretations are produced by our processor Medicus AI GmbH (Vienna, Austria — EEA) under a signed Data Processing Agreement (Art. 28 GDPR) and stored on Hailo's EEA infrastructure.
The payload sent to Medicus is pseudonymised: a Hailo-assigned user identifier, year-of-birth or age band, sex at birth, biomarker values, and lifestyle indicators strictly necessary for interpretation (e.g. pregnancy or smoking status). No name, email, address, or direct identifiers are transmitted.
Medicus is contractually prohibited from using your data for AI model training, product development, or generic analytics, and may not engage further sub-processors without our prior written consent.
AI interpretations are informational and educational. They do not constitute a medical diagnosis, treatment, or automated decision with legal or significant effect (Art. 22 GDPR).
Payment and subscription data
Order information and payment details (amount, currency, Mollie payment ID)
Subscription data, checkout sessions, mandate/payment method IDs
Test credits
Data shared with Mollie: email, name, order amount, add-on IDs, checkout session ID
Usage and behavioural data
We do not integrate analytics platforms (PostHog, Google Analytics). We do not track browsing behaviour beyond audit logging for security.
Device and technical data
IP address (captured at ToS acceptance, health data consent, marketing consent, password reset), user agent (captured at password reset). We do not use device fingerprinting or tracking cookies.
Communication and audit data
Emails via Resend: verification, password reset, order confirmations, lab result notifications, payment notifications
Audit logs covering 35+ action types (login/logout, registration, password changes, account deletion, subscription events, orders, lab results, admin actions) with user ID, timestamp, and context
Consent and legal records
Terms of Service acceptance (date/time, version, IP)
Health data consent (yes/no, full text, version, timestamp, IP, withdrawal status)
Marketing consent (yes/no, version, timestamp, withdrawal status)
Legal bases for processing
Under GDPR, we process data only with a valid legal basis:
Account, identity, and payment data: Art. 6(1)(b) — contract performance
Health questionnaire data: Art. 9(2)(a) — explicit consent (special category)
Biomarker and lab results: Art. 9(2)(a) — explicit consent (special category)
Consent records: Art. 6(1)(c) — legal obligation (GDPR accountability)
Device and technical data: Art. 6(1)(f) — legitimate interest (security, fraud)
Audit logs: Art. 6(1)(f) + Art. 6(1)(c) — legitimate interest and legal obligation
Marketing communications: Art. 6(1)(a) — explicit consent (not yet active)
How we use your data
We use data for:
Providing the service
Processing payments
Sending transactional emails
Security and fraud prevention
Maintaining audit records
We do not sell data, use it for marketing profiling, aggregate health data for research (without separate consent), or use it beyond direct service delivery.
Health data — special protections
Health data is special category data under GDPR Article 9 and requires heightened protection:
Explicit consent required (full consent text displayed, version number, timestamp, and IP address recorded)
Encryption at rest (AES-256-GCM for all health data)
Key management (Azure Key Vault with RBAC, key rotation, audit logging)
Consent withdrawal available at any time (does not affect prior lawfulness)
Who we share your data with
We share personal data only with trusted processors bound by Data Processing Agreements (Art. 28 GDPR):
Microsoft Azure: infrastructure (West Europe, EEA)
Mollie: payment processing (Netherlands, EEA)
ZorgMail / Enovation: lab result delivery (Netherlands, EEA)
PMO Nederland: blood draw logistics (Netherlands, EEA)
Med Lab Stein: laboratory analysis (Germany, EEA)
Resend: transactional email (USA, Delaware — under SCCs)
Google OAuth: admin authentication (EU + USA — under SCCs and Google EU Data Protection Addendum)
Tolgee: translation (Czech Republic, EU)
Medicus AI GmbH: AI-generated interpretations (Austria, EEA)
International data transfers
All infrastructure is hosted in Microsoft Azure West Europe (Netherlands), within the EEA. We do not intentionally transfer data outside the EEA.
