Privacy Policy

Effective Date: June 1, 2025 Last Updated: June 1, 2025

1. Introduction

Welcome to Helix. Helix Software, LLC ("Helix," "we," "us," or "our") is committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, share, and protect information when you use the Helix Data-Feeds Platform, including our News Feeds API, Event Feeds API, Fact Checking API, and related services (collectively, the "Service").

Scope of This Policy

This Privacy Policy applies to:

API Users: Organizations and developers who use our APIs to access the Service
Admin Users: Internal users who access our admin dashboard for platform management
Website Visitors: Individuals who visit our website at onhelix.ai

By accessing or using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through prominent notices on our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

2. Information We Collect

We collect information in several ways when you use the Service:

2.1 Information You Provide to Us

Account Registration and Profile Information:

Email address
Organization name and business information
Contact person name and title
Company website and industry
Billing address and tax information
Account preferences and settings

Payment Information:

Credit card or debit card information (processed by our payment provider)
Billing address and payment method details
Transaction history and invoice records
Note: We do not directly store full credit card numbers; they are securely processed by our payment processor

API Configuration Data:

News feed source URLs and sitemap locations
Event feed source configurations (websites, social media accounts)
Webhook endpoint URLs and authentication credentials
API key labels and descriptions
Rate limit preferences and usage quotas

Fact-Checking Submissions:

Text claims submitted for verification
URLs of content to be fact-checked
Context and parameters for fact-check requests
Fact-check results and confidence scores

Communications:

Support requests, inquiries, and correspondence
Feedback, suggestions, and survey responses
Email communications and chat messages

2.2 Information We Collect Automatically

API Usage Data:

API endpoints accessed and HTTP methods used
Request parameters, headers, and payloads
Response codes, latency, and error messages
Timestamps of API calls
Rate limit consumption and quota usage

Log Data:

IP addresses of API requests
User agent strings and client information
Referring URLs and navigation paths
Session identifiers and authentication tokens (hashed)
System and application logs

Performance and Monitoring Data:

Service uptime and availability metrics
Error rates and exception traces
Database query performance
API response times and latency
OpenAI token usage statistics (model, operation type, token count)
Webhook delivery status and retry attempts

Device and Browser Information (for website visitors):

Browser type and version
Operating system and device type
Screen resolution and language preferences
Cookies and tracking technologies (see Section 9)

2.3 Information We Collect from Third-Party Sources

Crawled and Aggregated Content:

When you use our Service to crawl and aggregate content, we collect and process data from external sources on your behalf:

From Websites:

News articles (titles, descriptions, body text, authors, publication dates)
Page metadata (meta tags, Open Graph data, structured data)
Images, videos, and multimedia content
HTML structure and content markup
Sitemap feeds and RSS/Atom feeds
Website terms of service and robots.txt directives

From Social Media Platforms:

Instagram posts, stories, and event information
Facebook events, pages, and public posts
Post captions, descriptions, hashtags, and mentions
Media files (images, videos) associated with posts
Publication dates, timestamps, and engagement metrics (if available)
User profile information (public usernames, display names)

From Mapbox:

Geocoded addresses and coordinates
Place names, administrative boundaries, and location metadata
Geospatial data for event locations

From Payment Processors:

Payment confirmation and transaction status
Fraud detection signals
Chargeback and dispute information

Important Note on Third-Party Data:

We act as a data processor for content you direct us to crawl
You are responsible for ensuring you have the right to process such content
Third-party data may include copyrighted material, personal information, or proprietary content
You must comply with applicable laws and the terms of service of crawled sources

2.4 Special Categories of Data

We do not intentionally collect special categories of personal information (also known as "sensitive personal information"), such as:

Social Security numbers or government identification numbers
Financial account credentials or passwords
Precise geolocation data (beyond city-level for geocoding)
Health or medical information
Racial or ethnic origin, religious beliefs, or political opinions
Biometric data for unique identification

However, such data may be incidentally collected through:

Fact-checking submissions that contain sensitive claims
Crawled content from third-party websites
User-generated content in support communications

If you submit or process sensitive information through the Service, you are responsible for compliance with applicable laws governing such data.

