Privacy Policy

Last updated: March 10, 2026

1. Introduction

Helm (“we,” “our,” or “us”) operates the Helm financial intelligence platform at helmterminal.dev. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We are committed to protecting your financial information with the same diligence you'd expect from an institutional-grade platform.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Full name (optional)
  • Encrypted password (we never store plaintext passwords)

Financial Data via Plaid

When you connect financial accounts through Plaid, we receive read-only access to:

  • Account balances and account metadata (institution name, account type)
  • Transaction history (merchant, amount, date, category)
  • Investment holdings (ticker, shares, cost basis)
  • Liability information (credit cards, loans)

We never receive or store your bank login credentials. Plaid handles authentication directly with your financial institution. See Plaid's privacy policy for details on their data handling.

Market Data

We fetch publicly available market data (prices, dividends, news, splits) from third-party providers to enrich your portfolio view. This data is not personal information.

Usage Data

We may collect anonymized usage analytics (pages visited, features used) to improve the product. You can disable this in Settings > Data & Privacy.

3. How We Use Your Data

We use your data exclusively to:

  • Display your financial dashboard, portfolio, and analytics
  • Generate financial insights and intelligence (spending patterns, tax opportunities, risk analysis)
  • Detect recurring transactions and subscriptions
  • Calculate net worth, financial health scores, and performance metrics
  • Send transactional emails (password resets, account confirmations)
  • Improve our product and fix bugs

We do not sell, rent, or share your personal financial data with third parties for advertising or marketing purposes. We do not use your data to make credit decisions, insurance underwriting, or employment screening.

4. Data Storage & Security

  • All data is stored in Supabase (PostgreSQL) with Row-Level Security (RLS) enforced - you can only access your own data
  • All connections use TLS 1.2+ encryption in transit
  • Data at rest is encrypted via AES-256 by our infrastructure provider
  • Authentication tokens are short-lived JWTs with secure HTTP-only cookies
  • Auth events (logins, password changes) are logged for security monitoring
  • Rate limiting protects against brute-force attacks

5. Data Retention

We retain your financial data for as long as your account is active. Transaction history and portfolio snapshots are kept to provide historical analytics and trend analysis.

When you delete your account, access is revoked immediately, all personal data is removed from active databases within 24 hours, and purged from encrypted backups within 30 days. See our Data Deletion page for the full timeline.

6. Your Rights

You have the right to:

  • Access - Export all your data at any time via Settings > Data & Privacy > Export
  • Correction - Update your profile information in Settings
  • Deletion - Permanently delete your account and all associated data
  • Portability - Download your data in JSON format
  • Opt out - Disable analytics and crash reporting in Settings

7. Third-Party Services

Helm integrates with the following third-party services:

  • Plaid - Account aggregation and transaction data
  • Finnhub - Market data, company profiles, analyst recommendations, and earnings
  • Polygon.io - Market prices, dividends, and corporate actions
  • OpenAI - AI-powered financial analysis (GPT-4o-mini; your query and portfolio context are sent for analysis but never used for model training)
  • Supabase - Database and authentication infrastructure
  • Vercel - Application hosting

Each service operates under its own privacy policy and data handling practices.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of Helm after changes constitutes acceptance.

9. Contact

For privacy-related questions or requests, contact us at privacy@helmterminal.dev.