Privacy Policy

• Account information: your name, email, password (hashed), business name, and phone number.
• Business & customer data: the records you enter or import — customers, jobs, quotes, invoices, messages, photos, and notes.
• Payment information: processed by Stripe. We store limited billing metadata (such as plan and status) but not full card numbers.
• Usage & device data: log data, IP address, browser type, and feature usage, used to operate and improve the Service.
• Cookies: used for sign-in sessions and basic analytics.

• To provide, maintain, and secure the Service.
• To power features you use, including AI-assisted text and scheduling.
• To process subscription billing and prevent fraud.
• To provide support and send service-related communications.
• To analyze and improve the Service.

When you use AI features, relevant text (such as a prompt or message context) is sent to our AI provider (Anthropic) to generate a response. We do not sell your data, and we do not use your Customer Data to train third-party AI models for their own purposes.

We do not sell your personal information. We share it only with:

• Service providers (subprocessors) that help us run the Service: Stripe (payments), Twilio (SMS), Resend (email), Anthropic (AI), Vercel (hosting), Neon (database), and Cloudflare (storage/CDN).
• Authorities, when required by law or to protect rights, safety, and security.
• A successor entity in connection with a merger, acquisition, or sale of assets, subject to this Policy.

When you use Helm to manage your own customers, you are the controller of that data and Helm acts as your processor, handling it on your behalf to provide the Service. You are responsible for having a lawful basis to collect and contact your customers.

We retain your data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion as described below.

We use industry-standard measures — including encryption in transit, hashed passwords, and access controls — to protect your information. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing (for example, under GDPR or CCPA/CPRA). You can export your data at any time from within the Service, or contact us to exercise these rights.

We use essential cookies to keep you signed in and limited analytics cookies to understand usage. You can control cookies through your browser settings, though disabling them may affect how the Service works.

The Service is intended for businesses and is not directed to children under 18. We do not knowingly collect data from children.

The Service is operated from the United States. If you access it from outside the U.S., you consent to the processing of your information in the U.S., where data-protection laws may differ from those in your country.

We may update this Policy from time to time. If we make material changes, we will provide notice. Continued use of the Service after changes take effect constitutes acceptance.