Privacy Policy

Last updated: May 29, 2026 · Version 3.0

← Back to Helios

Helios ("we," "our," or "us") operates the Helios mobile application and related backend services (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, the legal bases on which we rely, and the rights available to you. By creating an account or using the Service, you acknowledge that you have read and understood this Policy.

Health Data Notice: Helios collects and processes sensitive health information (medical conditions, medications, family history, mood, biometrics, and anything you type into the app). This data is transmitted to third-party AI and infrastructure providers located in the United States for processing. We process this data only with your explicit consent, which you provide during onboarding and may withdraw at any time. Helios is a consumer wellness app and is NOT a HIPAA-covered entity (see Section 12).

1. Who We Are & Where We Operate

Helios is the data controller (and, where applicable, data fiduciary) responsible for your personal information. The Service is offered to users located in the United States, Canada, the United Kingdom, and India. We do not target users outside these countries.

Depending on where you live, your data is protected by laws including the UK General Data Protection Regulation and Data Protection Act 2018 (UK), the Personal Information Protection and Electronic Documents Act and Quebec Law 25 (Canada), the Digital Personal Data Protection Act 2023 (India), and applicable U.S. federal and state privacy laws.

Contact: support@my-helios.app

2. Information We Collect

2.1 Account Information

2.2 Profile and Health Data (Collected During Onboarding)

2.3 Chat and Conversation Data

2.4 Apple HealthKit Data

If you grant permission, we access Apple HealthKit data including: step count, heart rate, heart rate variability, blood pressure, respiratory rate, oxygen saturation, sleep data, workout data, body measurements, activity metrics, and other available health samples.

Important: Raw Apple HealthKit data accessed via the HealthKit API is processed locally on your device and is never transmitted to our servers. However, if you voluntarily share health metrics in your chat conversations, that information is processed by our AI services like any other message.

2.5 Agent Mode Data (Browser Automation)

2.6 Payment and Subscription Data

2.7 Device and Usage Data

3. How We Use Your Information

4. Legal Bases for Processing

Where the UK GDPR or similar laws apply, we rely on the following legal bases:

5. Third-Party Service Providers

Your data is shared with the following providers, which act as our processors. All are located in the United States. Where a provider offers a data processing agreement, we enter into it; we require providers not to use your data for their own purposes or to train their models on it.

Provider Purpose Data Shared Location
xAI (Grok) AI chat processing, reasoning, and memory extraction Message content, health context USA
VoyageAI Semantic vector embeddings for memory retrieval Text content for embedding USA
OpenRouter Vision AI for Agent Mode screenshot analysis Screenshots taken during agent sessions USA
Supabase Database hosting and authentication Your account and app data USA
Railway Application server hosting All data in transit through the backend USA
Stripe Payment processing Payment amounts, transaction metadata (no card numbers) USA
RevenueCat Subscription management Subscription status, app user ID USA
AfterShip Purchase and shipment tracking Tracking numbers, carrier information USA
Sentry (optional) Error tracking and monitoring Error logs, stack traces USA

We do not sell, rent, or trade your personal information or health data. Aggregated, de-identified data that cannot identify you may be used to improve the Service.

6. International Data Transfers

We process and store your data in the United States. If you are located in the United Kingdom, Canada, or India, providing your information and using the Service necessarily involves transferring your data — including health data — to the United States and to the processors listed above.

7. Data Security

No system is completely secure. We implement industry-standard protections but cannot guarantee absolute security.

8. Data Retention

9. Your Rights

Subject to your location and applicable law, you have the right to access, correct, delete, and export your data; to withdraw consent; to object to or restrict certain processing; and to lodge a complaint with your data protection authority. We do not sell personal data and will not discriminate against you for exercising your rights.

Exercise your rights in Settings or by emailing support@my-helios.app. We respond within the timeframe required by your applicable law (generally 30 days).

10. Age Requirements

You must be at least 18 years old to use Helios. The Service is not directed to, and we do not knowingly collect data from, anyone under 18. If we learn that we have collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal information, contact support@my-helios.app.

11. Cookies and Tracking

The Helios mobile app does not use browser cookies. We may collect device identifiers and usage analytics as described in Section 2.7. We do not use third-party advertising trackers or sell data for advertising.

12. HIPAA Disclaimer (U.S.)

Helios is a consumer wellness and health education application. We are NOT a healthcare provider, health plan, or healthcare clearinghouse, and therefore are NOT a HIPAA-covered entity or business associate. HIPAA does not apply to the Service. Security practices we implement do not constitute HIPAA compliance. If you require HIPAA-protected health services, consult your healthcare provider.

13. Data Breach Notification

If a breach of your personal data is likely to result in a risk to your rights, we will notify the relevant supervisory authority and, where the risk is high, affected users without undue delay, in accordance with applicable law (including the UK GDPR, PIPEDA, India's DPDPA, and U.S. state breach-notification laws).

14. Automated Processing

Helios uses AI to analyze your data and generate insights. No health, medical, or other significant decisions are made automatically on your behalf; all AI outputs are informational suggestions only, and you remain responsible for your decisions.

15. Changes to This Policy

We may update this Policy from time to time. We will update the "Last Updated" date and notify you of material changes via in-app notice or email, and request renewed consent where required.

16. Contact Us

Email: support@my-helios.app