2.4.1 Handling of Incidentally Collected Sensitive Information

If Sensitive Information is Submitted: If you submit or we incidentally collect sensitive personal information through fact-check submissions or crawled content:

We use it only for the limited purpose of providing the Service (fact-checking, content extraction)
We do not use sensitive PI for other purposes (marketing, analytics, model training)
We apply additional security measures to sensitive PI
We retain sensitive PI for the minimum time necessary

Your Obligations: You should avoid submitting sensitive personal information unless necessary for fact-checking. If you must submit sensitive PI:

Ensure you have a lawful basis to process it
Provide required notices to data subjects
Obtain necessary consents

Sensitive PI from Crawled Content: If our crawlers incidentally collect sensitive PI from third-party websites:

We treat it with the same protections as other personal data
We will delete it upon request
We do not use it for purposes beyond service delivery

2.4.2 Biometric Information

Our Policy: We do not intentionally collect, store, or use biometric identifiers (fingerprints, faceprints, voiceprints) or biometric information.

Incidental Collection from Crawled Content: If our crawlers incidentally collect images containing faces or other biometric data from third-party websites:

We do not extract biometric identifiers from images
We do not use facial recognition or biometric analysis on crawled images
We store images as provided by the source website
We will delete images upon request

Illinois BIPA Compliance: If you are an Illinois resident, you have specific rights under the Illinois Biometric Information Privacy Act (BIPA). We do not collect biometric information from Illinois residents.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Operate the Service

Core Service Delivery:

Authenticate and authorize API requests using your credentials
Process API calls for news feeds, event feeds, and fact-checking
Crawl websites and aggregate content according to your configurations
Extract and structure data from web pages and social media
Perform AI processing via OpenAI for content analysis and fact verification
Geocode event locations using Mapbox services
Deliver webhook notifications to your specified endpoints
Store and retrieve feed items, fact-check results, and configurations

Infrastructure and Performance:

Maintain and optimize Service infrastructure
Monitor system health, uptime, and performance
Identify and resolve technical issues and bugs
Scale resources to meet demand
Ensure security and prevent unauthorized access

3.2 Account Management and Customer Support

Create and manage your account and organization profile
Process subscription payments and manage billing
Respond to support requests, inquiries, and technical questions
Provide onboarding assistance and integration support
Communicate important account updates and notifications
Manage API key lifecycle (creation, rotation, revocation)
Enforce usage quotas, rate limits, and subscription terms

3.3 Service Improvement and Analytics

Product Development:

Analyze usage patterns to identify popular features and pain points
Develop new features and capabilities based on customer needs
Test and validate new AI models, prompts, and extraction algorithms
Conduct research to improve content accuracy and extraction quality
Optimize API performance and response times

Analytics and Insights:

Generate aggregated usage statistics and reports
Monitor API adoption and feature utilization
Measure Service reliability and quality metrics
Conduct A/B testing of new features (with anonymized data)
Analyze fact-check accuracy and confidence score calibration

Note: Analytics are conducted using aggregated, anonymized, or de-identified data whenever possible.

3.4 Legal Compliance and Safety

Comply with legal obligations, court orders, and regulatory requirements
Enforce our Terms of Service and Acceptable Use Policy
Detect, prevent, and respond to fraud, abuse, or security incidents
Investigate violations of our policies or applicable laws
Protect the rights, property, and safety of Helix, our users, and the public
Respond to law enforcement requests and legal process
Maintain audit logs for compliance and security purposes

Send product updates, feature announcements, and newsletters
Provide educational content, best practices, and case studies
Invite you to webinars, events, and customer research opportunities
Conduct surveys to gather feedback and improve the Service
Promote new features, integrations, or partnership opportunities

You can opt out of marketing communications at any time using the unsubscribe link in emails or by contacting us.

3.6 Business Operations

Administer contests, promotions, or referral programs
Process business transactions (mergers, acquisitions, asset sales)
Manage vendor and partner relationships
Conduct financial reporting and accounting
Exercise and defend legal rights in disputes or litigation

We share your information in the following circumstances:

4.1 Service Providers and Third-Party Processors

We share data with trusted third-party service providers who assist us in operating the Service:

OpenAI:

What We Share: Fact-check claims, content for extraction, and API parameters
Purpose: AI processing for content analysis, fact verification, and data extraction
Safeguards: OpenAI does not train on API customer data per their terms; data is processed only to fulfill requests
Privacy Policy: OpenAI Privacy Policy

Mapbox:

What We Share: Event addresses, location descriptions, and geocoding requests
Purpose: Geocoding and location intelligence for event data
Safeguards: Data processed under Mapbox's terms; minimal personal information shared
Privacy Policy: Mapbox Privacy Policy

Payment Processors (e.g., Stripe):

What We Share: Billing information, payment method details, transaction amounts
Purpose: Process subscription payments and manage billing
Safeguards: PCI-DSS compliant; full card details never stored by us
Privacy Policy: Stripe Privacy Policy

Cloud Infrastructure Providers:

