LEGAL

Privacy Policy

Last updated: April 16, 2026

Helm Software, LLC ("Helm," "we," "us," or "our") provides an AI work platform that helps businesses manage clients, projects, and operations. This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data.

This policy applies to gethelm.ai, the Helm application, and any related services (collectively, the "Service"). By using the Service you agree to the practices described here.

1. Information we collect

Information you provide

  • Account data. Name, email, password hash, profile image, workspace name, and any optional profile details you add.
  • Workspace content. Clients, projects, tasks, time entries, invoices, documents, messages, files, and any other data you or your team create inside Helm.
  • Billing data. Company name, billing address, tax ID, and payment method. Card numbers are processed by Stripe and never stored on Helm servers.
  • Communications. Email, chat, or support tickets you send us.

Information collected automatically

  • Usage data. Pages visited, features used, timestamps, and actions performed in the Service.
  • Device & log data. IP address, browser type, operating system, device identifiers, and referrer URLs.
  • Cookies & similar technologies.We use cookies and local storage to keep you signed in, remember preferences, and measure performance. See "Cookies" below.

Information from third parties

If you connect an integration (Google, Slack, GitHub, Stripe, HubSpot, etc.) we receive data from that provider limited to the scopes you authorize. You can revoke access at any time from the provider's settings or from the Integrations page in Helm.

2. How we use information

  • Provide, maintain, and improve the Service.
  • Authenticate you and secure your account.
  • Operate AI features, including sending workspace content to our language model providers so agents can respond with relevant context. See "AI processing" below.
  • Process payments, send invoices, and handle subscription management.
  • Send transactional email (receipts, notifications, security alerts) and, with your consent, product updates.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

3. AI processing

When you or your team use Helm's AI agents, chat, or automations, we send relevant workspace content to third-party AI providers (such as Anthropic) to generate responses. These providers act as sub-processors and do not retain your content for model training. You can disable AI features for your workspace at any time.

4. How we share information

We share information only in the following cases:

  • With your workspace. Content you create is visible to other members of the same workspace according to their permissions.
  • With sub-processors we rely on to run the Service, including Supabase (hosting, database, auth), Stripe (payments), Resend (email), Anthropic (AI), and analytics providers. Each is bound by a data processing agreement.
  • With integrations you authorize. Only the data required for the scopes you approve.
  • For legal reasons. To comply with a subpoena, court order, or other valid legal process, or to protect rights, property, and safety.
  • In a business transfer. If Helm is acquired, merged, or reorganized, your data may be transferred to the successor entity subject to this policy.

We do not sell your personal information and we do not share it with third parties for their own marketing.

5. Data retention

We retain workspace data for as long as your account is active. When your account is deleted, workspace content is removed from production systems within 30 days and from backups within 90 days, except where longer retention is required by law (for example, financial records).

6. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, restrict or object to processing, and withdraw consent at any time. You can exercise most rights directly from User Settings. For anything else, email privacy@gethelm.ai and we will respond within 30 days.

California residents. Helm does not sell personal information. You may request disclosure of the categories of personal information we collect and request deletion of your data subject to CCPA/CPRA exceptions.

EEA/UK residents. The legal bases on which we process personal data are performance of a contract, legitimate interests, legal obligation, and consent. You have the right to lodge a complaint with your local supervisory authority.

7. International data transfers

Helm is operated from the United States and our sub-processors may process data in other jurisdictions. Where required, transfers outside your country rely on Standard Contractual Clauses or equivalent safeguards.

8. Cookies

We use first-party cookies and local storage for authentication, session continuity, and remembering preferences such as your theme choice. We also use a limited set of analytics cookies to understand aggregate product usage. You can disable cookies in your browser, though parts of the Service may not function correctly.

9. Security

We take reasonable administrative, technical, and physical measures to protect your data, including encryption in transit and at rest, role-based access controls, and workspace isolation via row-level security. For more detail see our Security page.

10. Children's privacy

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, email us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or in-app notice at least 30 days before they take effect. Continued use of the Service after a change means you accept the updated policy.

12. Contact

Questions or requests? Email privacy@gethelm.ai or write to:

Helm Software, LLC
Attn: Privacy