Privacy policy

What HaloSilver sees, and what it never does

Last updated July 7, 2026. This is a draft pending legal review. It describes how HaloSilver handles data in the current product. SoftStackers, LLC dba HaloSilver (“we”) operates HaloSilver.

The short version

HaloSilver reads the text on the protected person’s screen, on their own computer, to check for scams. Screenshots and audio never leave that computer, and audio is never recorded at all. Only the text read from the screen is sent to our service, and before it leaves the computer a local filter removes a short list of high-risk numbers (Social Security or taxpayer ID, payment card, bank account and routing numbers, and dates of birth). The text we do receive still contains ordinary content: the names of the people involved, who the protected person is communicating with, what was written on the screen, email addresses, phone numbers, mailing addresses, organization and bank names, and dollar amounts. Scam detection needs that context to work, so this is high-risk-number stripping, not anonymization. You, the guardian, only ever see an alert: what was flagged, in plain language, and why. You never see a screenshot or a recording of their screen. We do not sell your data, and we do not use it for advertising.

Who this covers

Two people are involved in a HaloSilver account. The guardian is the person who creates and manages the account. The protected person is the person whose computer is protected — often a family member, but not always: a friend, a spouse, or anyone else someone wants to look out for. This policy covers the data of both. HaloSilver is intended for guardians and protected people located in the United States; it is not currently designed or offered for use outside the United States.

What we collect

On the protected person’s computer, kept locally:

Sent to our service for scam detection:

Account and billing information:

What we never do

What is stripped locally, and what is not

Before any text leaves the protected person’s computer, a local filter removes structured, high-risk identifiers: Social Security and taxpayer ID (ITIN) numbers, payment card numbers, bank account and routing numbers, and dates of birth. Each is replaced with a placeholder. This happens on the device, before the text is stored, indexed, or sent for checking, and our service applies the same removal again when it receives the text, as a safety net.

We want to be exact about what this does. It strips that short list of high-risk numbers. It is not anonymization. The text we receive still contains ordinary readable content: names, who the protected person is communicating with, the actual on-screen message content, email addresses, phone numbers, mailing addresses, organization and bank names, and dollar amounts. We keep that on purpose, because that context is often exactly what tells a real scam apart from an ordinary conversation. The text, with the high-risk numbers removed, is then checked by an AI model to decide whether it looks like a scam in progress.

How we use it

Part of that over-time pattern detection also looks at whether a protected person’s usual communication habits are changing — for example, a shift in who they're talking to, how often, or a sudden change from their normal day-to-day pattern. This uses the same alert metadata described in “What we collect” above, stays inside the same access and retention rules, and is not shared any more broadly than anything else in this policy. We look at it because scams and financial exploitation often build gradually rather than showing up in a single message, and a change in pattern can be an early sign of one in progress. This is not a health or cognitive assessment, and it is not used to diagnose or label anyone — it only ever produces the same kind of plain-language alert described elsewhere in this policy.

How long we keep it

Your rights and requests

You can ask us to show you the data associated with your account, correct it, delete it, or provide a copy. You can remove a protected person or a device yourself from the family portal at any time. To make a broader request, or to ask a question about this policy, email us at support@softstackers.com. We aim to respond within 30 days.

Sensitive data

Some of the data described in this policy — including the pattern-detection signals above and the on-screen text before high-risk numbers are stripped — may be treated as sensitive personal data under some state privacy laws. Where a law gives you the right to opt out of certain uses of sensitive data, including through a recognized universal opt-out preference signal, we will honor that right. To exercise it, email us using the contact information below.

Who we share it with (sub-processors)

We use a small number of service providers to run HaloSilver. They process data on our instructions and only to provide their service:

Children

HaloSilver is a tool for adults protecting other adults. It is not directed at children, and we do not knowingly collect data from anyone under 13. The protected person should be an adult. As with the consent basis described in the Terms of Service, we rely on the guardian to confirm this is true; we do not independently verify anyone's age.

Security

Data sent between the protected person’s computer, the family portal, and our service is encrypted in transit, and data stored in our systems is encrypted at rest. Access to stored data is limited to what is needed to run the product. No system is perfectly secure, and we keep the amount of data we hold deliberately small for that reason. If a breach affecting your personal data occurs, we will notify affected users without unreasonable delay and consistent with applicable law.

Changes to this policy

If we change how we handle data, we will update this page and the “last updated” date above before the change takes effect. We will not quietly expand what we collect.

Contact

Questions or requests: support@softstackers.com. HaloSilver is operated by SoftStackers, LLC dba HaloSilver.