What We Share: All data stored and processed by the Service
Purpose: Hosting, storage, compute, and database services
Safeguards: Data encrypted in transit and at rest; access controls and monitoring
Providers: May include AWS, Google Cloud, or similar providers

Monitoring and Analytics Tools:

What We Share: Performance metrics, error logs, and usage analytics
Purpose: Service monitoring, observability, and alerting
Safeguards: Data aggregated and anonymized where possible
Tools: Grafana, OpenTelemetry, Temporal Cloud

Communication Services:

What We Share: Email addresses and message content
Purpose: Deliver transactional emails, notifications, and support communications
Safeguards: Used only for authorized communications; opt-out available for marketing

Important: All third-party processors are contractually obligated to:

Use data only for specified purposes
Implement appropriate security measures
Comply with applicable privacy laws
Not sell or further share your data without authorization

4.2 At Your Direction

Webhook Deliveries:

We send event notifications (feed updates, fact-check completions) to webhook endpoints you configure
You are responsible for the security and privacy practices of systems receiving webhook data
Webhook payloads may contain personally identifiable information if present in the underlying data

API Responses:

Data requested via API calls is delivered to your applications and systems
You control how API response data is processed, stored, and used

Third-Party Integrations:

If you connect the Service to third-party platforms or services, data may be shared as necessary for the integration

4.3 Business Transfers

In connection with a merger, acquisition, corporate reorganization, sale of assets, or bankruptcy:

Your information may be transferred to a successor entity
We will provide notice before your information is transferred and becomes subject to a different privacy policy
You may have rights to object to or restrict the transfer under applicable law

4.4 Legal Requirements and Protection of Rights

We may disclose your information if required or permitted by law:

Legal Obligations:

In response to valid subpoenas, court orders, or legal process
To comply with regulatory or law enforcement requests
As required by tax, securities, or other applicable laws

Protection of Rights:

To enforce our Terms of Service or other agreements
To investigate potential violations of our policies
To detect, prevent, or address fraud, security, or technical issues
To protect the rights, property, or safety of Helix, our users, or the public
To defend against legal claims or litigation

Note: We will notify you of legal requests for your data unless prohibited by law or court order.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

Industry benchmarks and usage statistics
Research publications and whitepapers
Marketing materials and case studies
Public reports on Service performance or trends

This data is not considered personal information and is not subject to this Privacy Policy.

4.6 What We Do NOT Do

We do not:

Sell your personal information to third parties for monetary or other valuable consideration
Share your API keys, passwords, or authentication credentials
Use your fact-check submissions for purposes beyond service delivery (e.g., training public AI models)
Provide your customer list or contact information to marketers or advertisers
Share detailed usage data with competitors

4.6.1 CCPA Sale Analysis

Our Position on "Sale" of Data: Under the California Consumer Privacy Act (CCPA), we do not "sell" your personal information as that term is commonly understood. However, CCPA broadly defines "sale" to include sharing data in exchange for valuable consideration.

Third-Party Sharing Analysis:

OpenAI: We share fact-check content with OpenAI to provide AI processing services. This is a service provider relationship, not a sale. OpenAI is contractually prohibited from using your data for other purposes.
Mapbox: We share location data with Mapbox to provide geocoding services. This is a service provider relationship, not a sale.
Payment Processors: We share billing information with payment processors to process payments. This is a service provider relationship, not a sale.

Your Rights: Even if these arrangements constituted "sales" under CCPA's broad definition, you have the right to opt out. To opt out, contact us at [email protected].

Data Processing Agreements: We maintain data processing agreements with all third-party processors to ensure they use your data only for specified purposes.

5. Data Retention

5.1 Retention Periods

We retain different categories of data for varying periods:

Account and Profile Data:

Retention: While your account is active, plus 90 days after account closure or termination
Purpose: Account management, billing reconciliation, and legal compliance
Exceptions: May be retained longer to comply with legal obligations (e.g., tax records retained for 7 years)

API Usage Logs:

Retention: 90 days from the date of the API request
Purpose: Debugging, billing verification, security monitoring, and support
Note: Logs may be aggregated and anonymized for longer-term analytics

Crawled Content and Feed Data:

Retention: 30 days from the date of crawling
Purpose: Service delivery, data caching, and re-delivery via API
Exceptions: Enterprise customers may negotiate custom retention periods
Note: Content may be deleted earlier at your request or if the source requests removal

Fact-Check Results:

Retention: 90 days from the date of the fact-check request
Purpose: Service delivery, result retrieval, and quality improvement
Exceptions: Results deleted sooner if you delete them via API or request removal

