Privacy policy

Last updated: 8 April 2026

This Privacy Policy explains how Allo Messaging B.V. ("Allo", "we", "us", or "our") processes personal data when you use the Allo mobile app, web dashboard, related device management tools, and any website or service that links to this Privacy Policy (together, the "Services").

Allo is designed to help organisations set up, manage, and use resilient messaging and communication infrastructure, including user accounts, device provisioning, group management, short text messaging, and related administrative functions.

1. Who we are

Allo Messaging B.V.
Halvemaanstraat 100
5651 BR Eindhoven
The Netherlands
Email: info@allo-messaging.com
Support: support@allo-messaging.com

If you use Allo through an organisation such as an employer, municipality, safety region, or other customer, that organisation may control parts of your use of the Services, including user invitations, device assignments, group membership, and workspace settings.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed through:

  • the Allo mobile application;

  • the Allo web dashboard;

  • account, device, and group administration features;

  • support and service communications;

  • websites or pages that link to this Privacy Policy.

This Privacy Policy does not apply to third-party products or services that are not operated by Allo, even if they integrate with the Services.

3. The roles we play

In many cases, Allo acts as an independent controller for data relating to account creation, authentication, security, billing, support, and service administration.

When an organisation uses Allo for its own team, users, devices, and communications, Allo may also process certain data on that organisation’s behalf as a processor or service provider. In those cases, the organisation decides how Allo is used in its environment, including who is invited, which groups exist, which devices are assigned, and which retention settings apply where configurable.

If your account was provided by an organisation, and your request relates to workspace-managed data, you may need to contact your organisation administrator first.

4. Personal data we collect

Depending on how the Services are configured and used, we may collect and process the following categories of personal data:

a. Account and profile data

  • name

  • email address

  • phone number, if provided

  • organisation name

  • job title or role

  • login credentials or authentication identifiers

  • profile image, if provided

  • invitation and account status

b. Organisation and admin data

  • workspace, team, or tenant information

  • administrator role assignments

  • device assignments

  • group and channel membership

  • configuration settings created by administrators

  • audit trail information relating to administrative actions

c. Device and technical data

  • app version

  • operating system and device model

  • unique app, device, or installation identifiers

  • IP address

  • browser type for dashboard access

  • crash reports, performance logs, diagnostics, and related technical information

  • analytics and usage information relating to how the Services are used

  • radio device identifiers, pairing details, and provisioning records where applicable

d. Communication and collaboration data

Allo is primarily an off-grid short-text messaging service. In its standard off-grid use case, message content and related communication data are handled in the messaging environment and are not stored by Allo on its backend by default.

If a user or administrator explicitly chooses to sync communications or related records to the dashboard, we may then process:

  • short text message content that is intentionally synced;

  • sender and recipient or group information;

  • timestamps;

  • delivery status and sync-related status information;

  • group names and related user-generated content;

  • dashboard-visible communication history that has been intentionally transferred from the app or managed environment.

Allo does not support image, video, or meme sharing as part of the core messaging service.

e. Support and contact data

  • information you provide when contacting support;

  • correspondence with us;

  • bug reports, screenshots, logs, or other materials you choose to send.

f. Permissions and local device access

Depending on your platform and which features you use, the app may request access to:

  • notifications;

  • Bluetooth / Nearby Devices;

  • camera, for QR codes or device setup.

We do not request permissions unless they are relevant to the feature involved.

5. How we collect data

We collect personal data:

  • directly from you;

  • from your organisation or its administrators;

  • automatically when you use the Services;

  • from your device when required for enabled features;

  • from service providers that support hosting, notifications, diagnostics, analytics, and customer support.

6. Why we use personal data

We use personal data to:

  • provide and operate the Services;

  • create and manage user accounts;

  • authenticate users and secure access;

  • provision, configure, and manage devices;

  • create and manage groups, channels, and workspaces;

  • deliver, sync, display, and troubleshoot communications;

  • send service messages, alerts, and notifications;

  • monitor service performance, prevent abuse, and protect security;

  • provide support and respond to requests;

  • detect, investigate, and respond to crashes, bugs, and service issues;

  • understand product usage and improve the reliability, security, and usability of the Services;

  • comply with legal obligations.