Certain processors operate partially or fully outside the EEA:
Resend (USA, Delaware) under Standard Contractual Clauses (SCCs)
Google OAuth (EU + USA) under SCCs and the Google EU Data Protection Addendum
Tolgee (Czech Republic, within EU)
For any such processing, appropriate safeguards are in place.
How we protect your data
Encryption at rest (AES-256-GCM for health data)
Encryption keys (Azure Key Vault with RBAC and key rotation)
Encryption in transit (HTTPS/TLS)
Passwords (bcrypt hashing with salt)
OTP codes (hash-stored, never plaintext, auto-expire in 10–15 minutes)
Sessions (JWT-based, 1-hour expiration)
Account lockout (5 failed attempts triggers a 15-minute lockout)
Admin access (Google OAuth 2.0 with email whitelist)
API security (all routes require authentication)
Audit logging (35+ action types)
Webhook security (HMAC-SHA256 signature verification)
Infrastructure (Azure RBAC, Infrastructure as Code, federated identity for CI/CD)
How long we keep your data
User account: while active, plus 30 days after deletion (cooling-off period)
Health profile, biomarker, lab results, subscription data: lifetime of account (encrypted, fully deleted on account deletion)
Payment and order data: lifetime of account plus 7 years statutory fiscal retention
Consent records: lifetime of account
Audit logs: indefinite (not automatically deleted)
OTP codes: 10–15 minutes (auto-expire)
Checkout sessions: 1 hour (auto-expire)
Note: Automated retention purge jobs are scheduled for implementation before the 1 June 2026 launch. Until then, retention is enforced at account-deletion cascade level and by periodic manual review.
Your rights under GDPR
Right of access (Article 15): request a copy of all personal data in clear, structured format within one month
Right to rectification (Article 16): request correction of inaccurate data via the Hailo app
Right to erasure (Article 17): request account deletion with a 30-day waiting period, after which all linked data is permanently deleted
Right to restrict processing (Article 18): request limitation of processing during accuracy disputes
Right to data portability (Article 20): request data in CSV or JSON format
Right to object (Article 21): object to processing based on legitimate interest
Right to withdraw consent (Article 7(3)): withdraw health data or marketing consent at any time without affecting prior lawfulness
Contact: privacy@hailo.health. Response time: within one month (may extend two months for complex requests). Reasonable requests are free.
Right to lodge a complaint
If you believe we have violated your rights, lodge a complaint with the Autoriteit Persoonsgegevens:
Website: www.autoriteitpersoonsgegevens.nl
Address: Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands
Automated decision-making
Hailo does not use automated decision-making with legal or significant effects (Article 22). AI-generated interpretations are informational and educational only and do not produce decisions with legal or significant effect. Lab results are stored as raw biomarker values. Users remain responsible for any clinical action and are directed to a qualified clinician for diagnosis or treatment.
Cookies and similar technologies
We use minimal cookies for essential functionality only: session management. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. For complete details, see our separate Cookie Policy.
Marketing communications
Marketing consent is built into our system but is not yet active. When activated:
Opt-in only
Easy withdrawal via unsubscribe link
Separate from health data consent
No impact on service if withdrawn
Children's data
Hailo is not intended for individuals under 16 years. We do not knowingly collect personal data from children under 16.
Changes to this policy
We may update this Privacy Policy. Material changes will be notified via email and in-app notice. The date of last update is shown at the top. Continued use constitutes acceptance.
Contact information
Data controller
Hailo B.V.
Prinsengracht 769 A, 1017 JZ Amsterdam, Netherlands
KvK: 96483482
Privacy contact
privacy@hailo.health
Supervisory authority
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands
Website: www.autoriteitpersoonsgegevens.nl
Privacybeleid (Nederlands)
De volgende tekst is een Nederlandse vertaling van de belangrijkste secties. Bij verschillen prevaleert de Engelse versie.
