Privacy Policy

Halo Reviews Ltd is based in London, United Kingdom. For privacy questions contact haloreviewsuk@gmail.com.

Halo processes data on behalf of clinics (our customers). That typically includes patient first names, mobile numbers, appointment metadata from connected booking tools, SMS delivery logs, star ratings, and optional private feedback text.

Clinics remain responsible for telling patients how their data is used and for having a lawful basis under UK GDPR, usually under the existing clinic-patient relationship and legitimate interests for service follow-up.

• Send a single post-appointment SMS with a link to a branded rating page
• Route satisfied patients toward Google review flows and dissatisfied patients to private clinic feedback
• Provide clinics with dashboards, alerts, and audit logs
• Operate, secure, and improve the Halo service

We do not sell patient data. We do not use patient data for unrelated advertising.

Unless a clinic requests otherwise, we retain SMS and rating records for up to 12 months and delete or anonymise them thereafter. Clinics may request export or deletion in line with their own GDPR obligations.

We use infrastructure and messaging providers (e.g. cloud hosting, SMS gateways) under data-processing terms. A current sub-processor list is available on request to clinic customers.

Patients should contact their clinic first. Clinics may contact us to help fulfil access, correction, or deletion requests. You may also complain to the UK ICO.