Payment and Billing Records:

Retention: 7 years from the date of transaction
Purpose: Legal and tax compliance, audit requirements, dispute resolution
Note: Required by law; cannot be deleted on request during retention period

Support Communications:

Retention: 3 years from the date of the last communication
Purpose: Customer service quality, trend analysis, and legal compliance
Exceptions: May be deleted sooner if the issue is resolved and no legal hold applies

Cookies and Tracking Data:

Retention: Varies by cookie type; see Section 9 for details
Purpose: Session management, analytics, preferences

5.2 Data Deletion

Automatic Deletion:

Data is automatically deleted when retention periods expire
Backups may retain data for an additional 30 days for disaster recovery purposes

User-Requested Deletion:

You may request deletion of your data by contacting us at [email protected]
We will honor deletion requests within 45 days, except where retention is required by law
Some data may be retained in anonymized or aggregated form for analytics

Account Termination:

Upon account termination, we begin the data deletion process
You have 30 days to export your data before it becomes inaccessible
Data is fully deleted within 90 days of termination (except where legal retention applies)

5.3 Exceptions to Deletion

We may retain data longer than specified periods if:

Required by law, regulation, or court order
Necessary to comply with tax, accounting, or audit requirements
Needed to resolve disputes, enforce agreements, or defend legal claims
Subject to a legal hold or ongoing investigation
Retained in backups for disaster recovery (deleted when backups expire)

6. Data Security

We take the security of your information seriously and implement industry-standard measures to protect it.

6.1 Technical Safeguards

Encryption:

In Transit: All data transmitted to and from the Service is encrypted using TLS 1.2 or higher
At Rest: Sensitive data (including API keys, authentication tokens, and personal information) is encrypted at rest using AES-256 or equivalent
Databases: Production databases are encrypted with managed encryption keys

Access Controls:

Role-based access control (RBAC) for internal systems
Multi-factor authentication (MFA) for administrative access
Principle of least privilege for employee access to data
API authentication via secure API keys with rate limiting

Network Security:

Firewalls and intrusion detection/prevention systems (IDS/IPS)
Network segmentation to isolate sensitive systems
Regular security patching and vulnerability management
DDoS protection and traffic filtering

Monitoring and Logging:

Real-time monitoring of system access and anomalies
Security Information and Event Management (SIEM) tools
Audit logs for access to sensitive data
Alerting for suspicious activity

6.2 Organizational Safeguards

Employee Training:

Regular security awareness training for all employees
Privacy and data protection training for employees handling personal data
Confidentiality agreements for all staff and contractors

Access Management:

Background checks for employees with access to sensitive data
Regular review and revocation of access privileges
Separation of duties for critical operations

Incident Response:

Security incident response plan with defined procedures
Regular testing and updating of incident response protocols
Commitment to notify affected users of data breaches as required by law

Vendor Management:

Security assessments of third-party service providers
Contractual requirements for data protection and security
Ongoing monitoring of vendor security posture

6.3 Your Responsibilities

While we implement robust security measures, you also play a critical role in protecting your data:

Account Security:

Keep your account password and API keys confidential
Do not share credentials with unauthorized individuals
Rotate API keys regularly and revoke unused keys
Use strong, unique passwords for your account
Enable multi-factor authentication (MFA) if available

Application Security:

Securely store API keys in your applications (e.g., environment variables, secrets managers)
Implement access controls for applications using the Service
Monitor your API usage for anomalies or unauthorized access
Report suspected security incidents to us immediately

Webhook Security:

Secure webhook endpoints with HTTPS and authentication
Validate webhook signatures to prevent spoofing
Implement rate limiting and abuse protection on webhook receivers

6.4 Limitations

No Guarantee of Security:

While we strive to protect your information, no method of transmission or storage is 100% secure
We cannot guarantee absolute security against all threats
You use the Service at your own risk

Third-Party Security:

We are not responsible for the security practices of third-party websites you crawl or services you integrate with
You should review the security policies of any third-party services you use

User Error:

We are not liable for security incidents caused by your failure to protect credentials, weak passwords, or sharing access with unauthorized parties

6.5 Data Breach Notification

In the event of a data breach involving your personal information:

We will notify you without undue delay, typically within 72 hours of discovery
Notification will include the nature of the breach, data affected, and steps we are taking
We will cooperate with regulatory authorities as required by law
You may have rights to compensation or remedies under applicable data protection laws

7. Your Privacy Rights and Choices

Depending on your location and applicable laws, you may have certain rights regarding your personal information.