We do not sell personal data. We do not use personal data for third-party advertising.

7. Legal bases

If the GDPR or similar laws apply, we process personal data on one or more of the following legal bases:

  • performance of a contract;

  • legitimate interests, such as securing and improving the Services;

  • compliance with legal obligations;

  • consent, where required by law.

Where we rely on legitimate interests, we do so only where those interests are not overridden by your rights and freedoms.

8. How we share personal data

We may share personal data with:

  • your organisation and its authorised administrators, who may be able to view and manage user lists, device assignments, group membership, administrative logs, and any data intentionally synced to the dashboard;

  • hosting, infrastructure, support, communication, analytics, monitoring, and security providers acting on our instructions;

  • professional advisers such as lawyers, auditors, or insurers where necessary;

  • regulators, law enforcement, courts, or other authorities where required by law;

  • a buyer, investor, or successor entity in connection with a merger, acquisition, financing, or asset sale, subject to appropriate safeguards.

If organisation administrators manage your workspace, they may be able to see and manage certain information about your account, devices, groups, usage, workspace activity, and any communication data that has been intentionally synced to the dashboard.

9. International transfers

Allo infrastructure is intended to be hosted within the European Union, primarily in Germany and the Netherlands.

If we transfer personal data outside the European Economic Area, the United Kingdom, or Switzerland, we will do so only where lawful and with appropriate safeguards, such as adequacy decisions or standard contractual clauses.

10. Data retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain security, comply with legal obligations, resolve disputes, and enforce agreements.

Unless a longer period is required by law or justified by security needs, our standard retention periods are intended to be:

  • account and organisation data: while the account or customer relationship is active, and for up to 90 days after closure or deletion request processing, unless retention is required by law or by a customer contract;

  • support records: up to 24 months after the case is closed;

  • diagnostic, crash, analytics, and security logs: up to 12 months;

  • backups: up to 30 days;

  • billing and legal records: as required by applicable law;

  • data intentionally synced to the dashboard: while the relevant workspace or user keeps that data available in the Services, and for up to 90 days after deletion request processing unless longer retention is required by law or customer instruction.

Where your organisation controls the workspace, retention may also depend on that organisation’s settings or instructions.

11. Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, role-based permissions, audit logging, secure transmission, and environment-level security controls.

No service can be guaranteed to be completely secure, but we work to protect the data entrusted to us in a manner appropriate to the risks involved.

12. Your rights

Depending on where you are located, you may have the right to:

  • access your personal data;

  • correct inaccurate personal data;

  • request deletion of personal data;

  • restrict certain processing;

  • object to certain processing;

  • receive a copy of certain personal data in portable form;

  • withdraw consent where processing is based on consent;

  • lodge a complaint with your local data protection authority.

You can exercise these rights by contacting us at support@allo-messaging.com. If your organisation controls your Allo account or workspace, we may direct your request to that organisation where appropriate.

13. Account deletion and data deletion

If you created an Allo account, you may request deletion of your account and associated personal data through:

  • the in-app account deletion flow at: Settings > Account > Delete Account; and/or

  • the web deletion request page at: https://allo-messaging.com/delete-account

On the web deletion page, users may submit their email address and confirm the deletion request through a confirmation email.

If your account is managed by an organisation, deletion may need to be handled or approved by that organisation. We may retain limited information after deletion where necessary for legal compliance, fraud prevention, security, dispute resolution, or enforcement of our agreements.

14. Children

Allo is intended primarily for organisational and professional use and is not directed to children. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact us so we can review and take appropriate action.

15. Reporting and abuse handling

Allo includes user controls intended to help maintain a safe and professional environment. Depending on the Services and configuration, users may be able to block contacts and report users for abuse or misuse. We may review reports, investigate suspected misuse, and take appropriate action, including warnings, restrictions, suspension, or removal of access where justified.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version here and update the "Last updated" date above. If required by law, we will provide additional notice or seek consent for material changes.

17. Contact

For privacy questions, requests, or complaints, contact:

Allo Messaging B.V.
Halvemaanstraat 100
5651 BR Eindhoven
The Netherlands
Email: info@allo-messaging.com
Support: support@allo-messaging.com

Our Data Protection Officer can be reached at: support@allo-messaging.com