Privacy Policy

HELM ("we", "us", "our") operates the helmhq.app platform. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

Account Information: When you sign up, we collect your name, email address, and authentication credentials (via Google OAuth or email/password).

User Data: Information you enter into the platform including goals, notes, tasks, financial data, habits, calendar events, and company information. This data is stored securely and belongs to you.

Usage Data: We may collect anonymous usage analytics to improve the platform, such as page views and feature usage. We do not track you across other websites.

We use your information solely to:

• Provide and maintain the HELM platform
• Authenticate your identity and secure your account
• Process payments through our payment provider (Stripe)
• Send important service-related communications
• Improve the platform based on anonymous usage patterns

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your data is stored securely using Supabase (hosted on AWS) with encryption at rest and in transit. We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit
• Encrypted database storage
• Row-level security ensuring users can only access their own data
• Regular security audits

We use the following third-party services:

• Supabase — Authentication and database hosting
• Stripe — Payment processing
• Vercel — Application hosting
• Google OAuth — Optional sign-in provider

Each service has its own privacy policy. We only share the minimum information required for each service to function.

You have the right to:

• Access all data we store about you
• Export your data at any time (available in Settings)
• Request deletion of your account and all associated data
• Withdraw consent for data processing
• Lodge a complaint with a supervisory authority

For EU/EEA users: We comply with the General Data Protection Regulation (GDPR). Our legal basis for processing your data is contractual necessity (providing the service you signed up for) and legitimate interest (improving the platform).

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days. Anonymous, aggregated analytics data may be retained indefinitely.

We use essential cookies only — for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of HELM after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at:

support@helmhq.app