Privacy Policy

Hearlo – Communicate Without Barriers

An Asteroid S.L. Product

Last updated: 19 February 2026

Who We Are
What Data We Collect
How We Use Your Data
What We Do NOT Do
Legal Basis for Processing
Enterprise Clients (Hearlo for Business)
Who We Share Data With
International Data Transfers
How Long We Keep Your Data
Security
Your Rights
Children and Minors
Cookies and Device Analytics
Changes to This Policy
Contact Us

1. Who We Are

Hearlo is developed and operated by Asteroid S.L., a company incorporated and registered in Spain.

Legal entity: Asteroid S.L.

CIF: B44925501

Registered address: Avda de la Victoria, Num 87, Planta 01, Puerta A, Edificio RBBS, 28023 Madrid, Spain

Email: privacy@asteroidtechs.com

Website: www.asteroidtechs.com

Asteroid S.L. is the data controller for personal data collected through the Hearlo application. This privacy policy is governed by the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and Spain's Ley Orgánica 3/2018, de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD).

Our operational partner, ASTECH S.A.S. (Argentina), may provide development and support services under the direction of Asteroid S.L. and is bound by a Data Processing Agreement.

2. What Data We Collect

2.1 If You Do Not Register (No Account)

You can use Hearlo's full accessibility features — transcription, text-to-speech, translation, pictograms — without creating an account and without providing any personal data. We designed it this way on purpose.

For unregistered users, we do not collect any personally identifiable information. We may collect anonymised, device-level analytics (such as feature usage counts or crash reports) that cannot be linked to any individual.

2.2 If You Choose to Register (Optional)

If you decide to create an account for a more personalised experience, we collect:

Data	Purpose	Verified?
Email address	Account identification and service communications	No
Name (self-declared)	Personalising your experience	No
Age (self-declared)	Age-appropriate experience	No
Accessibility preferences	Auto-configuring the app for your needs (e.g., "Do you have hearing impairments?")	No

Important: We do not ask for medical records, diagnoses, or clinical health information. Our accessibility questions are simple yes/no preferences to help the app work better for you. We treat this data with the highest level of protection as a precautionary measure.

3. How We Use Your Data

We use your personal data only to:

Provide and personalise the Hearlo accessibility service based on your preferences.
Maintain, improve, and secure the application.
Send device-level push notifications about service updates (these are per-device and not linked to your email or personal identity).
Generate aggregated, anonymised usage statistics for our enterprise clients (see Section 6).

4. What We Do NOT Do

We believe your data is yours. Here is what we will never do:

We do not sell your data. Not now, not ever.
We do not run ads or use your data for advertising of any kind.
We do not read your conversations. We cannot access the content of your transcriptions, translations, or communications. Processing happens on-device or through privacy-preserving services, and we never store conversation content on our servers.
We do not track you individually. We do not build personal profiles or track your individual behaviour.
We do not share your personal data with our enterprise clients. They only see anonymised, aggregated statistics.
We do not use your data for marketing. Push notifications are device-based and not linked to your personal information.

5. Legal Basis for Processing

Under GDPR, every processing activity requires a lawful basis. Here is ours:

Activity	Legal Basis
Providing accessibility features (no account)	Legitimate interest (Art. 6(1)(f)) — no personal data is processed
Account creation and management	Consent (Art. 6(1)(a)) — registration is entirely optional
Accessibility preference configuration	Explicit consent (Art. 9(2)(a)) — precautionary treatment as special category data
Aggregated analytics for enterprise clients	Legitimate interest (Art. 6(1)(f)) — data is anonymised
Push notifications (device-level)	Legitimate interest (Art. 6(1)(f)) — not linked to personal identity
Crash analytics and service improvement	Legitimate interest (Art. 6(1)(f)) — anonymised data only

6. Enterprise Clients (Hearlo for Business)

Organisations such as airlines, public institutions, and businesses use Hearlo for Business to offer accessibility services to their customers and staff. These enterprise clients can access a dashboard showing:

How many people used Hearlo through their service
Which features were most used
General location and language data

This data is always aggregated and anonymised. Enterprise clients never see your name, email, conversations, or any individual-level data. They cannot identify you.

8. International Data Transfers

Asteroid S.L. is based in Madrid, Spain, within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards:

Argentina: The European Commission has recognised Argentina as providing adequate data protection (Decision 2003/490/EC).
United Kingdom: Covered by the European Commission's adequacy decision for the UK (Decision 2021/1772).
Other countries: Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical measures.

All international transfers are protected by encryption in transit and at rest.

9. How Long We Keep Your Data

Data Type	Retention Period
Registered account data (email, name, age)	Duration of your account + 30 days after deletion
Accessibility preferences	Duration of your account + 30 days after deletion
Aggregated analytics	Up to 36 months
Device-level analytics	Up to 24 months
Crash logs and error reports	Up to 120 days
Conversation content	Not applicable — we do not store this data

When you delete your account, all associated personal data is permanently deleted within the 30-day grace period. In accordance with LOPDGDD Article 32, certain data may be blocked (rather than deleted) during periods where legal retention obligations apply.

10. Security

We implement technical and organisational measures to protect your data, including:

Encryption at rest and in transit (TLS 1.2+ / AES-256).
Role-based access control and the principle of least privilege.
Immutable backups (WORM protection) to prevent tampering or accidental deletion.
Regular security audits and vulnerability assessments.
Incident response procedures and disaster recovery plans.

While no system is 100% secure, we take every reasonable precaution to protect your information.

11. Your Rights

Under GDPR and LOPDGDD, you have the following rights:

Right	What It Means
Access (Art. 15)	Request a copy of your personal data.
Rectification (Art. 16)	Correct inaccurate data — you can also do this directly in the app.
Erasure (Art. 17)	Delete your account and all associated data at any time.
Restriction (Art. 18)	Request we limit how we process your data.
Portability (Art. 20)	Receive your data in a standard, machine-readable format.
Object (Art. 21)	Object to processing based on legitimate interest.
Withdraw consent	Withdraw your consent at any time by deleting your account or contacting us. This does not affect the lawfulness of processing before withdrawal.
Digital testament (LOPDGDD Art. 96)	Under Spanish law, designated persons or heirs may request access to or deletion of a deceased user's data.

To exercise any of these rights, contact us at privacy@asteroidtechs.com. We will respond within one month as required by GDPR.

You also have the right to lodge a complaint with a supervisory authority:

Spain: Agencia Española de Protección de Datos (AEPD) — www.aepd.es
United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
Other EU countries: Your local data protection authority.

12. Children and Minors

Hearlo is an accessibility tool that may benefit users of all ages, including minors with disabilities. In accordance with LOPDGDD Article 7, the age of digital consent in Spain is 14 years.

Since Hearlo works fully without an account, minors can use the app without providing any personal data. If a user under 14 wishes to register, we require verified parental or guardian consent before proceeding.

If we become aware that we have collected personal data from a child under 14 without appropriate consent, we will delete that data promptly.

13. Cookies and Device Analytics

The Hearlo mobile application does not use cookies. We may collect anonymised, device-level analytics through third-party services (such as crash reporting tools) that help us improve the app. These services may use device identifiers but we do not use them to identify you personally.

For details on third-party service providers, see our sub-processor list available upon request.

14. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where changes are material, notify you through the app or by other appropriate means.

We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this privacy policy, want to exercise your rights, or have a concern about how we handle your data:

Asteroid S.L.

CIF: B44925501

Avda de la Victoria, Num 87, Planta 01, Puerta A, Edificio RBBS, 28023 Madrid, Spain