TODO: legal review required

Privacy Policy

Last updated: April 17, 2026

Overview

Helm ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our AI Chief of Staff platform for engineering managers.

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK GDPR, and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

Data we collect

We collect and process the following categories of data:

  • Account data: Name, email address, and authentication credentials provided during sign-up.
  • Integration data: Calendar events, GitHub activity, Slack messages, and Notion content that you connect to Helm. This data is processed solely to generate your briefings and is not stored beyond the retention periods described below.
  • Usage data: Interaction with the Helm application, including feature usage and analytics events.
  • Briefing data: AI-generated briefings and summaries produced by our agents.

How we use your data

We use your data to:

  • Generate pre-meeting briefs, daily debriefs, and team health signals
  • Provide on-demand research and analysis through our agent system
  • Improve the quality and accuracy of our AI models
  • Send notifications via email or Slack (based on your plan)
  • Process billing and manage your subscription

Data retention

Briefing history is retained according to your plan tier:

  • Basic: 7 days
  • Plus: 30 days
  • Pro: 90 days

After the retention period, briefing data is automatically deleted. Integration data (calendar events, GitHub activity, Slack messages) is not stored by Helm — it is fetched in real-time and processed transiently to generate briefings.

LLM processing

Your data is sent to third-party LLM providers (e.g., Anthropic, OpenAI) solely for the purpose of generating briefings. Your data is never used to train any LLM models. All LLM calls are made through secure, isolated API connections. We do not log prompt content or LLM responses.

Your rights

Depending on your jurisdiction, you have the following rights:

  • GDPR (EU): Right to access, rectify, erase, restrict processing, data portability, and object to processing.
  • CCPA (California): Right to know what personal data is collected, delete personal data, and opt out of the sale of personal data.
  • UK GDPR: Same rights as GDPR, with oversight from the UK Information Commissioner's Office.
  • PIPEDA (Canada): Right to access, correct, and challenge our handling of your personal data.

To exercise any of these rights, please contact us at privacy@helm.ai.

Data sharing

We do not sell your personal data. We share data only with:

  • LLM providers: Anthropic, OpenAI, and other providers as needed for briefing generation (under data processing agreements)
  • Integration providers: Google, GitHub, Slack, and Notion (only data you explicitly connect)
  • Service providers: Stripe (billing), Resend (email delivery), PostHog (analytics), Better Stack (logging), Grafana (monitoring)

Security

We implement industry-standard security measures including encryption in transit and at rest, Row-Level Security on our PostgreSQL database, and strict access controls. OAuth tokens and API keys are encrypted and never logged.

Contact

For any privacy-related questions or requests, please contact us at privacy@helm.ai.