7.1 Rights Under U.S. Privacy Laws (CCPA and State Laws)

If you are a California resident or subject to other U.S. state privacy laws (Virginia, Colorado, Connecticut, Utah), you may have the following rights:

Right to Know:

Request disclosure of the categories and specific pieces of personal information we collect about you
Request information about the sources of your data, purposes of processing, and categories of third parties with whom we share data
Receive a copy of your personal information in a portable format (data portability)

Right to Delete:

Request deletion of your personal information, subject to certain exceptions
Note: We may retain de-identified or aggregated data

Exceptions to Deletion (CCPA Cal. Civ. Code § 1798.105(d)): We may decline deletion requests if we need the information to:

Complete the transaction for which we collected the PI
Detect security incidents, protect against malicious or illegal activity
Debug to identify and repair errors
Exercise free speech or ensure another's free speech rights
Comply with the California Electronic Communications Privacy Act
Engage in research in the public interest (if deletion would impair the research)
Enable internal uses reasonably aligned with your expectations
Comply with legal obligations (tax records, subpoenas, court orders)
Make other internal and lawful uses compatible with the context of collection
Defend legal claims or litigation
Maintain audit trails and compliance records

Right to Correct:

Request correction of inaccurate personal information
You may also update your account information directly via the account dashboard

Right to Opt-Out of Sales:

We do not sell personal information as defined by CCPA
You have the right to opt out of future sales if our practices change (we will provide notice)

Right to Opt-Out of Sharing for Targeted Advertising:

We do not share personal information for cross-context behavioral advertising
You may opt out of analytics cookies via our cookie preferences (see Section 9)

Right to Limit Use of Sensitive Personal Information:

We do not use or disclose sensitive personal information for purposes beyond service delivery
If our practices change, you will have the right to limit such uses

Right to Non-Discrimination:

You will not receive discriminatory treatment for exercising your privacy rights
We will not deny service, charge different prices, or provide a different level of quality based on your exercise of rights
Note: Some rights may affect our ability to provide certain features (e.g., deleting data may prevent historical reporting)

7.2 How to Exercise Your Rights

Submitting Requests:

Email: Send requests to [email protected]
Account Dashboard: Access privacy controls and data export tools (if available)
Mail: Send written requests to Helix Software, LLC, Attn: Privacy Officer, 1111B S Governors Ave, STE 23043, Dover, DE 19904

What to Include in Your Request:

Your full name and email address associated with your account
Description of the right you wish to exercise (e.g., "Right to Delete")
Specific information or action you are requesting
Any additional details to help us locate your information

Verification:

We may request additional information to verify your identity before fulfilling requests
Verification may include confirming email address, account details, or other identifiers
This protects your data from unauthorized access or deletion

Authorized Agents:

You may designate an authorized agent to submit requests on your behalf
Agents must provide proof of authorization (e.g., power of attorney, signed consent form)
We may still require you to verify your identity directly

Response Time:

We will respond to verified requests within 45 days
We may extend the response period by an additional 45 days if necessary, with notice
If we cannot fulfill your request, we will explain the reasons

No Fee:

We do not charge fees for requests unless they are manifestly unfounded, excessive, or repetitive
If a fee applies, we will notify you before processing the request

7.3 Rights Under International Privacy Laws

European Union (GDPR) and United Kingdom (UK GDPR):

If you are located in the EU or UK, you have additional rights under GDPR:

Right to access, rectification, erasure, and data portability (as described above)
Right to restrict processing of your personal data
Right to object to processing based on legitimate interests or for direct marketing
Right to withdraw consent (where processing is based on consent)
Right to lodge a complaint with a supervisory authority (e.g., ICO in the UK, CNIL in France)

Legal Basis for Processing:

Contract Performance: Processing necessary to provide the Service under our Terms
Legitimate Interests: Fraud prevention, security, analytics, and service improvement
Consent: Marketing communications and optional features (you may withdraw at any time)
Legal Obligations: Compliance with laws and regulations

International Transfers:

The Service is operated from the United States; data is transferred and stored in the U.S.
We provide appropriate safeguards for international transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions (if applicable)
- Data processing agreements upon request

To exercise GDPR rights, contact us at [email protected].

7.4 Marketing Communications Opt-Out

Unsubscribe from Marketing Emails:

Click the "unsubscribe" link in any marketing email
Update your email preferences in the account dashboard
Email us at [email protected] to opt out

Note: You cannot opt out of transactional or service-related emails (e.g., billing notifications, security alerts, Terms updates) as these are necessary for account management.

You can manage cookie preferences as described in Section 9 (Cookies and Tracking Technologies).

