Privacy Policy

1. Information we collect

• Account data — your name, email address, and authentication provider (GitHub/Google) when you sign in. Passwords are stored only as a salted, hashed value; we never store them in plain text.
• Your Content — the prompts, code, files, and project data you create, import, or generate in the Service.
• Connected services — access tokens for services you link (such as GitHub or a deployment platform), stored to act on your behalf (for example, importing or pushing repositories). These are kept server-side and never exposed to your browser session.
• Usage data — basic technical and product telemetry such as AI token usage (for metering and limits), error reports, and request metadata used to operate, secure, and improve the Service.

2. How we use information

• to provide, maintain, and improve the Service;
• to generate AI output you request and to enforce usage limits and plans;
• to authenticate you and keep your account and data secure;
• to detect, prevent, and address abuse, fraud, or technical issues;
• to communicate with you about your account (for example, password resets).

3. AI processing and subprocessors

When you use AI features, your prompts and relevant project context are sent to third-party AI model providers to generate output. We also rely on infrastructure and tooling providers to run the Service, which may include hosting, database, email delivery, error monitoring, and payment processing. These providers process data on our behalf under their own terms and security commitments.

4. Cookies

We use strictly necessary cookies to keep you signed in and to operate core features (for example, your session and, if you provide one, a bring-your-own AI key stored in a secure HTTP-only cookie). We do not use these for advertising.

5. Data sharing

We do not sell your personal information. We share data only with the subprocessors described above, when required by law, or to protect the rights, safety, and security of our users and the Service. If we are involved in a merger or acquisition, your data may be transferred subject to this Policy.

6. Data retention

We keep your data for as long as your account is active or as needed to provide the Service. Guest accounts and their data may be deleted after a period of inactivity. You can delete your projects at any time, and you can request deletion of your account and associated data (see “Your rights” below).

7. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, email privacy@helixstudio.org and we will respond within a reasonable time.

8. Security

We use industry-standard measures to protect your data, including encryption in transit, hashed passwords, and access controls. No system is perfectly secure, but we work to protect your information and to address vulnerabilities responsibly.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice where appropriate.

11. Contact

Questions about your privacy? Email privacy@helixstudio.org. See also our Terms of Service.