Inleiding
Hailo B.V. (hierna: wij, ons of onze) is gehecht aan de bescherming van uw privacy. Dit privacybeleid verklaart hoe wij uw persoonsgegevens verzamelen, gebruiken, opslaan en beschermen wanneer u de diensten van Hailo gebruikt.
Wie wij zijn
Hailo B.V., Prinsengracht 769 A, 1017 JZ Amsterdam, Nederland
KvK: 96483482
Opgericht: 19 februari 2025
Privacycontact: Gijs van Dam, privacy@hailo.health
Wat wij doen
Hailo is een intelligent platform voor biomarker-testen ter ondersteuning van preventieve gezondheid. Hailo is geen medisch advies, geen diagnose en geen behandeling. Raadpleeg een gekwalificeerde zorgverlener voor medische zaken.
Persoonsgegevens die wij verzamelen
Account- en identiteitsgegevens
Gezondheidsvragenlijstgegevens (80+ punten, AES-256-GCM versleuteld)
Biomarker- en laboratoriumresultaten (AES-256-GCM versleuteld)
AI-gegenereerde interpretaties (gepseudonimiseerd verwerkt door Medicus AI GmbH in Wenen, AES-256-GCM versleuteld)
Betalingsgegevens
Communicatie- en auditgegevens
Toestemmingsregisters
Rechtsbasis
Art. 6(1)(b) AVG voor contractprestatie
Art. 9(2)(a) AVG voor gezondheidsgegevens (expliciete toestemming vereist)
Art. 6(1)(c) AVG voor juridische verplichtingen
Art. 6(1)(f) AVG voor gerechtvaardigd belang
Hoe wij uw gegevens gebruiken
Voor accountbeheer, testbestelling, resultaatlevering, betalingsverwerking, transactionele communicatie, veiligheid en fraudepreventie, en audit- en nalevingsregisters.
Wij verkopen uw gegevens niet aan derden. Wij gebruiken uw gegevens niet voor marketing-profiling of onderzoek zonder aparte toestemming.
Gezondheidsgegevens — bijzondere bescherming
Gezondheidsgegevens zijn bijzondere categorieën onder AVG artikel 9:
Expliciete toestemming vereist
AES-256-GCM versleuteling in rust
Sleutelbeheer via Azure Key Vault
U kunt uw toestemming op elk moment intrekken
Gegevensuitwisseling
Alleen met vertrouwde verwerkers onder verwerkersovereenkomsten (Art. 28 AVG): Microsoft Azure, Mollie, ZorgMail, PMO Nederland, Med Lab Stein, Resend, Google OAuth, Tolgee, Medicus AI.
Internationale gegevensoverdrachten
Alle infrastructuur bevindt zich in Azure West-Europa (Nederland), binnen de EER. Wij dragen gegevens niet opzettelijk over buiten de EER.
Hoe wij uw gegevens beschermen
AES-256-GCM versleuteling
HTTPS/TLS
bcrypt wachtwoordhashing
JWT sessies
Accountvergrendeling
Google OAuth voor admin
HMAC-SHA256 webhooks
Auditlogboeken (35+ acties)
Azure RBAC
Infrastructure as Code
Hoe lang wij uw gegevens bewaren
Account: zolang actief plus 30 dagen
Gezondheidsgegevens en biomarkers: tot account verwijderd
Betalingsgegevens: tot account plus 7 jaar
Toestemmingsregisters: tot account verwijderd
Auditlogboeken: oneindig
Uw rechten onder de AVG
Recht van inzage, rectificatie, gegevenswissing, beperking, overdraagbaarheid, bezwaar, en toestemming intrekken.
Contact: privacy@hailo.health. Responstijd: 1 maand. Gratis voor redelijke verzoeken.
Klacht indienen
Autoriteit Persoonsgegevens, www.autoriteitpersoonsgegevens.nl
Contactgegevens
Hailo B.V., Prinsengracht 769 A, 1017 JZ Amsterdam
KvK: 96483482
Privacy: privacy@hailo.health