7.6 Account Deletion

To permanently delete your account:

Contact us at [email protected] or [email protected]
Follow the account deletion process (may require identity verification)
Export any data you wish to retain before deletion (data cannot be recovered after deletion)

7.7 California "Shine the Light" Law

Annual Disclosure Right: California Civil Code § 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes.

Our Practice: We do not share your personal information with third parties for their direct marketing purposes. Therefore, no Shine the Light disclosure is required.

If Our Practice Changes: If we begin sharing PI for third-party direct marketing, we will:

Notify you in advance
Provide an opt-out mechanism
Honor Shine the Light disclosure requests

How to Request: California residents may request Shine the Light information by emailing [email protected] with "California Shine the Light Request" in the subject line.

8. International Users and Data Transfers

8.1 United States-Based Service

The Service is operated from the United States. If you are located outside the U.S.:

Your information will be transferred to, stored in, and processed in the United States
U.S. data protection laws may differ from those in your country
By using the Service, you consent to the transfer of your information to the U.S.

8.2 Safeguards for International Transfers

We implement appropriate safeguards for international data transfers:

Standard Contractual Clauses (SCCs):

We use SCCs approved by the European Commission for transfers from the EU/EEA to the U.S.
Enterprise customers may request a Data Processing Agreement (DPA) incorporating SCCs

Data Processing Agreements:

Available upon request for enterprise customers
Includes GDPR-compliant terms and processor obligations

Adequacy Mechanisms:

We monitor developments in international data transfer frameworks (e.g., EU-U.S. Data Privacy Framework)
We update our practices to comply with new adequacy decisions

8.3 Data Residency

Default Storage Location:

Data is stored in U.S.-based data centers operated by our cloud infrastructure providers
Backup data may be replicated across multiple geographic regions for disaster recovery

Enterprise Options:

Enterprise customers may request data residency in specific regions (if available)
Custom data residency arrangements may affect pricing and features

8.4 Rights for International Users

EU/UK Users:

See Section 7.3 for GDPR rights

Other Jurisdictions:

You may have privacy rights under local laws in your jurisdiction
Contact us at [email protected] to exercise rights or ask questions about your jurisdiction

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They help websites remember information about your visit, such as preferences, session state, and usage patterns.

9.2 Types of Cookies We Use

Essential Cookies:

Purpose: Enable core functionality (e.g., session management, authentication, security)
Examples: Session identifiers, CSRF tokens, load balancer cookies
Retention: Session-based or up to 1 year
Your Choice: These cookies are necessary for the Service to function; disabling them may prevent access

Analytics Cookies:

Purpose: Understand how users interact with our website and Service
Examples: Google Analytics, custom analytics for API usage tracking
Retention: Up to 2 years
Your Choice: You can opt out via cookie preferences or browser settings

Preference Cookies:

Purpose: Remember your settings and preferences (e.g., language, timezone)
Retention: Up to 1 year
Your Choice: Disabling these cookies may require you to reset preferences on each visit

Third-Party Cookies:

Purpose: Support third-party integrations (e.g., payment processing, social media embeds)
Examples: Stripe payment widgets, OpenAI service cookies
Retention: Varies by provider
Your Choice: These cookies are controlled by third parties; see their privacy policies

9.3 Other Tracking Technologies

Web Beacons (Pixels):

Small transparent images embedded in emails or web pages
Used to track email opens, link clicks, and page views
You can disable image loading in emails to block beacons

Local Storage:

Browser-based storage for application state and preferences
More persistent than session cookies
You can clear local storage via browser settings

Server Logs:

Automatically collect IP addresses, user agents, and request metadata
Used for security, debugging, and analytics

9.4 Managing Cookies and Tracking

Browser Controls:

Most browsers allow you to block, delete, or manage cookies via settings
Instructions for popular browsers:
- Chrome
- Firefox
- Safari
- Edge

Opt-Out Tools:

Google Analytics Opt-Out: Google Analytics Opt-Out Browser Add-on
Do Not Track (DNT): We honor DNT signals where technically feasible

Cookie Consent Manager (if applicable):

If you are in a jurisdiction requiring cookie consent (e.g., EU), we may provide a cookie consent banner
You can update your cookie preferences via the banner or settings page

Note: Disabling cookies may affect Service functionality, such as session persistence and API authentication.

EU/UK Visitors: If you are visiting our website from the EU or UK:

We will display a cookie consent banner on your first visit
We will not place non-essential cookies until you provide consent
You can change your cookie preferences at any time

Consent Options:

Accept All: Allow all cookies (essential, analytics, preferences)
Reject Non-Essential: Allow only essential cookies
Customize: Choose which cookie categories to allow

Essential Cookies: Essential cookies are always enabled as they are necessary for the website to function.

Withdrawing Consent: You can withdraw cookie consent at any time by clicking "Cookie Preferences" in the website footer or clearing your browser cookies.

9.5 Third-Party Analytics and Advertising

Analytics Providers:

We may use third-party analytics services (e.g., Google Analytics) to understand usage patterns
These providers may use cookies and collect data subject to their own privacy policies
Data is typically aggregated and anonymized for reporting

Advertising:

We do not currently use cookies for targeted advertising on our website
If we introduce advertising, we will update this Privacy Policy and provide opt-out options

10. Third-Party Websites and Services

10.1 Websites We Crawl

Our Service crawls and aggregates content from third-party websites on your behalf. We do not control these websites and are not responsible for:

Their privacy practices or terms of service
The accuracy, legality, or quality of their content
Data protection measures they implement
Copyright or intellectual property issues

Your Responsibility:

You must ensure you have the right to crawl and process content from third-party websites
Comply with robots.txt directives, terms of service, and applicable laws
Obtain necessary permissions or licenses for content use

10.2 Third-Party Links

Our website and documentation may contain links to third-party websites or services (e.g., OpenAI, Mapbox). We are not responsible for:

The privacy practices or content of linked websites
Any data you provide to third parties
Security or reliability of third-party services

We encourage you to review the privacy policies of any third-party websites you visit.

Our Service crawls public content from social media platforms (Instagram, Facebook). We:

Only access publicly available content
Comply with platform API terms and rate limits
Do not access private or restricted content without authorization

Social media platforms have their own privacy policies:

11. Children's Privacy

11.1 Age Restrictions

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

If you are under 18, do not:

Create an account or use the Service
Provide any personal information to us
Submit fact-check requests or configure feeds

11.2 Parental Rights

If you are a parent or guardian and believe we have collected information from a child under 18:

Contact us immediately at [email protected]
We will investigate and delete the information promptly
Provide the child's name, email address (if known), and any details to help us locate the data

11.2.1 Children's Data from Crawled Content

Incidental Collection: While our Service is not intended for children, content crawled from third-party websites may incidentally include information about children.

Our Policy:

We do not intentionally target websites that collect children's information
We do not knowingly collect personal information from children under 13
We do not process crawled children's data for purposes beyond providing the Service to our customers

Parental Requests: If you are a parent or guardian and believe our Service has crawled information about your child:

Contact us at [email protected] with "Children's Privacy Request" in the subject line
Provide the URL where the information appears and your child's name
We will investigate and remove the content within 30 days if verified

11.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) in the United States. If we become aware that we have collected information from a child under 13 without parental consent, we will delete it immediately.

12. Changes to This Privacy Policy

12.1 Right to Modify

We reserve the right to update or modify this Privacy Policy at any time to reflect:

Changes in our data practices or Service features
Legal, regulatory, or compliance requirements
Feedback from users or privacy best practices
Business changes (e.g., new third-party providers)

12.2 Notification of Changes

How We Notify You:

Post the updated Privacy Policy on our website with a new "Last Updated" date
Send email notifications to your registered account email for material changes
Display a prominent banner on our website or in the Service

Material Changes: Material changes include:

Significant changes to how we collect, use, or share personal information
Changes to your rights or choices
New third-party processors or data transfers
Changes in data retention periods or security practices

Advance Notice:

We will provide at least 30 days' notice before material changes take effect
You may opt out or terminate your account if you do not agree to the changes

12.3 Acceptance of Changes

Continued Use:

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy
If you do not agree, you must stop using the Service and may request account deletion

Version History:

We maintain a version history of this Privacy Policy
Previous versions may be available upon request for reference

13. Contact Information and Privacy Officer

13.1 Privacy Questions and Requests

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy Officer: Email: [email protected] Mail: Helix Software, LLC, Attn: Privacy Officer, 1111B S Governors Ave, STE 23043, Dover, DE 19904

Subject Line Suggestions:

"Privacy Rights Request" for data access, deletion, or correction requests
"Privacy Inquiry" for general privacy questions
"Data Breach Report" for suspected security incidents

13.2 Data Protection Officer (DPO)

If you are located in the EU or UK, you may contact our Data Protection Officer:

DPO Contact (if applicable): Email: [email protected] Mail: Helix Software, LLC, Attn: Data Protection Officer, 1111B S Governors Ave, STE 23043, Dover, DE 19904

13.3 Supervisory Authority

If you are located in the EU or UK, you have the right to lodge a complaint with a data protection supervisory authority:

UK: Information Commissioner's Office (ICO) - https://ico.org.uk/
EU: Find your local authority - https://edpb.europa.eu/about-edpb/board/members_en

13.4 Other Contact Information

General Support: Email: [email protected] Website: https://onhelix.ai

Legal Notices: Email: [email protected] See our Terms of Service at https://onhelix.ai/terms

Billing and Subscriptions: Email: [email protected] Account Dashboard: https://api.feeds.onhelix.ai

Summary of Key Points

This Privacy Policy is comprehensive, but here are the key takeaways:

What We Collect:

Account information, API configurations, and usage data
Content crawled from websites and social media on your behalf
AI processing data (fact-check submissions, extraction requests)
Logs, performance metrics, and payment information

How We Use It:

Provide and operate the Service (crawling, AI processing, webhooks)
Improve Service quality and develop new features
Manage accounts, billing, and customer support
Comply with legal obligations and protect against abuse

How We Share It:

With service providers (OpenAI, Mapbox, payment processors)
At your direction (webhooks, API responses)
For legal compliance or protection of rights
We do NOT sell your data to third parties

Your Rights:

Access, correct, or delete your personal information
Opt out of marketing communications
Export your data (data portability)
Lodge complaints with supervisory authorities (EU/UK)

Security:

Encryption in transit (TLS) and at rest (AES-256)
Access controls, monitoring, and incident response
Regular security audits and vulnerability management

International Users:

Service operated from the United States
Data transferred to and stored in the U.S.
Standard Contractual Clauses available for EU/UK transfers

Contact Us:

Privacy questions: [email protected]
General support: [email protected]
Legal notices: [email protected]

Last Updated: June 1, 2025

By using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Privacy Policy

1. Introduction​

Scope of This Policy​

Your Consent​

Updates to This Policy​

2. Information We Collect​

2.1 Information You Provide to Us​

2.2 Information We Collect Automatically​

2.3 Information We Collect from Third-Party Sources​

2.4 Special Categories of Data​

2.4.1 Handling of Incidentally Collected Sensitive Information​

2.4.2 Biometric Information​

3. How We Use Your Information​

3.1 To Provide and Operate the Service​

3.2 Account Management and Customer Support​

3.3 Service Improvement and Analytics​

3.4 Legal Compliance and Safety​

3.5 Marketing and Communications (with your consent)​

3.6 Business Operations​

4. How We Share Your Information​

4.1 Service Providers and Third-Party Processors​

4.2 At Your Direction​

4.3 Business Transfers​

4.4 Legal Requirements and Protection of Rights​

4.5 Aggregated and De-Identified Data​

4.6 What We Do NOT Do​

4.6.1 CCPA Sale Analysis​

5. Data Retention​

5.1 Retention Periods​

5.2 Data Deletion​

5.3 Exceptions to Deletion​

6. Data Security​

6.1 Technical Safeguards​

6.2 Organizational Safeguards​

6.3 Your Responsibilities​

6.4 Limitations​

6.5 Data Breach Notification​

7. Your Privacy Rights and Choices​

7.1 Rights Under U.S. Privacy Laws (CCPA and State Laws)​

7.2 How to Exercise Your Rights​

7.3 Rights Under International Privacy Laws​

7.4 Marketing Communications Opt-Out​

7.5 Cookie Preferences​

7.6 Account Deletion​

7.7 California "Shine the Light" Law​

8. International Users and Data Transfers​

8.1 United States-Based Service​

8.2 Safeguards for International Transfers​

8.3 Data Residency​

8.4 Rights for International Users​

9. Cookies and Tracking Technologies​

9.1 What Are Cookies?​

9.2 Types of Cookies We Use​

9.3 Other Tracking Technologies​

9.4 Managing Cookies and Tracking​

9.4.1 Cookie Consent​

9.5 Third-Party Analytics and Advertising​

10. Third-Party Websites and Services​

10.1 Websites We Crawl​

10.2 Third-Party Links​

10.3 Social Media Platforms​

11. Children's Privacy​

11.1 Age Restrictions​

11.2 Parental Rights​

11.2.1 Children's Data from Crawled Content​

11.3 COPPA Compliance​

12. Changes to This Privacy Policy​

12.1 Right to Modify​

12.2 Notification of Changes​

12.3 Acceptance of Changes​

13. Contact Information and Privacy Officer​

13.1 Privacy Questions and Requests​

13.2 Data Protection Officer (DPO)​

13.3 Supervisory Authority​

13.4 Other Contact Information​

Summary of Key Points​